37670f71a35213217cab145aa7e262e0e46e411007b2d68f26e74c3d44693e95

Resubmissions

02-01-2025 21:21

250102-z7fk1ayqer 9

23-12-2024 15:10

241223-skg2zssrgn 10

Analysis

max time kernel
121s
max time network
77s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
02-01-2025 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Opensea Mint/install_modules.sh
Size

3KB
MD5

05a28430f97b6db328b9f748005718cc
SHA1

da28f7c62b43f2cb97e5b6a2e71eb8199bdbae5c
SHA256

d05559d26e8db46d562314ecc55bb8f0f17518f313cf0f2e0cff690f4240aacf
SHA512

d2f64b14e83b668c03af5c4f9495a7b268a7756220b74df82e54fba0edea3f374e353dd69b9c293cd51fbd6c5ecaea86072ce2895f91a09451bf0cbd2019cbdf

Score

3^/10

discovery

Malware Config

Signatures

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
759	cpan

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/cpan_install_Yfuq.txt	cpan
File opened for modification	/tmp/cpan_install_909e.txt	cpan

/tmp/Opensea Mint/install_modules.sh
"/tmp/Opensea Mint/install_modules.sh"
1⤵
PID:755
- /usr/bin/cpan
  cpan install Authen::Passphrase::LANManager Authen::Passphrase::MySQL323 Authen::Passphrase::NTHash Authen::Passphrase::PHPass Bitcoin::Crypto Bitcoin::Crypto::Base58 Compress::Zlib Convert::EBCDIC Crypt::AuthEnc::GCM Crypt::CBC Crypt::DES Crypt::DES_EDE3 Crypt::Digest::RIPEMD160 Crypt::Digest::Whirlpool Crypt::ECB Crypt::Eksblowfish::Bcrypt Crypt::GCrypt Crypt::Mode::CBC Crypt::Mode::ECB Crypt::MySQL Crypt::OpenSSH::ChachaPoly Crypt::OpenSSL::EC Crypt::OpenSSL::Bignum::CTX Crypt::PBKDF2 Crypt::RC4 Crypt::Rijndael Crypt::ScryptKDF Crypt::Skip32 Crypt::Twofish Crypt::UnixCrypt_XS Data::Types Digest::BLAKE2 Digest::CMAC Digest::CRC Digest::GOST Digest::HMAC Digest::HMAC_MD5 Digest::Keccak Digest::MD4 Digest::MD5 Digest::MurmurHash3 Digest::Perl::MD5 Digest::SHA Digest::SHA1 Digest::SHA3 Digest::SipHash Encode JSON Math::BigInt MIME::Base64 Net::DNS::RR::NSEC3 Net::DNS::SEC POSIX Text::Iconv
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:759
- - /bin/pwd
    /bin/pwd
    3⤵
    PID:780
- - /bin/sh
    sh -c "/usr/bin/curl -L -f -s -S --netrc-optional \"https://cpan.org/authors/01mailrc.txt.gz\" > \"/sources/authors/01mailrc.txt.gz.tmp759\""
    3⤵
    PID:781
  - - /usr/bin/curl
      /usr/bin/curl -L -f -s -S --netrc-optional https://cpan.org/authors/01mailrc.txt.gz
      4⤵
      PID:782
- - /bin/sh
    sh -c "/usr/bin/curl -L -f -s -S --netrc-optional \"https://cpan.org/modules/02packages.details.txt.gz\" > \"/sources/modules/02packages.details.txt.gz.tmp759\""
    3⤵
    PID:793
  - - /usr/bin/curl
      /usr/bin/curl -L -f -s -S --netrc-optional https://cpan.org/modules/02packages.details.txt.gz
      4⤵
      PID:794

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/CPAN/MyConfig.pm

Filesize
3B

MD5
c648a70f925757e7e982a5a13d47cfe7

SHA1
209ca159a62ed05e5c827fa29a196403ff32b3a6

SHA256
97a18ae8e28c3a8e24dc4a46fbb47a8106f7ca3e9e7a2015212caa44bf64db43

SHA512
dcc9f08cc27e29764e3714d92592950bf444734309fb7db67cee74351b29aa57d049d012c305fda906cad1ba66beb4b64ea786d236f672a09c5dfeef93367060

Download Submit
/CPAN/MyConfig.pm

Filesize
2KB

MD5
c6f22ebca6aec764a2458029726c2775

SHA1
96e91449279ab0ed4203db5845c733b7c722a7d2

SHA256
c547c188025577b78c823facbe3451984160777ac2bf69ac7eb22917dd96134d

SHA512
2a9bd282ee501ffeb59d598e2745d7e8fa2d5d2b5a2ce7fe5202f13d08c33a5f6e356523a2a0c79917f1c055471d089c1f72279d3a32c59a0d53a518a53d69f8

Download Submit
/sources/authors/01mailrc.txt.gz.tmp759

Filesize
243KB

MD5
987d409188a5517f03c016d1f4a3d322

SHA1
39327d40502561f0a2434bee0532b414ab8c897a

SHA256
fde79e702410ba40ae8eb9e7f1dee9af3b4e1b7bff953ad0afdf17abbacdeb54

SHA512
41c80328f93687a452758ec0afd6ec918d4927bc9520ca98c0c9654c82a25714e68bffef94f32228169cea68179187e4377ff4724418d8cbf8820d6c4dd93cf5

Download Submit
/sources/modules/02packages.details.txt.gz.tmp759

Filesize
2.4MB

MD5
0fbb58b292d9f2c7635954b5567b321b

SHA1
71993ce3f4a0101cc36e46e025c1bdbb9b170e31

SHA256
332c790a4061db305f1b91f3a9eeba4a83a7ae457ab7be2625b38801335667ee

SHA512
e661083477dde8986ff2ac920c9d358383014598767b4e914c43ad2a03486b6137a3b186f801664f69c5af085cdee9f85aa8dc45b6e5c7c6c18082859979a84a

Download Submit
/tmp/cpan_install_909e.txt

Filesize
234B

MD5
bf8abf038295e27a83385d18cff1a077

SHA1
96ba876bc310e4e7eb7a2ab9ab5da42597b11b3f

SHA256
d15a41d47df04b56fec192b5ab0d14a195fd7768924c1506e673c2e4d7b8fe87

SHA512
81e1fa072525de836b73044c520641dcfbc7ab42e6149bd04beb7f571e5a4049bf4610c7a5fc7dc0b7102ec659b46a3cbc162421bf97eef6c1229cd14f173472

Download Submit
/tmp/cpan_install_Yfuq.txt

Filesize
37B

MD5
fda35639291b04274eedbc518b386d23

SHA1
21d3a4ea1be0561e4dea0788bac459405c20687e

SHA256
a859f93e31961c509db2793e19f73c2b37a854a2783b464f336ee310549a009b

SHA512
2ff6a1c882df0d4eda58b4f9d2063ea13044013231aabee5566d2430f98e99c76dc91c7e66c6b9dbac735b4b7f6e238cdca820d92f8921db98e51b615046e8bd

Download Submit