Analysis
-
max time kernel
73s -
max time network
40s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
30-10-2024 07:15
Static task
static1
Behavioral task
behavioral1
Sample
runnb.sh
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral2
Sample
runnb.sh
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral3
Sample
runnb.sh
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral4
Sample
runnb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral5
Sample
runnb.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral6
Sample
runnb.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral7
Sample
runnb.sh
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral8
Sample
runnb.sh
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral9
Sample
runnb.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
runnb.sh
-
Size
213B
-
MD5
a1189543e2f98f6696c6d857b899ab0a
-
SHA1
30b167128357a05cb5ae4d8bd386d63839d99c4d
-
SHA256
a5951456684af2a46da1bcd8c820221c97b13a439db465c2b671fa3180d838d6
-
SHA512
472e7cd110beb4c0ff9990763988190c875dccecc726753e295d4419413bfd14ed867a9a5977adf2d6e87d6e80f18abbdd0a929473f02bbfb24e1531e71d7aef
Malware Config
Signatures
-
OS Credential Dumping 1 TTPs 1 IoCs
Adversaries may attempt to dump credentials to use it in password cracking.
Processes:
sudodescription ioc process File opened for reading /etc/shadow sudo -
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
-
Reads CPU attributes 1 TTPs 1 IoCs
Processes:
exim4description ioc process File opened for reading /sys/devices/system/cpu/online exim4 -
Processes:
sendmaildpkgsudoaptdpkgdescription ioc process File opened for reading /proc/sys/kernel/ngroups_max sendmail File opened for reading /proc/filesystems dpkg File opened for reading /proc/sys/kernel/cap_last_cap sudo File opened for reading /proc/filesystems sudo File opened for reading /proc/sys/kernel/ngroups_max sudo File opened for reading /proc/self/fd apt File opened for reading /proc/filesystems dpkg File opened for reading /proc/self/stat sudo File opened for reading /proc/sys/kernel/seccomp/actions_avail sudo File opened for reading /proc/1/limits sudo
Processes
-
/tmp/runnb.sh/tmp/runnb.sh1⤵PID:740
-
/usr/bin/sudosudo apt install wget2⤵
- OS Credential Dumping
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
- Reads runtime system information
PID:746 -
/usr/sbin/sendmailsendmail -t3⤵
- Reads runtime system information
PID:762 -
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1t620M-0000CI-0s4⤵
- Reads CPU attributes
PID:783 -
/usr/bin/aptapt install wget3⤵
- Reads runtime system information
PID:769 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures4⤵
- Reads runtime system information
PID:778 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures4⤵
- Reads runtime system information
PID:790
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
858B
MD576c8ebbfcb350662321a6f78670dac3f
SHA14fd10f9347cee1c9438faf2d593c329960da8b1f
SHA256fe5ca81e01dc0538ed92a0367b0da7ba74c0633742341d5b9cfe304e77ccd4d1
SHA512cf7d262cc83e25dc7e66dcfa6a9014f15c6956404d6401e2772d3bf1ba88d284016f9df5a13ccc44c2a3b71e795d8b1cde7a225ce53f11a4e36ebe6a22224a1b
-
Filesize
157B
MD55b8c503f46014eb85203376e16faba9b
SHA188cac9816fe83d6f409f3f7f98e3e035c457cd84
SHA25695aa79d178aa318ff3c6e758f3960da130bd131d64af193649e3be601efe87b3
SHA512c27858c5539f4a7bf9e6d3477ef025a2c2cd2145a50d38c906d82332b0302fc0ac7839365249a1a305059053c369dead371980e76f8a59135ec096b4cc83471d
-
Filesize
34B
MD5d7d96d63d643a4ce3e408eba7dfcedc5
SHA1c53607f95c5c57beafc1d8266646797a035f76ea
SHA25621db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3
-
Filesize
1007B
MD59e253dd8dc19510539f23096c0be219b
SHA18d52b72f9307efe1a1271f43265bf2a353182974
SHA2566599ee731d11f2ba350a485cba438256fc11f0ca7dce322d285bdf1e6dc78d3d
SHA512a0bfa71e3d8a4985860d2c50e3d845371ad191680c8fd4a9faed9125b0d9fd15de2ff10134779a7c26f26c06e69a9a86ef235b2bbb23b3dfcc0ee54423522eb7
-
Filesize
89B
MD5f4c7668194877f964157ab21a7613b8e
SHA1d1525a8d970dfd508f5e3c9bb3e1989a89184ffd
SHA2560331285acb6bb02d8033e4f2bd3647216f8489fbc90fd73c31170d312472ee93
SHA512b2365cb2d605e005f9a80da41499cacf8f56dc61873aee31ef1e65052524bd4177fa2504a83c22af5e08e8e24ac5f56991914172113e9ab40035ab733cb9d450
-
Filesize
288B
MD55467eb0205483b065de2789643d21e9e
SHA1d1c9686f55b5a3f2f8699a5ec94093e2f19532e1
SHA2569a0d314dfdca2964a936c33367f96b348334c4166a7fb8d94fc8333d48f22bb1
SHA51223aa7cc64975d3fd054b207504206531379a9e23b6e800f5983a81e9bebe50b06f26c8ef0569ef664f250ea3327cb9a5fdd9955df046adb3083040c6c507542d