17b0474ba20af91e63d44b7ad7543d8a55938ffc14cfb46722180c90e33c891c

Analysis

max time kernel
0s
max time network
157s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
16-08-2022 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jetbra/scripts/install.sh
Size

3KB
MD5

4f86ad982a9cdf710d297f30a1c35d3e
SHA1

32eb21a4fd2a0ae3ead868dd550d30b64409a883
SHA256

ff7b76ed04b0ca7e42b380fd3426b4ea14dd1e6fd39154fcd32ef9e11907478f
SHA512

99a8eacfe80870912a334804ccfcdba1f13a0a5a78f6e4325d124aaf0a1b0352f47fb0144f68003670acb4565ea694f550608fc7343668a2a3d819c03e3e1802

Score

5^/10

Malware Config

Signatures

Reads runtime system information 21 IoCs

Reads data from /proc virtual filesystem.

Processes:

sedsedsedsedsedsedmkdirsedsedsedsedsedsedsedsedsedsedsedsedsedsed

description	ioc	process
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	mkdir
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed

Writes file to tmp directory 52 IoCs

Malware often drops required files in the /tmp directory.

Processes:

sedsedsedsedinstall.shsedsedsedsedsedsedsedsedsedsedsedsedsed

/tmp/jetbra/scripts/install.sh
/tmp/jetbra/scripts/install.sh
1⤵
- Writes file to tmp directory
PID:363

/bin/uname
uname -s
2⤵
PID:366

/usr/bin/dirname
dirname /tmp/jetbra/scripts
2⤵
PID:368

/bin/mkdir
mkdir -p /.config/plasma-workspace/env
2⤵
- Reads runtime system information
PID:374

/usr/bin/touch
touch /.profile
2⤵
PID:375

/usr/bin/touch
touch /.bashrc
2⤵
PID:376

/usr/bin/touch
touch /.zshrc
2⤵
PID:377

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/idea.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:378

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/clion.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:382

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/phpstorm.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:386

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/goland.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:390

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/pycharm.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:394

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/webstorm.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:398

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/webide.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:402

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/rider.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:406

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/datagrip.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:412

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/rubymine.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:416

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/appcode.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:420

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/dataspell.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:424

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/gateway.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:428

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/jetbrains_client.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:432

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/jetbrainsclient.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:436

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/studio.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:440

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/devecostudio.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:444

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.profile
2⤵
- Reads runtime system information
PID:448

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.bashrc
2⤵
- Reads runtime system information
PID:449

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.zshrc
2⤵
- Reads runtime system information
PID:450

/bin/ln
ln -sf /.jetbrains.vmoptions.sh /.config/plasma-workspace/env/jetbrains.vmoptions.sh
2⤵
PID:451

/usr/bin/dirname
dirname /tmp/jetbra/scripts/install.sh
1⤵
PID:370

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:381

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:385

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:389

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:393

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:397

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:401

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:405

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:411

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:415

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:419

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:423

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:427

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:431

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:435

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:439

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:443

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:447

description	ioc	process
/tmp/jetbra/vmoptions/sedjkcOsl	/tmp/jetbra/vmoptions/sedjkcOsl	sed
/tmp/jetbra/vmoptions/sedPG5PER	/tmp/jetbra/vmoptions/sedPG5PER	sed
/tmp/jetbra/vmoptions/sedUSMrvz	/tmp/jetbra/vmoptions/sedUSMrvz	sed
/tmp/jetbra/vmoptions/sed4fhsXN	/tmp/jetbra/vmoptions/sed4fhsXN	sed
/tmp/jetbra/vmoptions/gateway.vmoptions	/tmp/jetbra/vmoptions/gateway.vmoptions	install.sh
/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	sed
/tmp/jetbra/vmoptions/clion.vmoptions	/tmp/jetbra/vmoptions/clion.vmoptions	sed
/tmp/jetbra/vmoptions/pycharm.vmoptions	/tmp/jetbra/vmoptions/pycharm.vmoptions	install.sh
/tmp/jetbra/vmoptions/webide.vmoptions	/tmp/jetbra/vmoptions/webide.vmoptions	install.sh
/tmp/jetbra/vmoptions/appcode.vmoptions	/tmp/jetbra/vmoptions/appcode.vmoptions	sed
/tmp/jetbra/vmoptions/appcode.vmoptions	/tmp/jetbra/vmoptions/appcode.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedmB8XXp	/tmp/jetbra/vmoptions/sedmB8XXp	sed
/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	sed
/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	install.sh
/tmp/jetbra/vmoptions/idea.vmoptions	/tmp/jetbra/vmoptions/idea.vmoptions	install.sh
/tmp/jetbra/vmoptions/studio.vmoptions	/tmp/jetbra/vmoptions/studio.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedeXW3Qe	/tmp/jetbra/vmoptions/sedeXW3Qe	sed
/tmp/jetbra/vmoptions/sedfGFmAf	/tmp/jetbra/vmoptions/sedfGFmAf	sed
/tmp/jetbra/vmoptions/gateway.vmoptions	/tmp/jetbra/vmoptions/gateway.vmoptions	sed
/tmp/jetbra/vmoptions/sedS7mYI4	/tmp/jetbra/vmoptions/sedS7mYI4	sed
/tmp/jetbra/vmoptions/devecostudio.vmoptions	/tmp/jetbra/vmoptions/devecostudio.vmoptions	sed
/tmp/jetbra/vmoptions/sed7UZwAV	/tmp/jetbra/vmoptions/sed7UZwAV	sed
/tmp/jetbra/vmoptions/goland.vmoptions	/tmp/jetbra/vmoptions/goland.vmoptions	sed
/tmp/jetbra/vmoptions/sedYUBuHd	/tmp/jetbra/vmoptions/sedYUBuHd	sed
/tmp/jetbra/vmoptions/sed3DFCqw	/tmp/jetbra/vmoptions/sed3DFCqw	sed
/tmp/jetbra/vmoptions/dataspell.vmoptions	/tmp/jetbra/vmoptions/dataspell.vmoptions	sed
/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	install.sh
/tmp/jetbra/vmoptions/clion.vmoptions	/tmp/jetbra/vmoptions/clion.vmoptions	install.sh
/tmp/jetbra/vmoptions/goland.vmoptions	/tmp/jetbra/vmoptions/goland.vmoptions	install.sh
/tmp/jetbra/vmoptions/pycharm.vmoptions	/tmp/jetbra/vmoptions/pycharm.vmoptions	sed
/tmp/jetbra/vmoptions/webstorm.vmoptions	/tmp/jetbra/vmoptions/webstorm.vmoptions	sed
/tmp/jetbra/vmoptions/datagrip.vmoptions	/tmp/jetbra/vmoptions/datagrip.vmoptions	sed
/tmp/jetbra/vmoptions/devecostudio.vmoptions	/tmp/jetbra/vmoptions/devecostudio.vmoptions	install.sh
/tmp/jetbra/scripts/install.sh	/tmp/jetbra/scripts/install.sh	install.sh
/tmp/jetbra/vmoptions/webide.vmoptions	/tmp/jetbra/vmoptions/webide.vmoptions	sed
/tmp/jetbra/vmoptions/rider.vmoptions	/tmp/jetbra/vmoptions/rider.vmoptions	install.sh
/tmp/jetbra/vmoptions/rubymine.vmoptions	/tmp/jetbra/vmoptions/rubymine.vmoptions	sed
/tmp/jetbra/vmoptions/dataspell.vmoptions	/tmp/jetbra/vmoptions/dataspell.vmoptions	install.sh
/tmp/jetbra/vmoptions/phpstorm.vmoptions	/tmp/jetbra/vmoptions/phpstorm.vmoptions	sed
/tmp/jetbra/vmoptions/phpstorm.vmoptions	/tmp/jetbra/vmoptions/phpstorm.vmoptions	install.sh
/tmp/jetbra/vmoptions/webstorm.vmoptions	/tmp/jetbra/vmoptions/webstorm.vmoptions	install.sh
/tmp/jetbra/vmoptions/datagrip.vmoptions	/tmp/jetbra/vmoptions/datagrip.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedRBeIdU	/tmp/jetbra/vmoptions/sedRBeIdU	sed
/tmp/jetbra/vmoptions/sedhaF43i	/tmp/jetbra/vmoptions/sedhaF43i	sed
/tmp/jetbra/vmoptions/idea.vmoptions	/tmp/jetbra/vmoptions/idea.vmoptions	sed
/tmp/jetbra/vmoptions/sedviZUqB	/tmp/jetbra/vmoptions/sedviZUqB	sed
/tmp/jetbra/vmoptions/sedP82aa8	/tmp/jetbra/vmoptions/sedP82aa8	sed
/tmp/jetbra/vmoptions/rider.vmoptions	/tmp/jetbra/vmoptions/rider.vmoptions	sed
/tmp/jetbra/vmoptions/rubymine.vmoptions	/tmp/jetbra/vmoptions/rubymine.vmoptions	install.sh
/tmp/jetbra/vmoptions/studio.vmoptions	/tmp/jetbra/vmoptions/studio.vmoptions	sed
/tmp/jetbra/vmoptions/sedjfctJD	/tmp/jetbra/vmoptions/sedjfctJD	sed
/tmp/jetbra/vmoptions/sedCUatR7	/tmp/jetbra/vmoptions/sedCUatR7	sed

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads