17b0474ba20af91e63d44b7ad7543d8a55938ffc14cfb46722180c90e33c891c

Analysis

max time kernel
0s
max time network
134s
platform
linux_mipsel
resource
debian9-mipsel-en-20211208
resource tags

arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
16-08-2022 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jetbra/scripts/install.sh
Size

3KB
MD5

4f86ad982a9cdf710d297f30a1c35d3e
SHA1

32eb21a4fd2a0ae3ead868dd550d30b64409a883
SHA256

ff7b76ed04b0ca7e42b380fd3426b4ea14dd1e6fd39154fcd32ef9e11907478f
SHA512

99a8eacfe80870912a334804ccfcdba1f13a0a5a78f6e4325d124aaf0a1b0352f47fb0144f68003670acb4565ea694f550608fc7343668a2a3d819c03e3e1802

Score

5^/10

Malware Config

Signatures

Reads runtime system information 21 IoCs

Reads data from /proc virtual filesystem.

Processes:

sedsedsedsedsedsedsedmkdirsedsedsedsedsedsedsedsedsedsedsedsedsed

description	ioc	process
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	mkdir
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed
/proc/filesystems	/proc/filesystems	sed

Writes file to tmp directory 52 IoCs

Malware often drops required files in the /tmp directory.

Processes:

sedinstall.shsedsedsedsedsedsedsedsedsedsedsedsedsedsedsedsed

/tmp/jetbra/scripts/install.sh
/tmp/jetbra/scripts/install.sh
1⤵
- Writes file to tmp directory
PID:332

/bin/uname
uname -s
2⤵
PID:333

/usr/bin/dirname
dirname /tmp/jetbra/scripts
2⤵
PID:334

/bin/mkdir
mkdir -p /.config/plasma-workspace/env
2⤵
- Reads runtime system information
PID:341

/usr/bin/touch
touch /.profile
2⤵
PID:342

/usr/bin/touch
touch /.bashrc
2⤵
PID:343

/usr/bin/touch
touch /.zshrc
2⤵
PID:344

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/idea.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:345

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/clion.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:349

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/phpstorm.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:353

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/goland.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:357

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/pycharm.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:361

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/webstorm.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:365

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/webide.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:369

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/rider.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:373

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/datagrip.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:377

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/rubymine.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:381

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/appcode.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:385

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/dataspell.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:389

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/gateway.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:393

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/jetbrains_client.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:397

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/jetbrainsclient.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:401

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/studio.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:405

/bin/sed
sed -i "/^\\-javaagent:.*[\\/\\\\]ja\\-netfilter\\.jar.*/d" /tmp/jetbra/vmoptions/devecostudio.vmoptions
2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:409

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.profile
2⤵
- Reads runtime system information
PID:413

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.bashrc
2⤵
- Reads runtime system information
PID:414

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.zshrc
2⤵
- Reads runtime system information
PID:415

/bin/ln
ln -sf /.jetbrains.vmoptions.sh /.config/plasma-workspace/env/jetbrains.vmoptions.sh
2⤵
PID:416

/usr/bin/dirname
dirname /tmp/jetbra/scripts/install.sh
1⤵
PID:336

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:348

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:352

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:356

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:360

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:364

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:368

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:372

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:376

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:380

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:384

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:388

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:392

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:396

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:400

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:404

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:408

/usr/bin/tr
tr "[a-z]" "[A-Z]"
1⤵
PID:412

description	ioc	process
/tmp/jetbra/vmoptions/phpstorm.vmoptions	/tmp/jetbra/vmoptions/phpstorm.vmoptions	sed
/tmp/jetbra/vmoptions/pycharm.vmoptions	/tmp/jetbra/vmoptions/pycharm.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedtefrh6	/tmp/jetbra/vmoptions/sedtefrh6	sed
/tmp/jetbra/vmoptions/sedi1JSs4	/tmp/jetbra/vmoptions/sedi1JSs4	sed
/tmp/jetbra/vmoptions/gateway.vmoptions	/tmp/jetbra/vmoptions/gateway.vmoptions	install.sh
/tmp/jetbra/vmoptions/pycharm.vmoptions	/tmp/jetbra/vmoptions/pycharm.vmoptions	sed
/tmp/jetbra/vmoptions/sedVKzamk	/tmp/jetbra/vmoptions/sedVKzamk	sed
/tmp/jetbra/vmoptions/rider.vmoptions	/tmp/jetbra/vmoptions/rider.vmoptions	sed
/tmp/jetbra/vmoptions/sed0RNUNa	/tmp/jetbra/vmoptions/sed0RNUNa	sed
/tmp/jetbra/vmoptions/sed6ks8Hp	/tmp/jetbra/vmoptions/sed6ks8Hp	sed
/tmp/jetbra/vmoptions/dataspell.vmoptions	/tmp/jetbra/vmoptions/dataspell.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedW7uXPD	/tmp/jetbra/vmoptions/sedW7uXPD	sed
/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	install.sh
/tmp/jetbra/vmoptions/idea.vmoptions	/tmp/jetbra/vmoptions/idea.vmoptions	sed
/tmp/jetbra/vmoptions/clion.vmoptions	/tmp/jetbra/vmoptions/clion.vmoptions	sed
/tmp/jetbra/vmoptions/datagrip.vmoptions	/tmp/jetbra/vmoptions/datagrip.vmoptions	sed
/tmp/jetbra/vmoptions/sedHTbHuS	/tmp/jetbra/vmoptions/sedHTbHuS	sed
/tmp/jetbra/vmoptions/rubymine.vmoptions	/tmp/jetbra/vmoptions/rubymine.vmoptions	sed
/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	install.sh
/tmp/jetbra/vmoptions/devecostudio.vmoptions	/tmp/jetbra/vmoptions/devecostudio.vmoptions	install.sh
/tmp/jetbra/vmoptions/idea.vmoptions	/tmp/jetbra/vmoptions/idea.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedu0rUvW	/tmp/jetbra/vmoptions/sedu0rUvW	sed
/tmp/jetbra/vmoptions/dataspell.vmoptions	/tmp/jetbra/vmoptions/dataspell.vmoptions	sed
/tmp/jetbra/vmoptions/gateway.vmoptions	/tmp/jetbra/vmoptions/gateway.vmoptions	sed
/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	/tmp/jetbra/vmoptions/jetbrains_client.vmoptions	sed
/tmp/jetbra/vmoptions/appcode.vmoptions	/tmp/jetbra/vmoptions/appcode.vmoptions	sed
/tmp/jetbra/vmoptions/sedvOaSkp	/tmp/jetbra/vmoptions/sedvOaSkp	sed
/tmp/jetbra/vmoptions/sedqk4pie	/tmp/jetbra/vmoptions/sedqk4pie	sed
/tmp/jetbra/vmoptions/goland.vmoptions	/tmp/jetbra/vmoptions/goland.vmoptions	sed
/tmp/jetbra/vmoptions/sedSAZN5E	/tmp/jetbra/vmoptions/sedSAZN5E	sed
/tmp/jetbra/vmoptions/webide.vmoptions	/tmp/jetbra/vmoptions/webide.vmoptions	sed
/tmp/jetbra/vmoptions/rubymine.vmoptions	/tmp/jetbra/vmoptions/rubymine.vmoptions	install.sh
/tmp/jetbra/vmoptions/datagrip.vmoptions	/tmp/jetbra/vmoptions/datagrip.vmoptions	install.sh
/tmp/jetbra/vmoptions/sed282OeR	/tmp/jetbra/vmoptions/sed282OeR	sed
/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	/tmp/jetbra/vmoptions/jetbrainsclient.vmoptions	sed
/tmp/jetbra/scripts/install.sh	/tmp/jetbra/scripts/install.sh	install.sh
/tmp/jetbra/vmoptions/sed6Piufr	/tmp/jetbra/vmoptions/sed6Piufr	sed
/tmp/jetbra/vmoptions/goland.vmoptions	/tmp/jetbra/vmoptions/goland.vmoptions	install.sh
/tmp/jetbra/vmoptions/sed9pgjIy	/tmp/jetbra/vmoptions/sed9pgjIy	sed
/tmp/jetbra/vmoptions/rider.vmoptions	/tmp/jetbra/vmoptions/rider.vmoptions	install.sh
/tmp/jetbra/vmoptions/studio.vmoptions	/tmp/jetbra/vmoptions/studio.vmoptions	sed
/tmp/jetbra/vmoptions/studio.vmoptions	/tmp/jetbra/vmoptions/studio.vmoptions	install.sh
/tmp/jetbra/vmoptions/devecostudio.vmoptions	/tmp/jetbra/vmoptions/devecostudio.vmoptions	sed
/tmp/jetbra/vmoptions/sed7veMf1	/tmp/jetbra/vmoptions/sed7veMf1	sed
/tmp/jetbra/vmoptions/clion.vmoptions	/tmp/jetbra/vmoptions/clion.vmoptions	install.sh
/tmp/jetbra/vmoptions/webstorm.vmoptions	/tmp/jetbra/vmoptions/webstorm.vmoptions	install.sh
/tmp/jetbra/vmoptions/sedJHmngb	/tmp/jetbra/vmoptions/sedJHmngb	sed
/tmp/jetbra/vmoptions/phpstorm.vmoptions	/tmp/jetbra/vmoptions/phpstorm.vmoptions	install.sh
/tmp/jetbra/vmoptions/webstorm.vmoptions	/tmp/jetbra/vmoptions/webstorm.vmoptions	sed
/tmp/jetbra/vmoptions/sedmGKLGf	/tmp/jetbra/vmoptions/sedmGKLGf	sed
/tmp/jetbra/vmoptions/webide.vmoptions	/tmp/jetbra/vmoptions/webide.vmoptions	install.sh
/tmp/jetbra/vmoptions/appcode.vmoptions	/tmp/jetbra/vmoptions/appcode.vmoptions	install.sh

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads