33c21bf2e0c7f058fc2d76c9fa41e7fa203b1793b45ea61fec551186998f709a

Analysis

max time kernel
0s
max time network
121s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
28-12-2022 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
Size

35KB
MD5

5e42a9d6ef515bc7d42c3875613c3a5a
SHA1

e9a97f3130a136626731bcce2854a284911b1542
SHA256

fa3522c916ac271a9eec4db52528c5fdbf10e32d635160fe61b8cbdc880bc695
SHA512

cbe882034a122c7cf7a6f962b9cbf963cb915613624dbf71128ac87fcb63986f110f5a2545e32331bcab8b2049015b9f69534d4c14bab9eb92e714edda2c5872
SSDEEP

192:RtVC966RFNxExiROI57EGe3imWH5zI2noiB3BsJYT5YafAFlm6ubYxh+Z724zRUs:s66XbrnWe6ubYrTw8Wjao+vrjAx

Score

5^/10

Malware Config

Signatures

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh	/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh	deb.sh

/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
"/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh"
1⤵
- Writes file to tmp directory
PID:320
- /bin/echo
  /bin/echo -e "\\e[1;36m !-----------------------------------------------------------------!\\e[0m"
  2⤵
  PID:329
- /bin/echo
  /bin/echo -e "\\e[1;36m ! xrdp-installer-1.3 Script !\\e[0m"
  2⤵
  PID:330
- /bin/echo
  /bin/echo -e "\\e[1;36m ! Support Ubuntu and Debian Distribution !\\e[0m"
  2⤵
  PID:331
- /bin/echo
  /bin/echo -e "\\e[1;36m ! Written by Griffon - October 2021 - www.c-nergy.be !\\e[0m"
  2⤵
  PID:332
- /bin/echo
  /bin/echo -e "\\e[1;36m ! !\\e[0m"
  2⤵
  PID:333
- /bin/echo
  /bin/echo -e "\\e[1;36m ! For Help and Syntax, type ./xrdp-installer-1.3.sh -h !\\e[0m"
  2⤵
  PID:334
- /bin/echo
  /bin/echo -e "\\e[1;36m ! !\\e[0m"
  2⤵
  PID:335
- /bin/echo
  /bin/echo -e "\\e[1;36m !-----------------------------------------------------------------!\\e[0m"
  2⤵
  PID:336
- /bin/echo
  /bin/echo -e "\\e[1;31m !-------------------------------------------------------------!\\e[0m"
  2⤵
  PID:337
- /bin/echo
  /bin/echo -e "\\e[1;31m ! Script launched with sudo command. Script will not run... !\\e[0m"
  2⤵
  PID:338
- /bin/echo
  /bin/echo -e "\\e[1;31m ! Run script a standard user account (no sudo). When needed !\\e[0m"
  2⤵
  PID:339
- /bin/echo
  /bin/echo -e "\\e[1;31m ! script will be prompted for password during execution !\\e[0m"
  2⤵
  PID:340
- /bin/echo
  /bin/echo -e "\\e[1;31m ! !\\e[0m"
  2⤵
  PID:341
- /bin/echo
  /bin/echo -e "\\e[1;31m ! Exiting Script - No Install Performed !!! !\\e[0m"
  2⤵
  PID:342
- /bin/echo
  /bin/echo -e "\\e[1;31m !-------------------------------------------------------------!\\e[0m"
  2⤵
  PID:343

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads