d9d004e55744800cf40a6a448fa3ca1f6fd691786b6bbf79c583f90cc22b6139

Analysis

max time kernel
103s
max time network
103s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
11/10/2023, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

timer.sh
Size

1KB
MD5

4c59290399e5f4051d24999fa1dc64f2
SHA1

2f90e1631643e4dcb342f6181d1488459bfff0a0
SHA256

d9d004e55744800cf40a6a448fa3ca1f6fd691786b6bbf79c583f90cc22b6139
SHA512

56aeb169e1c7ead2becfc35938e7c6a04fe44a00bb0a1aa0312ed220ec800807e21a0f02dcc1283a2d21234a36d26e7fe85231ae664b6f043d7530e7d7e31e45

Score

3^/10

Malware Config

Signatures

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	find

/tmp/timer.sh
/tmp/timer.sh
1⤵
PID:597
- /bin/rm
  rm -rf "/root/Documents/*"
  2⤵
  PID:598
- /bin/rm
  rm -rf "/root/Desktop/*"
  2⤵
  PID:599
- /bin/rm
  rm -rf "/root/Downloads/*"
  2⤵
  PID:600
- /usr/bin/find
  find . -type f
  2⤵
  - Reads runtime system information
  PID:601
- /usr/bin/basename
  basename ./timer.sh
  2⤵
  PID:602
- /usr/bin/clear
  clear
  2⤵
  PID:603
- /bin/sleep
  sleep 1
  2⤵
  PID:604
- /usr/bin/clear
  clear
  2⤵
  PID:610
- /bin/sleep
  sleep 1
  2⤵
  PID:611
- /usr/bin/clear
  clear
  2⤵
  PID:612
- /bin/sleep
  sleep 1
  2⤵
  PID:613
- /usr/bin/clear
  clear
  2⤵
  PID:614
- /bin/sleep
  sleep 1
  2⤵
  PID:615
- /usr/bin/clear
  clear
  2⤵
  PID:616
- /bin/sleep
  sleep 1
  2⤵
  PID:617
- /usr/bin/clear
  clear
  2⤵
  PID:618
- /bin/sleep
  sleep 1
  2⤵
  PID:619
- /usr/bin/clear
  clear
  2⤵
  PID:620
- /bin/sleep
  sleep 1
  2⤵
  PID:621
- /usr/bin/clear
  clear
  2⤵
  PID:622
- /bin/sleep
  sleep 1
  2⤵
  PID:623
- /usr/bin/clear
  clear
  2⤵
  PID:624
- /bin/sleep
  sleep 1
  2⤵
  PID:625
- /usr/bin/clear
  clear
  2⤵
  PID:626
- /bin/sleep
  sleep 1
  2⤵
  PID:627
- /usr/bin/clear
  clear
  2⤵
  PID:628
- /bin/sleep
  sleep 1
  2⤵
  PID:629
- /usr/bin/clear
  clear
  2⤵
  PID:630
- /bin/sleep
  sleep 1
  2⤵
  PID:631
- /usr/bin/clear
  clear
  2⤵
  PID:632
- /bin/sleep
  sleep 1
  2⤵
  PID:633
- /usr/bin/clear
  clear
  2⤵
  PID:634
- /bin/sleep
  sleep 1
  2⤵
  PID:635
- /usr/bin/clear
  clear
  2⤵
  PID:636
- /bin/sleep
  sleep 1
  2⤵
  PID:637
- /usr/bin/clear
  clear
  2⤵
  PID:638
- /bin/sleep
  sleep 1
  2⤵
  PID:639
- /usr/bin/clear
  clear
  2⤵
  PID:640
- /bin/sleep
  sleep 1
  2⤵
  PID:641
- /usr/bin/clear
  clear
  2⤵
  PID:642
- /bin/sleep
  sleep 1
  2⤵
  PID:643
- /usr/bin/clear
  clear
  2⤵
  PID:644
- /bin/sleep
  sleep 1
  2⤵
  PID:645
- /usr/bin/clear
  clear
  2⤵
  PID:646
- /bin/sleep
  sleep 1
  2⤵
  PID:647
- /usr/bin/clear
  clear
  2⤵
  PID:648
- /bin/sleep
  sleep 1
  2⤵
  PID:649
- /usr/bin/clear
  clear
  2⤵
  PID:650
- /bin/sleep
  sleep 1
  2⤵
  PID:651
- /usr/bin/clear
  clear
  2⤵
  PID:652
- /bin/sleep
  sleep 1
  2⤵
  PID:653
- /usr/bin/clear
  clear
  2⤵
  PID:654
- /bin/sleep
  sleep 1
  2⤵
  PID:655
- /usr/bin/clear
  clear
  2⤵
  PID:658
- /bin/sleep
  sleep 1
  2⤵
  PID:659
- /usr/bin/clear
  clear
  2⤵
  PID:660
- /bin/sleep
  sleep 1
  2⤵
  PID:661
- /usr/bin/clear
  clear
  2⤵
  PID:662
- /bin/sleep
  sleep 1
  2⤵
  PID:663
- /usr/bin/clear
  clear
  2⤵
  PID:664
- /bin/sleep
  sleep 1
  2⤵
  PID:665
- /usr/bin/clear
  clear
  2⤵
  PID:666
- /bin/sleep
  sleep 1
  2⤵
  PID:667
- /usr/bin/clear
  clear
  2⤵
  PID:668
- /bin/sleep
  sleep 1
  2⤵
  PID:669
- /usr/bin/clear
  clear
  2⤵
  PID:670
- /bin/sleep
  sleep 1
  2⤵
  PID:671
- /usr/bin/clear
  clear
  2⤵
  PID:672
- /bin/sleep
  sleep 1
  2⤵
  PID:673
- /usr/bin/clear
  clear
  2⤵
  PID:674
- /bin/sleep
  sleep 1
  2⤵
  PID:675
- /usr/bin/clear
  clear
  2⤵
  PID:676
- /bin/sleep
  sleep 1
  2⤵
  PID:677
- /usr/bin/clear
  clear
  2⤵
  PID:678
- /bin/sleep
  sleep 1
  2⤵
  PID:679
- /usr/bin/clear
  clear
  2⤵
  PID:680
- /bin/sleep
  sleep 1
  2⤵
  PID:681
- /usr/bin/clear
  clear
  2⤵
  PID:682
- /bin/sleep
  sleep 1
  2⤵
  PID:683
- /usr/bin/clear
  clear
  2⤵
  PID:684
- /bin/sleep
  sleep 1
  2⤵
  PID:685
- /usr/bin/clear
  clear
  2⤵
  PID:686
- /bin/sleep
  sleep 1
  2⤵
  PID:687
- /usr/bin/clear
  clear
  2⤵
  PID:688
- /bin/sleep
  sleep 1
  2⤵
  PID:689
- /usr/bin/clear
  clear
  2⤵
  PID:690
- /bin/sleep
  sleep 1
  2⤵
  PID:691
- /usr/bin/clear
  clear
  2⤵
  PID:692
- /bin/sleep
  sleep 1
  2⤵
  PID:693
- /usr/bin/clear
  clear
  2⤵
  PID:694
- /bin/sleep
  sleep 1
  2⤵
  PID:695
- /usr/bin/clear
  clear
  2⤵
  PID:696
- /bin/sleep
  sleep 1
  2⤵
  PID:697
- /usr/bin/clear
  clear
  2⤵
  PID:698
- /bin/sleep
  sleep 1
  2⤵
  PID:699
- /usr/bin/clear
  clear
  2⤵
  PID:700
- /bin/sleep
  sleep 1
  2⤵
  PID:701
- /usr/bin/clear
  clear
  2⤵
  PID:702
- /bin/sleep
  sleep 1
  2⤵
  PID:703
- /usr/bin/clear
  clear
  2⤵
  PID:704
- /bin/sleep
  sleep 1
  2⤵
  PID:705
- /usr/bin/clear
  clear
  2⤵
  PID:706
- /bin/sleep
  sleep 1
  2⤵
  PID:707
- /usr/bin/clear
  clear
  2⤵
  PID:708
- /bin/sleep
  sleep 1
  2⤵
  PID:709
- /usr/bin/clear
  clear
  2⤵
  PID:710
- /bin/sleep
  sleep 1
  2⤵
  PID:711
- /usr/bin/clear
  clear
  2⤵
  PID:712
- /bin/sleep
  sleep 1
  2⤵
  PID:713
- /usr/bin/clear
  clear
  2⤵
  PID:714
- /bin/sleep
  sleep 1
  2⤵
  PID:715
- /usr/bin/clear
  clear
  2⤵
  PID:716
- /bin/sleep
  sleep 1
  2⤵
  PID:717
- /usr/bin/clear
  clear
  2⤵
  PID:718
- /bin/sleep
  sleep 1
  2⤵
  PID:719
- /usr/bin/clear
  clear
  2⤵
  PID:720
- /bin/sleep
  sleep 1
  2⤵
  PID:721
- /usr/bin/clear
  clear
  2⤵
  PID:722
- /bin/sleep
  sleep 1
  2⤵
  PID:723
- /usr/bin/clear
  clear
  2⤵
  PID:724
- /bin/sleep
  sleep 1
  2⤵
  PID:725
- /usr/bin/clear
  clear
  2⤵
  PID:726
- /bin/sleep
  sleep 1
  2⤵
  PID:727
- /usr/bin/clear
  clear
  2⤵
  PID:728
- /bin/sleep
  sleep 1
  2⤵
  PID:729
- /usr/bin/clear
  clear
  2⤵
  PID:730
- /bin/sleep
  sleep 1
  2⤵
  PID:731
- /usr/bin/clear
  clear
  2⤵
  PID:732
- /bin/sleep
  sleep 1
  2⤵
  PID:733
- /usr/bin/clear
  clear
  2⤵
  PID:734
- /bin/sleep
  sleep 1
  2⤵
  PID:735
- /usr/bin/clear
  clear
  2⤵
  PID:736
- /bin/sleep
  sleep 1
  2⤵
  PID:737
- /usr/bin/clear
  clear
  2⤵
  PID:738
- /bin/sleep
  sleep 1
  2⤵
  PID:739
- /usr/bin/clear
  clear
  2⤵
  PID:740
- /bin/sleep
  sleep 1
  2⤵
  PID:741
- /usr/bin/clear
  clear
  2⤵
  PID:742
- /bin/sleep
  sleep 1
  2⤵
  PID:743
- /usr/bin/clear
  clear
  2⤵
  PID:744
- /bin/sleep
  sleep 1
  2⤵
  PID:745
- /usr/bin/clear
  clear
  2⤵
  PID:746
- /bin/sleep
  sleep 1
  2⤵
  PID:747
- /usr/bin/clear
  clear
  2⤵
  PID:748
- /bin/sleep
  sleep 1
  2⤵
  PID:749
- /usr/bin/clear
  clear
  2⤵
  PID:750
- /bin/sleep
  sleep 1
  2⤵
  PID:751
- /usr/bin/clear
  clear
  2⤵
  PID:752
- /bin/sleep
  sleep 1
  2⤵
  PID:753
- /usr/bin/clear
  clear
  2⤵
  PID:754
- /bin/sleep
  sleep 1
  2⤵
  PID:755
- /usr/bin/clear
  clear
  2⤵
  PID:756
- /bin/sleep
  sleep 1
  2⤵
  PID:757
- /usr/bin/clear
  clear
  2⤵
  PID:758
- /bin/sleep
  sleep 1
  2⤵
  PID:759
- /usr/bin/clear
  clear
  2⤵
  PID:760
- /bin/sleep
  sleep 1
  2⤵
  PID:761
- /usr/bin/clear
  clear
  2⤵
  PID:762
- /bin/sleep
  sleep 1
  2⤵
  PID:763
- /usr/bin/clear
  clear
  2⤵
  PID:764
- /bin/sleep
  sleep 1
  2⤵
  PID:765
- /usr/bin/clear
  clear
  2⤵
  PID:766
- /bin/sleep
  sleep 1
  2⤵
  PID:767
- /usr/bin/clear
  clear
  2⤵
  PID:768
- /bin/sleep
  sleep 1
  2⤵
  PID:769
- /usr/bin/clear
  clear
  2⤵
  PID:770
- /bin/sleep
  sleep 1
  2⤵
  PID:771
- /usr/bin/clear
  clear
  2⤵
  PID:772
- /bin/sleep
  sleep 1
  2⤵
  PID:773
- /usr/bin/clear
  clear
  2⤵
  PID:774
- /bin/sleep
  sleep 1
  2⤵
  PID:775
- /usr/bin/clear
  clear
  2⤵
  PID:776
- /bin/sleep
  sleep 1
  2⤵
  PID:777
- /usr/bin/clear
  clear
  2⤵
  PID:778
- /bin/sleep
  sleep 1
  2⤵
  PID:779
- /usr/bin/clear
  clear
  2⤵
  PID:780
- /bin/sleep
  sleep 1
  2⤵
  PID:781
- /usr/bin/clear
  clear
  2⤵
  PID:782
- /bin/sleep
  sleep 1
  2⤵
  PID:783
- /usr/bin/clear
  clear
  2⤵
  PID:784
- /bin/sleep
  sleep 1
  2⤵
  PID:785
- /usr/bin/clear
  clear
  2⤵
  PID:786
- /bin/sleep
  sleep 1
  2⤵
  PID:787
- /usr/bin/clear
  clear
  2⤵
  PID:788
- /bin/sleep
  sleep 1
  2⤵
  PID:789
- /usr/bin/clear
  clear
  2⤵
  PID:790
- /bin/sleep
  sleep 1
  2⤵
  PID:791
- /usr/bin/clear
  clear
  2⤵
  PID:792
- /bin/sleep
  sleep 1
  2⤵
  PID:793
- /usr/bin/clear
  clear
  2⤵
  PID:794
- /bin/sleep
  sleep 1
  2⤵
  PID:795
- /usr/bin/clear
  clear
  2⤵
  PID:796

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads