17b0474ba20af91e63d44b7ad7543d8a55938ffc14cfb46722180c90e33c891c

Analysis

max time kernel
0s
max time network
121s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
16-08-2022 03:01

Target

jetbra/scripts/uninstall.sh
Size

1KB
MD5

f8d12ad74edc1df03c1d71e723cf7317
SHA1

437f66132747f12edaa30d81052b08f8ce99e7ed
SHA256

ec93dfcdf02f00f21bff552e3ee6899850877a8cc7dd08033d474050ac67a956
SHA512

5c46956b4497856e881b27aaa2f3306fa7922af180b52aacd1cc4f7881b5ee05d22d02688079cae836d588aacf6592dc2cbcad08fa03925302d20317034031c0

Score

5^/10

Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.

Processes:

sedsedsed

description ioc process

/proc/filesystems /proc/filesystems sed
/proc/filesystems /proc/filesystems sed
/proc/filesystems /proc/filesystems sed
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

uninstall.sh

description ioc process

/tmp/jetbra/scripts/uninstall.sh /tmp/jetbra/scripts/uninstall.sh uninstall.sh

description	ioc	process
/tmp/jetbra/scripts/uninstall.sh	/tmp/jetbra/scripts/uninstall.sh	uninstall.sh

/tmp/jetbra/scripts/uninstall.sh
/tmp/jetbra/scripts/uninstall.sh
1⤵
- Writes file to tmp directory
PID:331

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.profile
2⤵
- Reads runtime system information
PID:337

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.bashrc
2⤵
- Reads runtime system information
PID:342

/bin/sed
sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.zshrc
2⤵
- Reads runtime system information
PID:343