d9a1fe765cd55f7244e67df1bbaa5c70d0bd7cd074d5f6d35a94841d24c8322b | Triage

Analysis

max time kernel
7s
max time network
126s
platform
linux_armhf
resource
debian9-armhf-en-20211208
resource tags

arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
16-07-2023 21:47

Sharing

Report Analysis Logs

General

Target

MCsniperPY-main/upload.sh
Size

1KB
MD5

fa746c7d2de09ca127e01f5ec1f25794
SHA1

636886f4ca6d8d1d0c7a9d976ff2218ed4a3c676
SHA256

513aad2de999de6e8c7fe7b037abbb71af02be824d3097c3a2572aded89ceea6
SHA512

b7ae300bd55213e2bb4d6cc7ded0dabb127449b8a78c05be8ef7ac20f3819556abe91aaae540b7453e6290f80ad0e02ce48b9ddd910110d51ba8b05220612eca

Score

3^/10

Malware Config

Signatures

Reads runtime system information 3 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/fd	Process not Found
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg

Writes file to tmp directory 4 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/fileutl.message.sFlHKR	apt
File opened for modification	/tmp/fileutl.message.qlxeJH	apt
File opened for modification	/tmp/fileutl.message.EjWS4l	apt
File opened for modification	/tmp/fileutl.message.E4tNJ5	apt

/tmp/MCsniperPY-main/upload.sh
/tmp/MCsniperPY-main/upload.sh
1⤵
PID:359
- /usr/bin/apt
  apt install twine
  2⤵
  - Writes file to tmp directory
  PID:361
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:366
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:367
- - /usr/lib/apt/methods/http
    /usr/lib/apt/methods/http
    3⤵
    PID:368
- /bin/rm
  rm "dist/*"
  2⤵
  PID:369

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads