Overview

overview

3

Static

static

3

56元1年_...��.url

windows7-x64

1

56元1年_...��.url

windows10-2004-x64

1

jetbra/ja-...er.jar

windows7-x64

1

jetbra/ja-...er.jar

windows10-2004-x64

1

jetbra/plu...ns.jar

windows7-x64

1

jetbra/plu...ns.jar

windows10-2004-x64

1

jetbra/plu...me.jar

windows7-x64

1

jetbra/plu...me.jar

windows10-2004-x64

1

jetbra/plu...er.jar

windows7-x64

1

jetbra/plu...er.jar

windows10-2004-x64

1

jetbra/plu...rl.jar

windows7-x64

1

jetbra/plu...rl.jar

windows10-2004-x64

1

jetbra/scr...rs.vbs

windows7-x64

1

jetbra/scr...rs.vbs

windows10-2004-x64

3

jetbra/scr...er.vbs

windows7-x64

1

jetbra/scr...er.vbs

windows10-2004-x64

1

jetbra/scr...all.sh

ubuntu-18.04-amd64

3

jetbra/scr...all.sh

debian-9-armhf

3

jetbra/scr...all.sh

debian-9-mips

1

jetbra/scr...all.sh

debian-9-mipsel

3

jetbra/scr...rs.vbs

windows7-x64

3

jetbra/scr...rs.vbs

windows10-2004-x64

3

jetbra/scr...er.vbs

windows7-x64

1

jetbra/scr...er.vbs

windows10-2004-x64

1

jetbra/scr...all.sh

ubuntu-18.04-amd64

3

jetbra/scr...all.sh

debian-9-armhf

3

jetbra/scr...all.sh

debian-9-mips

3

jetbra/scr...all.sh

debian-9-mipsel

3

使用说�...��.pdf

windows7-x64

1

使用说�...��.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    3s
  • max time network
    134s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20230621-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20230621-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    17-08-2023 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jetbra/scripts/uninstall.sh

  • Size

    1KB

  • MD5

    f8d12ad74edc1df03c1d71e723cf7317

  • SHA1

    437f66132747f12edaa30d81052b08f8ce99e7ed

  • SHA256

    ec93dfcdf02f00f21bff552e3ee6899850877a8cc7dd08033d474050ac67a956

  • SHA512

    5c46956b4497856e881b27aaa2f3306fa7922af180b52aacd1cc4f7881b5ee05d22d02688079cae836d588aacf6592dc2cbcad08fa03925302d20317034031c0

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 3 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/jetbra/scripts/uninstall.sh
    /tmp/jetbra/scripts/uninstall.sh
    1⤵
      PID:603
      • /bin/uname
        uname -s
        2⤵
          PID:604
        • /usr/bin/touch
          touch /.profile
          2⤵
            PID:605
          • /usr/bin/touch
            touch /.bashrc
            2⤵
              PID:606
            • /usr/bin/touch
              touch /.zshrc
              2⤵
                PID:607
              • /bin/rm
                rm -rf /.jetbrains.vmoptions.sh
                2⤵
                  PID:608
                • /bin/sed
                  sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.profile
                  2⤵
                  • Reads runtime system information
                  PID:609
                • /bin/sed
                  sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.bashrc
                  2⤵
                  • Reads runtime system information
                  PID:610
                • /bin/sed
                  sed -i "/___MY_VMOPTIONS_SHELL_FILE=\"\${HOME}\\/\\.jetbrains\\.vmoptions\\.sh\"; if /d" /.zshrc
                  2⤵
                  • Reads runtime system information
                  PID:611
                • /bin/rm
                  rm -rf /.config/plasma-workspace/env/jetbrains.vmoptions.sh
                  2⤵
                    PID:612

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads