33c21bf2e0c7f058fc2d76c9fa41e7fa203b1793b45ea61fec551186998f709a

Analysis

max time kernel
0s
max time network
127s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
28/12/2022, 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
Size

35KB
MD5

5e42a9d6ef515bc7d42c3875613c3a5a
SHA1

e9a97f3130a136626731bcce2854a284911b1542
SHA256

fa3522c916ac271a9eec4db52528c5fdbf10e32d635160fe61b8cbdc880bc695
SHA512

cbe882034a122c7cf7a6f962b9cbf963cb915613624dbf71128ac87fcb63986f110f5a2545e32331bcab8b2049015b9f69534d4c14bab9eb92e714edda2c5872
SSDEEP

192:RtVC966RFNxExiROI57EGe3imWH5zI2noiB3BsJYT5YafAFlm6ubYxh+Z724zRUs:s66XbrnWe6ubYrTw8Wjao+vrjAx

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh	/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh	deb.sh

/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
"/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh"
1⤵
- Writes file to tmp directory
PID:353
- /bin/echo
  /bin/echo -e "\\e[1;36m !-----------------------------------------------------------------!\\e[0m"
  2⤵
  PID:362
- /bin/echo
  /bin/echo -e "\\e[1;36m ! xrdp-installer-1.3 Script !\\e[0m"
  2⤵
  PID:363
- /bin/echo
  /bin/echo -e "\\e[1;36m ! Support Ubuntu and Debian Distribution !\\e[0m"
  2⤵
  PID:364
- /bin/echo
  /bin/echo -e "\\e[1;36m ! Written by Griffon - October 2021 - www.c-nergy.be !\\e[0m"
  2⤵
  PID:365
- /bin/echo
  /bin/echo -e "\\e[1;36m ! !\\e[0m"
  2⤵
  PID:366
- /bin/echo
  /bin/echo -e "\\e[1;36m ! For Help and Syntax, type ./xrdp-installer-1.3.sh -h !\\e[0m"
  2⤵
  PID:367
- /bin/echo
  /bin/echo -e "\\e[1;36m ! !\\e[0m"
  2⤵
  PID:368
- /bin/echo
  /bin/echo -e "\\e[1;36m !-----------------------------------------------------------------!\\e[0m"
  2⤵
  PID:369
- /bin/echo
  /bin/echo -e "\\e[1;31m !-------------------------------------------------------------!\\e[0m"
  2⤵
  PID:370
- /bin/echo
  /bin/echo -e "\\e[1;31m ! Script launched with sudo command. Script will not run... !\\e[0m"
  2⤵
  PID:371
- /bin/echo
  /bin/echo -e "\\e[1;31m ! Run script a standard user account (no sudo). When needed !\\e[0m"
  2⤵
  PID:372
- /bin/echo
  /bin/echo -e "\\e[1;31m ! script will be prompted for password during execution !\\e[0m"
  2⤵
  PID:373
- /bin/echo
  /bin/echo -e "\\e[1;31m ! !\\e[0m"
  2⤵
  PID:374
- /bin/echo
  /bin/echo -e "\\e[1;31m ! Exiting Script - No Install Performed !!! !\\e[0m"
  2⤵
  PID:375
- /bin/echo
  /bin/echo -e "\\e[1;31m !-------------------------------------------------------------!\\e[0m"
  2⤵
  PID:376

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads