Overview

overview

7

Static

static

3

ide-eval-r....6.jar

windows7-x64

1

ide-eval-r....6.jar

windows10-2004-x64

1

JetBrains ...ME.pdf

windows7-x64

1

JetBrains ...ME.pdf

windows10-2004-x64

5

JetBrains ...er.jar

windows7-x64

1

JetBrains ...er.jar

windows10-2004-x64

1

JetBrains ...ns.jar

windows7-x64

1

JetBrains ...ns.jar

windows10-2004-x64

1

JetBrains ...me.jar

windows7-x64

1

JetBrains ...me.jar

windows10-2004-x64

1

JetBrains ...ap.jar

windows7-x64

1

JetBrains ...ap.jar

windows10-2004-x64

1

JetBrains ...er.jar

windows7-x64

1

JetBrains ...er.jar

windows10-2004-x64

1

JetBrains ...rl.jar

windows7-x64

1

JetBrains ...rl.jar

windows10-2004-x64

1

JetBrains ...rs.vbs

windows7-x64

3

JetBrains ...rs.vbs

windows10-2004-x64

7

JetBrains ...er.vbs

windows7-x64

1

JetBrains ...er.vbs

windows10-2004-x64

1

JetBrains ...all.sh

ubuntu-18.04-amd64

5

JetBrains ...all.sh

debian-9-armhf

5

JetBrains ...all.sh

debian-9-mips

5

JetBrains ...all.sh

debian-9-mipsel

5

JetBrains ...rs.vbs

windows7-x64

3

JetBrains ...rs.vbs

windows10-2004-x64

7

JetBrains ...er.vbs

windows7-x64

1

JetBrains ...er.vbs

windows10-2004-x64

1

JetBrains ...all.sh

ubuntu-18.04-amd64

5

JetBrains ...all.sh

debian-9-armhf

5

JetBrains ...all.sh

debian-9-mips

5

JetBrains ...all.sh

debian-9-mipsel

5

Analysis

  • max time kernel
    0s
  • max time network
    158s
  • platform
    linux_armhf
  • resource
    debian9-armhf-en-20211208
  • resource tags

    arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    16-08-2022 02:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JetBrains 2022 ??/??2????2099????????????/ja-netfilter-all/scripts/uninstall.sh

  • Size

    1KB

  • MD5

    e3f187bb61526539c002a2303bc3325a

  • SHA1

    d3831b8e1b914892f412dc86d5c79f89314e6cd1

  • SHA256

    ae91ad30b493097d0704e97fb122d51f939b14d999267fdd0882058116bfed62

  • SHA512

    cafd9ddcd2139d525a480d65a582aff6119c3f771e9472d2472d9b4b42c76d2b7851c4288e5177907579b5f5181e88586bc8f9e4aafaafb769a096656896c355

Score
5/10

Malware Config

Signatures

  • Reads runtime system information 3 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/JetBrains 2022 ??/??2????2099????????????/ja-netfilter-all/scripts/uninstall.sh
    "/tmp/JetBrains 2022 ??/??2????2099????????????/ja-netfilter-all/scripts/uninstall.sh"
    1⤵
    • Writes file to tmp directory
    PID:347
    • /bin/uname
      uname -s
      2⤵
        PID:348
      • /usr/bin/touch
        touch /.profile
        2⤵
          PID:349
        • /usr/bin/touch
          touch /.bashrc
          2⤵
            PID:353
          • /usr/bin/touch
            touch /.zshrc
            2⤵
              PID:354
            • /bin/rm
              rm -rf /.jetbrains.vmoptions.sh
              2⤵
                PID:355
              • /bin/sed
                sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.profile
                2⤵
                • Reads runtime system information
                PID:356
              • /bin/sed
                sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.bashrc
                2⤵
                • Reads runtime system information
                PID:357
              • /bin/sed
                sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.zshrc
                2⤵
                • Reads runtime system information
                PID:358
              • /bin/rm
                rm -rf /.config/plasma-workspace/env/jetbrains.vmoptions.sh
                2⤵
                  PID:359

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads