c2e1ba266aa158636ea3470ba6ab7084bb65d6811131c550d8c6357ca0bbaedd

Analysis

max time kernel
0s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
09-02-2025 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

arsenal-kit/build_arsenal_kit.sh
Size

5KB
MD5

fc74972f39293664c3c1746c37ed4e25
SHA1

770421189ad3cfb9ba2a733ca6af9ebd21aef6e9
SHA256

371080f6247c2b9743c4828abc5ed64734b6a4e5930e5dbc885710774fab0ad7
SHA512

1e9540223756288ae84bf8063d48d21c18f66b116ab6af0937f66e9f880419ccee141c6b9a026fb764b9d74f63860df245b202621157e480fd68358c24944ad7
SSDEEP

96:vMdTc1ieDQr/HNJIvnezOyWo7lrOpHtD786EI8rBH8zIx+8vWm8khImw8a24:vMVc1B0Lt4eyyWo5rODwbpxy8IA4

Score

3^/10

discovery

Malware Config

Signatures

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	cp

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
678	build.sh

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/sh-thd.KHPIfk	bash
File opened for modification	/tmp/arsenal-kit/dist/arsenal_kit.cna	cp

/tmp/arsenal-kit/build_arsenal_kit.sh
/tmp/arsenal-kit/build_arsenal_kit.sh
1⤵
PID:665

/usr/local/sbin/bash
bash /tmp/arsenal-kit/build_arsenal_kit.sh
1⤵
PID:665

/usr/local/bin/bash
bash /tmp/arsenal-kit/build_arsenal_kit.sh
1⤵
PID:665

/usr/sbin/bash
bash /tmp/arsenal-kit/build_arsenal_kit.sh
1⤵
PID:665

/usr/bin/bash
bash /tmp/arsenal-kit/build_arsenal_kit.sh
1⤵
PID:665

/sbin/bash
bash /tmp/arsenal-kit/build_arsenal_kit.sh
1⤵
PID:665

/bin/bash
bash /tmp/arsenal-kit/build_arsenal_kit.sh
1⤵
- Writes file to tmp directory
PID:665
- /bin/mkdir
  mkdir -p ./dist/
  2⤵
  - Reads runtime system information
  PID:673
- /bin/cat
  cat
  2⤵
  PID:675
- /bin/cp
  cp ./templates/arsenal_kit.cna.template ./dist/arsenal_kit.cna
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:676
- /tmp/arsenal-kit/kits/artifact/build.sh
  /tmp/arsenal-kit/kits/artifact/build.sh pipe HeapAlloc 310272 5 true true none /tmp/arsenal-kit/dist/artifact
  2⤵
  - System Network Configuration Discovery
  PID:678

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/arsenal-kit/dist/arsenal_kit.cna

Filesize
1KB

MD5
1f38d3e05aa6b89ed245c059370be42f

SHA1
4ea67eec166bf0b7b7b6865b89642c4e9e46e920

SHA256
37384ad4a4d14da3c565f0c04aca6d41d1f54ad860b952a53fc7a997fff16583

SHA512
5df11a68a3b9545c4cfdcaa088c050ffeeea2f730a061f0e4c45d840bc599c057c891e38dcd0982ec9bdf64364d27b8f605c2d4a29fbb1bc97d872c4ba497354

Download Submit
/tmp/sh-thd.KHPIfk

Filesize
558B

MD5
eb78199899887eabdf361c28f4242896

SHA1
4f826eecc5ba1314239c4263a948e836e9d663dd

SHA256
ed23ccfd30edc65305a9c951c6a447bf62a147a8cbaa0807b84ac1f4d0514e37

SHA512
066efd0d7765ce5575b9d6c18f3230049b39b287799ea03913ef5f9b59c418f02ecaa8e848a99c9e601903d89b47f0c1fed640cec885a796897187035c413503

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads