b17d10408e97c9211d0f1f34f9592c2823c5982760209d30cff2ae263b96efc3

Analysis

max time kernel
45s
max time network
91s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231222-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
31/12/2023, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eclipse-grabber-main/setup-files/setup-lin.sh
Size

610B
MD5

bcc4b937a5f5c30a63ca55acbc45a3b0
SHA1

2b8c3ae59711036263d94367e9a8b470c91546fc
SHA256

c9309b50bc9ef89f4dae68e5e0c4d57855e1050aea2b4eeddd8cf5f6b762ee27
SHA512

585d4cf31921eb79b06bb285761bfb80c7337636d1a7074dbdc4d59f022466f6991dc28a31e9d5289745e140413c7b5f4ff104578b7ad91289f871c9bc90a2b4

Score

3^/10

Malware Config

Signatures

Reads runtime system information 60 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	id
File opened for reading	/proc/1/sched	systemctl
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	Process not Found
File opened for reading	/proc/sys/kernel/osrelease	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/sys/kernel/ngroups_max	apt-get
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg

Writes file to tmp directory 44 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/fileutl.message.LBP3zp	apt-get
File opened for modification	/tmp/fileutl.message.zo4jUV	apt-get
File opened for modification	/tmp/apt.conf.lhw7gW	Process not Found
File opened for modification	/tmp/apt.data.jhAh9b	Process not Found
File opened for modification	/tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.orig.gpg	cp
File opened for modification	/tmp/apt-key-gpghome.cPVq42twZ6/pubring.gpg	touch
File opened for modification	/tmp/apt.conf.UkkqHT	Process not Found
File opened for modification	/tmp/fileutl.message.pX4rfs	apt-get
File opened for modification	/tmp/fileutl.message.5NjO43	apt-get
File opened for modification	/tmp/fileutl.message.tCcXwc	apt-get
File opened for modification	/tmp/fileutl.message.V6Hiof	apt-get
File opened for modification	/tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.gpg	apt-key
File opened for modification	/tmp/apt.sig.SKhzs5	Process not Found
File opened for modification	/tmp/fileutl.message.PN4UAY	apt-get
File opened for modification	/tmp/fileutl.message.1O7MWu	apt-get
File opened for modification	/tmp/apt-key-gpghome.0i0l5Nvcpj/gpg.1.sh	apt-key
File opened for modification	/tmp/apt.conf.aedzzm	Process not Found
File opened for modification	/tmp/apt-key-gpghome.bXFBOOpEfJ/pubring.orig.gpg	cp
File opened for modification	/tmp/apt-key-gpghome.YmClh9lbnF/pubring.gpg	touch
File opened for modification	/tmp/fileutl.message.1wjO6F	apt-get
File opened for modification	/tmp/fileutl.message.ZBXsXI	apt-get
File opened for modification	/tmp/apt.sig.jHBadz	Process not Found
File opened for modification	/tmp/apt-key-gpghome.cPVq42twZ6/pubring.orig.gpg	cp
File opened for modification	/tmp/apt-key-gpghome.cPVq42twZ6/gpg.1.sh	apt-key
File opened for modification	/tmp/fileutl.message.9VwvrL	apt-get
File opened for modification	/tmp/apt.conf.vmFzci	Process not Found
File opened for modification	/tmp/fileutl.message.j8evj1	apt-get
File opened for modification	/tmp/fileutl.message.Vi9690	apt-get
File opened for modification	/tmp/apt.data.5KsVV0	Process not Found
File opened for modification	/tmp/fileutl.message.NYX0WE	apt-get
File opened for modification	/tmp/fileutl.message.7cyxGx	apt-get
File opened for modification	/tmp/fileutl.message.ZRs1G9	apt-get
File opened for modification	/tmp/apt.data.aRFzlO	Process not Found
File opened for modification	/tmp/apt.sig.E9cRkN	Process not Found
File opened for modification	/tmp/fileutl.message.RzkptA	apt-get
File opened for modification	/tmp/fileutl.message.bwNjS6	apt-get
File opened for modification	/tmp/fileutl.message.9QBwhD	apt-get
File opened for modification	/tmp/apt-key-gpghome.bXFBOOpEfJ/pubring.gpg	apt-key
File opened for modification	/tmp/apt-key-gpghome.bXFBOOpEfJ/gpg.1.sh	apt-key
File opened for modification	/tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.gpg	touch
File opened for modification	/tmp/apt-key-gpghome.cPVq42twZ6/pubring.gpg	apt-key
File opened for modification	/tmp/apt.sig.wNpfz9	Process not Found
File opened for modification	/tmp/apt-key-gpghome.bXFBOOpEfJ/pubring.gpg	touch
File opened for modification	/tmp/apt.data.6FuiYG	Process not Found

/tmp/eclipse-grabber-main/setup-files/setup-lin.sh
/tmp/eclipse-grabber-main/setup-files/setup-lin.sh
1⤵
PID:1559

/usr/local/sbin/bash
bash /tmp/eclipse-grabber-main/setup-files/setup-lin.sh
1⤵
PID:1559

/usr/local/bin/bash
bash /tmp/eclipse-grabber-main/setup-files/setup-lin.sh
1⤵
PID:1559

/usr/sbin/bash
bash /tmp/eclipse-grabber-main/setup-files/setup-lin.sh
1⤵
PID:1559

/usr/bin/bash
bash /tmp/eclipse-grabber-main/setup-files/setup-lin.sh
1⤵
PID:1559

/sbin/bash
bash /tmp/eclipse-grabber-main/setup-files/setup-lin.sh
1⤵
PID:1559

/bin/bash
bash /tmp/eclipse-grabber-main/setup-files/setup-lin.sh
1⤵
PID:1559
- /bin/rm
  rm /var/lib/dpkg/lock
  2⤵
  PID:1560
- /bin/rm
  rm /var/cache/apt/archives/lock
  2⤵
  PID:1561
- /bin/rm
  rm /var/lib/apt/lists/lock
  2⤵
  PID:1562
- /usr/bin/sudo
  sudo dpkg --add-architecture i386
  2⤵
  - Reads runtime system information
  PID:1563
- - /usr/bin/dpkg
    dpkg --add-architecture i386
    3⤵
    - Reads runtime system information
    PID:1564
- /usr/bin/sudo
  sudo apt-get update
  2⤵
  - Reads runtime system information
  PID:1565
- - /usr/bin/apt-get
    apt-get update
    3⤵
    - Reads runtime system information
    - Writes file to tmp directory
    PID:1566
  - - /usr/bin/dpkg
      /usr/bin/dpkg --print-foreign-architectures
      4⤵
      Reads runtime system information
      PID:1567
  - - /usr/lib/apt/methods/http
      /usr/lib/apt/methods/http
      4⤵
      PID:1568
  - - /usr/lib/apt/methods/http
      /usr/lib/apt/methods/http
      4⤵
      PID:1579
  - - /usr/lib/apt/methods/http
      /usr/lib/apt/methods/http
      4⤵
      PID:1580
  - - /usr/lib/apt/methods/gpgv
      /usr/lib/apt/methods/gpgv
      4⤵
      PID:1594
  - - /usr/lib/apt/methods/gpgv
      /usr/lib/apt/methods/gpgv
      4⤵
      PID:1595

/bin/sh
sh -c "[ ! -e /run/systemd/system ] || [ \$(id -u) -ne 0 ] || systemctl start --no-block apt-news.service esm-cache.service || true"
1⤵
PID:1570
- /usr/bin/id
  id -u
  2⤵
  - Reads runtime system information
  PID:1571
- /bin/systemctl
  systemctl start --no-block apt-news.service esm-cache.service
  2⤵
  - Reads runtime system information
  PID:1572

/usr/bin/apt-key
/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.jHBadz /tmp/apt.data.jhAh9b
1⤵
- Writes file to tmp directory
PID:1597
- /usr/bin/apt-config
  apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
  2⤵
  PID:1599
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1600
- /usr/bin/apt-config
  apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
  2⤵
  PID:1601
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1602
- /usr/bin/apt-config
  apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
  2⤵
  PID:1603
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1604
- /usr/bin/apt-config
  apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
  2⤵
  PID:1605
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1606
- /usr/bin/apt-config
  apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
  2⤵
  PID:1607
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1608
- /usr/bin/apt-config
  apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
  2⤵
  PID:1609
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1610
- /usr/bin/apt-config
  apt-config shell GPGV Apt::Key::gpgvcommand
  2⤵
  PID:1612
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1613
- /bin/mktemp
  mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
  2⤵
  PID:1614
- /bin/chmod
  chmod 700 /tmp/apt-key-gpghome.0i0l5Nvcpj
  2⤵
  PID:1615
- /bin/readlink
  readlink -f /tmp/apt-key-gpghome.0i0l5Nvcpj
  2⤵
  PID:1616
- /bin/rm
  rm -f /tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.gpg
  2⤵
  PID:1617
- /usr/bin/touch
  touch /tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.gpg
  2⤵
  - Writes file to tmp directory
  PID:1618
- /usr/bin/apt-config
  apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
  2⤵
  PID:1619
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1620
- /bin/readlink
  readlink -f /etc/apt/trusted.gpg.d/
  2⤵
  PID:1621
- /usr/bin/find
  find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
  2⤵
  - Reads runtime system information
  PID:1622
- /usr/bin/cmp
  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
  2⤵
  PID:1627
- /bin/cat
  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
  2⤵
  PID:1629
- /usr/bin/cmp
  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
  2⤵
  PID:1631
- /bin/cat
  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
  2⤵
  PID:1633
- /usr/bin/cmp
  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
  2⤵
  PID:1635
- /bin/cat
  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
  2⤵
  PID:1637
- /bin/cp
  cp -a /tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.gpg /tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.orig.gpg
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1638
- /usr/bin/gpgv
  gpgv --homedir /tmp/apt-key-gpghome.0i0l5Nvcpj --keyring /tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.jHBadz /tmp/apt.data.jhAh9b
  2⤵
  PID:1645
- /usr/bin/gpgconf
  gpgconf --kill all
  2⤵
  PID:1646
- - /usr/bin/gpg-connect-agent
    gpg-connect-agent --no-autostart KILLAGENT
    3⤵
    PID:1647
- - /usr/bin/gpg-connect-agent
    gpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end
    3⤵
    PID:1648
- - /usr/bin/gpg-connect-agent
    gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
    3⤵
    PID:1649
- /bin/rm
  rm -rf /tmp/apt-key-gpghome.0i0l5Nvcpj
  2⤵
  PID:1650

/usr/bin/sort
sort
1⤵
PID:1625

/bin/sed
sed -e "s#'#'\"'\"'#g"
1⤵
- Reads runtime system information
PID:1641

/bin/sed
sed -e "s#'#'\"'\"'#g"
1⤵
- Reads runtime system information
PID:1644

/usr/bin/apt-key
/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.SKhzs5 /tmp/apt.data.aRFzlO
1⤵
- Writes file to tmp directory
PID:1661
- /usr/bin/apt-config
  apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
  2⤵
  PID:1663
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1664
- /usr/bin/apt-config
  apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
  2⤵
  PID:1665
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1666
- /usr/bin/apt-config
  apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
  2⤵
  PID:1667
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1668
- /usr/bin/apt-config
  apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
  2⤵
  PID:1669
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1670
- /usr/bin/apt-config
  apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
  2⤵
  PID:1671
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1672
- /usr/bin/apt-config
  apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
  2⤵
  PID:1673
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1674
- /usr/bin/apt-config
  apt-config shell GPGV Apt::Key::gpgvcommand
  2⤵
  PID:1676
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1677
- /bin/mktemp
  mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
  2⤵
  PID:1678
- /bin/chmod
  chmod 700 /tmp/apt-key-gpghome.cPVq42twZ6
  2⤵
  PID:1679
- /bin/readlink
  readlink -f /tmp/apt-key-gpghome.cPVq42twZ6
  2⤵
  PID:1680
- /bin/rm
  rm -f /tmp/apt-key-gpghome.cPVq42twZ6/pubring.gpg
  2⤵
  PID:1681
- /usr/bin/touch
  touch /tmp/apt-key-gpghome.cPVq42twZ6/pubring.gpg
  2⤵
  - Writes file to tmp directory
  PID:1682
- /usr/bin/apt-config
  apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
  2⤵
  PID:1683
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1684
- /bin/readlink
  readlink -f /etc/apt/trusted.gpg.d/
  2⤵
  PID:1685
- /usr/bin/find
  find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
  2⤵
  - Reads runtime system information
  PID:1686
- /usr/bin/cmp
  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
  2⤵
  PID:1691
- /bin/cat
  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
  2⤵
  PID:1693
- /usr/bin/cmp
  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
  2⤵
  PID:1695
- /bin/cat
  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
  2⤵
  PID:1697
- /usr/bin/cmp
  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
  2⤵
  PID:1699
- /bin/cat
  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
  2⤵
  PID:1701
- /bin/cp
  cp -a /tmp/apt-key-gpghome.cPVq42twZ6/pubring.gpg /tmp/apt-key-gpghome.cPVq42twZ6/pubring.orig.gpg
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1702
- /usr/bin/gpgv
  gpgv --homedir /tmp/apt-key-gpghome.cPVq42twZ6 --keyring /tmp/apt-key-gpghome.cPVq42twZ6/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.SKhzs5 /tmp/apt.data.aRFzlO
  2⤵
  PID:1709
- /usr/bin/gpgconf
  gpgconf --kill all
  2⤵
  PID:1710
- - /usr/bin/gpg-connect-agent
    gpg-connect-agent --no-autostart KILLAGENT
    3⤵
    PID:1711
- - /usr/bin/gpg-connect-agent
    gpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end
    3⤵
    PID:1712
- - /usr/bin/gpg-connect-agent
    gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
    3⤵
    PID:1713
- /bin/rm
  rm -rf /tmp/apt-key-gpghome.cPVq42twZ6
  2⤵
  PID:1714

/usr/bin/sort
sort
1⤵
PID:1689

/bin/sed
sed -e "s#'#'\"'\"'#g"
1⤵
- Reads runtime system information
PID:1705

/bin/sed
sed -e "s#'#'\"'\"'#g"
1⤵
- Reads runtime system information
PID:1708

/usr/bin/apt-key
/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.wNpfz9 /tmp/apt.data.5KsVV0
1⤵
- Writes file to tmp directory
PID:1722
- /usr/bin/apt-config
  apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
  2⤵
  PID:1724
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1725
- /usr/bin/apt-config
  apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
  2⤵
  PID:1726
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1727
- /usr/bin/apt-config
  apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
  2⤵
  PID:1728
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1729
- /usr/bin/apt-config
  apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
  2⤵
  PID:1730
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1731
- /usr/bin/apt-config
  apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
  2⤵
  PID:1732
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1733
- /usr/bin/apt-config
  apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
  2⤵
  PID:1734
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1735
- /usr/bin/apt-config
  apt-config shell GPGV Apt::Key::gpgvcommand
  2⤵
  PID:1737
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1738
- /bin/mktemp
  mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
  2⤵
  PID:1739
- /bin/chmod
  chmod 700 /tmp/apt-key-gpghome.bXFBOOpEfJ
  2⤵
  PID:1740
- /bin/readlink
  readlink -f /tmp/apt-key-gpghome.bXFBOOpEfJ
  2⤵
  PID:1741
- /bin/rm
  rm -f /tmp/apt-key-gpghome.bXFBOOpEfJ/pubring.gpg
  2⤵
  PID:1742
- /usr/bin/touch
  touch /tmp/apt-key-gpghome.bXFBOOpEfJ/pubring.gpg
  2⤵
  - Writes file to tmp directory
  PID:1743
- /usr/bin/apt-config
  apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
  2⤵
  PID:1744
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1745
- /bin/readlink
  readlink -f /etc/apt/trusted.gpg.d/
  2⤵
  PID:1746
- /usr/bin/find
  find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
  2⤵
  - Reads runtime system information
  PID:1747
- /usr/bin/cmp
  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
  2⤵
  PID:1752
- /bin/cat
  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
  2⤵
  PID:1754
- /usr/bin/cmp
  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
  2⤵
  PID:1756
- /bin/cat
  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
  2⤵
  PID:1758
- /usr/bin/cmp
  cmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
  2⤵
  PID:1760
- /bin/cat
  cat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
  2⤵
  PID:1762
- /bin/cp
  cp -a /tmp/apt-key-gpghome.bXFBOOpEfJ/pubring.gpg /tmp/apt-key-gpghome.bXFBOOpEfJ/pubring.orig.gpg
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1763
- /usr/bin/gpgv
  gpgv --homedir /tmp/apt-key-gpghome.bXFBOOpEfJ --keyring /tmp/apt-key-gpghome.bXFBOOpEfJ/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.wNpfz9 /tmp/apt.data.5KsVV0
  2⤵
  PID:1770
- /usr/bin/gpgconf
  gpgconf --kill all
  2⤵
  PID:1771
- - /usr/bin/gpg-connect-agent
    gpg-connect-agent --no-autostart KILLAGENT
    3⤵
    PID:1772
- - /usr/bin/gpg-connect-agent
    gpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end
    3⤵
    PID:1773
- - /usr/bin/gpg-connect-agent
    gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
    3⤵
    PID:1774
- /bin/rm
  rm -rf /tmp/apt-key-gpghome.bXFBOOpEfJ
  2⤵
  PID:1775

/usr/bin/sort
sort
1⤵
PID:1750

/bin/sed
sed -e "s#'#'\"'\"'#g"
1⤵
- Reads runtime system information
PID:1766

/bin/sed
sed -e "s#'#'\"'\"'#g"
1⤵
- Reads runtime system information
PID:1769

/usr/bin/apt-key
/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.E9cRkN /tmp/apt.data.6FuiYG
1⤵
PID:1777
- /usr/bin/apt-config
  apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
  2⤵
  PID:1779
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1780
- /usr/bin/apt-config
  apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
  2⤵
  PID:1781
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1782
- /usr/bin/apt-config
  apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
  2⤵
  PID:1783
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1784
- /usr/bin/apt-config
  apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
  2⤵
  PID:1785
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1786
- /usr/bin/apt-config
  apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
  2⤵
  PID:1787
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1788
- /usr/bin/apt-config
  apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
  2⤵
  PID:1789
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1790
- /usr/bin/apt-config
  apt-config shell GPGV Apt::Key::gpgvcommand
  2⤵
  PID:1792
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:1793
- /bin/mktemp
  mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
  2⤵
  PID:1794
- /bin/chmod
  chmod 700 /tmp/apt-key-gpghome.YmClh9lbnF
  2⤵
  PID:1795
- /bin/readlink
  readlink -f /tmp/apt-key-gpghome.YmClh9lbnF
  2⤵
  PID:1796
- /bin/rm
  rm -f /tmp/apt-key-gpghome.YmClh9lbnF/pubring.gpg
  2⤵
  PID:1797
- /usr/bin/touch
  touch /tmp/apt-key-gpghome.YmClh9lbnF/pubring.gpg
  2⤵
  - Writes file to tmp directory
  PID:1799
- /usr/bin/apt-config
  apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
  2⤵
  PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/apt-key-gpghome.0i0l5Nvcpj/gpg.1.sh

Filesize
82B

MD5
fa76e66b37ef5cf72b946d8f9b56a9c7

SHA1
766b5268c3989c7098eb2ce7c34350cd0f658121

SHA256
964a1bbbbb718bcc3773122f66485fbd5684d405c4f77bcdb20c152593c999c6

SHA512
80b6d5af026620ec767bdfae8039c871bb8b0e3a63a3e2ac95f6d462c2557eca7ca11e81c8d53b294bb2995fd1e940da4487858a8d5e044c68e543917f34afdd

Download Submit
/tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.gpg

Filesize
2KB

MD5
79650cd189f35a29603fc43202d399ad

SHA1
e3bdd5aec56b59d5eaff3f60caf46a6786fc7ff8

SHA256
5321d780da31a1fa35c044470ef849a2f6244048855fdc4c22e527b6366a0ef7

SHA512
34bad6f9713c5837d3139dcb3a49239373fe5c242f31c3ca539888d16c2d5e63074c806e700553bdf9b6879e3c2b48c835a900df4ff8dfa96afd041d2357733e

Download Submit
/tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.gpg

Filesize
5KB

MD5
34aa70714b28c0918716b6ce3bdb945e

SHA1
5c7cd1296bc98e2ea0e221beb45f8cbe65dd3016

SHA256
30ffc1b01e43be791a595d5125e9ce283b206ca8dd299ea2149ee01d7a39895e

SHA512
f06340e985e01e7aa3a03dc662f4a084c835f0a39e3af40616851d80bfc5948786cf10a403811fb5c46a98f949e7cfdfc1bb481a5bdfda9376812566dc55140d

Download Submit
/tmp/apt-key-gpghome.0i0l5Nvcpj/pubring.gpg

Filesize
7KB

MD5
b3bf35c5e796db394a50f96b908b690f

SHA1
b1e90de4d9d88bac6c67926c0ff6263e3ef7c2d2

SHA256
cf419d6c58bea5f2586043ecbad4c44f27d6f6060e5be19993b857105a5be094

SHA512
a97f8881c83ddc681623e4f503f8f758afe85ae6c34e2339a635e9521ae1303aebb90a6bef7c1136b6bd2b7418facacf98643f24e8bb40f1f93fb8a8ef714a96

Download Submit
/tmp/apt-key-gpghome.bXFBOOpEfJ/gpg.1.sh

Filesize
82B

MD5
deb558f91e258a73f38196a3ac484428

SHA1
685d02bf1393ab11caa6a383f8430f66ac6fe61a

SHA256
cae78c4794336a81cfd8f91cdb93cdfb1bd980e05c18ad22fdf6a3ff45a3e193

SHA512
6e57ff7cc67ad45636c9b93e4c0767266d3425993251a03c00fd6d525861453ed692f8d89a9f34a1218996da17b189947f2551708e4911488b17e02d3472070c

Download Submit
/tmp/apt-key-gpghome.cPVq42twZ6/gpg.1.sh

Filesize
82B

MD5
cb5aad779f1e8ad198953ccdedba474d

SHA1
54a326f9ed118c7b6082e3719a18d26d19f4a810

SHA256
a35f907f2ef1ea8185d857d734d3ff3418db8fd3eec7d55ee4d987a31cfa8d82

SHA512
7341f9e257e8cfbb65b8a0c8cc5ed3fbd55b6807a75c6fff2593027529a216b0f7d9d3454057eb5bbc8aa34606c9311e589b7dda73e399e887d3d2023e525ca0

Download Submit
/tmp/apt.conf.lhw7gW

Filesize
13KB

MD5
a891283c0df8e0ea34a975f661f3cd05

SHA1
98fa350dfd68aef6f5fcf183b8b73a0db5d00314

SHA256
4739dd96ca08ce1e7db08f598df505be006b6c7337e01b05608d8174d0cc6012

SHA512
75b72ea767871815438522ece0e9906386e8f8317b36d42d6302ecef6f01cd0cc8649490d7abfb1a130183883bd7fc0f3e55356781c7ac9b3cafc1a445803596

Download Submit
/tmp/apt.sig.jHBadz

Filesize
819B

MD5
d5e6756b501abebfc16e6611e48606da

SHA1
a3270e96269204df29665bece4d3dd5947b38a9d

SHA256
c56395e30706b16a361d28d98758f356d404a32b9ad11cb684a108164197c4bb

SHA512
31a2d8307c1b898830b160234629c6ddd855cbc1e5f003013dff6b0681ca635ee83ee62e20fd404d667769d5f72d2fdc354e53266fd3584dab837f7c1f8ff55d

Download Submit
/tmp/fileutl.message.LBP3zp

Filesize
235KB

MD5
373fe2f2ef99005d2550a482f09a3e51

SHA1
68e6572b55b1e77f7d171ebac7b2579b7a6bd51d

SHA256
7552d5ab0c3879756a860aaab8e7c2f8ffb9409ea9ff9e65fc046ba5c519ebe5

SHA512
def9e854b824d2fddc6a15f898be73cfb679ac38563f5af854546f49c9d5d2316a40176dc41d6b360bda7b65de53863a53e4eedadf6336000b031b77a113607b

Download Submit
/var/lib/dpkg/arch-new

Filesize
11B

MD5
316d89ad577797b1b096fd75581f8a6e

SHA1
c8178651696abf51c9ecf025c675825d40f4ae0b

SHA256
279b0800c4410dee398be18200b897eb09071604ef455bce1f5f44283353e210

SHA512
bad946643693e35026ae7718e49c18df6fba2b046eb69d8d2d1f2e71a77a8b8261228c12485b90695116caf956437debe5345929ee7ccddcdebb85711f1e0a06

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads