17b0474ba20af91e63d44b7ad7543d8a55938ffc14cfb46722180c90e33c891c

Analysis

max time kernel
0s
max time network
153s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
16-08-2022 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jetbra/scripts/install.sh
Size

3KB
MD5

4f86ad982a9cdf710d297f30a1c35d3e
SHA1

32eb21a4fd2a0ae3ead868dd550d30b64409a883
SHA256

ff7b76ed04b0ca7e42b380fd3426b4ea14dd1e6fd39154fcd32ef9e11907478f
SHA512

99a8eacfe80870912a334804ccfcdba1f13a0a5a78f6e4325d124aaf0a1b0352f47fb0144f68003670acb4565ea694f550608fc7343668a2a3d819c03e3e1802

Score

5^/10

Malware Config

Signatures

Reads runtime system information 21 IoCs

Reads data from /proc virtual filesystem.

Processes:

sedsedsedsedsedsedsedsedsedsedsedsedsedsedsedsedsedsedmkdirsedsed

description	ioc	process
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	mkdir
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed

Writes file to tmp directory 52 IoCs

Malware often drops required files in the /tmp directory.

Processes:

sedinstall.shsedsedsedsedsedsedsedsedsedsedsedsedsedsedsedsed

/tmp/jetbra/scripts/install.sh
/tmp/jetbra/scripts/install.sh
1⤵
- Writes file to tmp directory
PID:319

/bin/uname
uname -s
2⤵
PID:320

/usr/bin/dirname
dirname /tmp/jetbra/scripts
2⤵
PID:321

/bin/mkdir
mkdir -p /.config/plasma-workspace/env
2⤵
- Reads runtime system information
PID:325

/usr/bin/touch
touch /.profile
2⤵
PID:329

/usr/bin/touch
touch /.bashrc
2⤵
PID:330

/usr/bin/touch
touch /.zshrc
2⤵
PID:331

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/idea.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:332

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/clion.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:336

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/phpstorm.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:340

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/goland.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:344

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/pycharm.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:348

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/webstorm.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:352

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/webide.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:356

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/rider.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:360

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/datagrip.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:364

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/rubymine.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:368

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/appcode.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:372

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/dataspell.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:376

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/gateway.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:380

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/jetbrains_client.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:384

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/jetbrainsclient.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:388

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/studio.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:392

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/devecostudio.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:396

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.profile
2⤵
- Reads runtime system information
PID:400

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.bashrc
2⤵
- Reads runtime system information
PID:401

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.zshrc
2⤵
- Reads runtime system information
PID:402

/bin/ln
ln -sf /.jetbrains.vmoptions.sh /.config/plasma-workspace/env/jetbrains.vmoptions.sh
2⤵
PID:403

/usr/bin/dirname
dirname /tmp/jetbra/scripts/install.sh
1⤵
PID:323

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:335

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:339

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:343

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:347

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:351

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:355

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:359

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:363

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:367

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:371

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:375

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:379

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:383

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:387

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:391

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:395

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:399

description	ioc	process
/tmp/jetbra/vmoptions/sedJQvswl	/tmp/jetbra/vmoptions/sedJQvswl	sed
/tmp/jetbra/vmoptions/dataspell.vmoptions	/tmp/jetbra/vmoptions/dataspell.vmoptions	install.sh
/tmp/jetbra/vmoptions/gateway.vmoptions	/tmp/jetbra/vmoptions/gateway.vmoptions	install.sh
/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	sed
/tmp/jetbra/vmoptions/clion.vmoptions	/tmp/jetbra/vmoptions/clion.vmoptions	sed
/tmp/jetbra/vmoptions/phpstorm.vmoptions	/tmp/jetbra/vmoptions/phpstorm.vmoptions	sed
/tmp/jetbra/vmoptions/sedq91Z3t	/tmp/jetbra/vmoptions/sedq91Z3t	sed
/tmp/jetbra/vmoptions/webstorm.vmoptions	/tmp/jetbra/vmoptions/webstorm.vmoptions	sed
/tmp/jetbra/vmoptions/studio.vmoptions	/tmp/jetbra/vmoptions/studio.vmoptions	install.sh
/tmp/jetbra/vmoptions/devecostudio.vmoptions	/tmp/jetbra/vmoptions/devecostudio.vmoptions	install.sh
/tmp/jetbra/vmoptions/pycharm.vmoptions	/tmp/jetbra/vmoptions/pycharm.vmoptions	sed
/tmp/jetbra/vmoptions/rider.vmoptions	/tmp/jetbra/vmoptions/rider.vmoptions	sed
/tmp/jetbra/vmoptions/sedR4BhIy	/tmp/jetbra/vmoptions/sedR4BhIy	sed
/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	install.sh
/tmp/jetbra/vmoptions/dataspell.vmoptions	/tmp/jetbra/vmoptions/dataspell.vmoptions	sed
/tmp/jetbra/vmoptions/sedLOMKuR	/tmp/jetbra/vmoptions/sedLOMKuR	sed
/tmp/jetbra/vmoptions/clion.vmoptions	/tmp/jetbra/vmoptions/clion.vmoptions	install.sh
/tmp/jetbra/vmoptions/goland.vmoptions	/tmp/jetbra/vmoptions/goland.vmoptions	sed
/tmp/jetbra/vmoptions/sedn5Ok4L	/tmp/jetbra/vmoptions/sedn5Ok4L	sed
/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedKz1WRd	/tmp/jetbra/vmoptions/sedKz1WRd	sed
/tmp/jetbra/vmoptions/appcode.vmoptions	/tmp/jetbra/vmoptions/appcode.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedFmQFf4	/tmp/jetbra/vmoptions/sedFmQFf4	sed
/tmp/jetbra/vmoptions/sedUbV1mk	/tmp/jetbra/vmoptions/sedUbV1mk	sed
/tmp/jetbra/vmoptions/studio.vmoptions	/tmp/jetbra/vmoptions/studio.vmoptions	sed
/tmp/jetbra/scripts/install.sh	/tmp/jetbra/scripts/install.sh	install.sh
/tmp/jetbra/vmoptions/idea.vmoptions	/tmp/jetbra/vmoptions/idea.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedcC3hHJ	/tmp/jetbra/vmoptions/sedcC3hHJ	sed
/tmp/jetbra/vmoptions/gateway.vmoptions	/tmp/jetbra/vmoptions/gateway.vmoptions	sed
/tmp/jetbra/vmoptions/webide.vmoptions	/tmp/jetbra/vmoptions/webide.vmoptions	install.sh
/tmp/jetbra/vmoptions/rubymine.vmoptions	/tmp/jetbra/vmoptions/rubymine.vmoptions	sed
/tmp/jetbra/vmoptions/appcode.vmoptions	/tmp/jetbra/vmoptions/appcode.vmoptions	sed
/tmp/jetbra/vmoptions/idea.vmoptions	/tmp/jetbra/vmoptions/idea.vmoptions	sed
/tmp/jetbra/vmoptions/sedjOsYAx	/tmp/jetbra/vmoptions/sedjOsYAx	sed
/tmp/jetbra/vmoptions/sedLMoXA8	/tmp/jetbra/vmoptions/sedLMoXA8	sed
/tmp/jetbra/vmoptions/sedIwQ9Ld	/tmp/jetbra/vmoptions/sedIwQ9Ld	sed
/tmp/jetbra/vmoptions/devecostudio.vmoptions	/tmp/jetbra/vmoptions/devecostudio.vmoptions	sed
/tmp/jetbra/vmoptions/sedWQK2JZ	/tmp/jetbra/vmoptions/sedWQK2JZ	sed
/tmp/jetbra/vmoptions/goland.vmoptions	/tmp/jetbra/vmoptions/goland.vmoptions	install.sh
/tmp/jetbra/vmoptions/datagrip.vmoptions	/tmp/jetbra/vmoptions/datagrip.vmoptions	install.sh
/tmp/jetbra/vmoptions/rubymine.vmoptions	/tmp/jetbra/vmoptions/rubymine.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedy68u5y	/tmp/jetbra/vmoptions/sedy68u5y	sed
/tmp/jetbra/vmoptions/sedcEP8l1	/tmp/jetbra/vmoptions/sedcEP8l1	sed
/tmp/jetbra/vmoptions/rider.vmoptions	/tmp/jetbra/vmoptions/rider.vmoptions	install.sh
/tmp/jetbra/vmoptions/datagrip.vmoptions	/tmp/jetbra/vmoptions/datagrip.vmoptions	sed
/tmp/jetbra/vmoptions/sedB8ANXj	/tmp/jetbra/vmoptions/sedB8ANXj	sed
/tmp/jetbra/vmoptions/phpstorm.vmoptions	/tmp/jetbra/vmoptions/phpstorm.vmoptions	install.sh
/tmp/jetbra/vmoptions/pycharm.vmoptions	/tmp/jetbra/vmoptions/pycharm.vmoptions	install.sh
/tmp/jetbra/vmoptions/webstorm.vmoptions	/tmp/jetbra/vmoptions/webstorm.vmoptions	install.sh
/tmp/jetbra/vmoptions/webide.vmoptions	/tmp/jetbra/vmoptions/webide.vmoptions	sed
/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	sed
/tmp/jetbra/vmoptions/sedYRj5nM	/tmp/jetbra/vmoptions/sedYRj5nM	sed

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads