58d5bc84e8dcfd88e55fb4408562e6e091a6fdc30698b94a91ce0c48fdce8770

Analysis

max time kernel
4s
max time network
15s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
26-12-2024 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sensi.sh
Size

616B
MD5

16a80dae144d0b28b41b1bc690560eb4
SHA1

f5656969be23544e08a5b6dc59444ad8d9f4075a
SHA256

58d5bc84e8dcfd88e55fb4408562e6e091a6fdc30698b94a91ce0c48fdce8770
SHA512

3e04f1b5d9aea830e52e9a619bfc4f5fffca455268b1379fd22ccd5ede4e8693510db2054f68fdf21cc8ab4c183db274a3ad87f54be84b42f32616aba6f55a96

Score

3^/10

discovery

Malware Config

Signatures

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/fd	apt
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/kernel/ngroups_max	apt

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
659	apt

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/fileutl.message.7u52Vs	apt
File opened for modification	/tmp/fileutl.message.2Paub3	apt
File opened for modification	/tmp/fileutl.message.tfNZnt	apt
File opened for modification	/tmp/fileutl.message.yJswZV	apt

/tmp/sensi.sh
/tmp/sensi.sh
1⤵
PID:656
- /usr/bin/apt
  apt install -y wget unzip
  2⤵
  - Reads runtime system information
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:659
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:667
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:681
- - /usr/lib/apt/methods/http
    /usr/lib/apt/methods/http
    3⤵
    PID:703
- - /usr/lib/apt/methods/http
    /usr/lib/apt/methods/http
    3⤵
    PID:704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads