Analysis
-
max time kernel
0s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
07/05/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
gather.sh
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral2
Sample
gather.sh
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral3
Sample
gather.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
gather.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
gather.sh
-
Size
20KB
-
MD5
393327be1a6e7077833b5f2e3cd0a942
-
SHA1
9b2ded8ff4138f7a6ac2c97998dcf892cbf4dd71
-
SHA256
52606b0a9624eb1dcd834eb3b926d0250bf2b514377d480f0e9b9c0fdcb708c5
-
SHA512
239c50c9a204343a342c58d7171148149b9055415ad86d540b43014a9e8abc7a8189d9345d1aa4f7e41226df3cfbcdd480173e759adceeb7cf8679e737929ceb
-
SSDEEP
192:WrH5cIvpT2iT4HDvJQDvT/gkd8SElga9xMXK5i3Yz3JnD9F+zXMPk:Wf+HDvqokd8SEluK5iYdM
Malware Config
Signatures
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/version cat File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems mkdir File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/sys/kernel/ngroups_max id File opened for reading /proc/filesystems id File opened for reading /proc/filesystems id
Processes
-
/tmp/gather.sh/tmp/gather.sh1⤵PID:1547
-
/bin/mkdirmkdir -p /tmp/report2⤵
- Reads runtime system information
PID:1548
-
-
/bin/catcat /proc/version2⤵
- Reads runtime system information
PID:1549
-
-
/bin/sedsed "s/metric.*\$//g"2⤵PID:1554
-
-
/bin/sedsed "s/^.*src //g"2⤵PID:1553
-
-
/bin/grepgrep -n "eth0\\s*proto\\s*kernel\\s*scope\\s*link\\s*src"2⤵PID:1552
-
-
/bin/ipip route show2⤵PID:1551
-
-
/usr/bin/cutcut -d: -f1 /etc/passwd2⤵PID:1557
-
-
/usr/bin/idid root2⤵
- Reads runtime system information
PID:1561
-
-
/usr/bin/idid daemon2⤵
- Reads runtime system information
PID:1562
-
-
/usr/bin/idid bin2⤵
- Reads runtime system information
PID:1563
-
-
/usr/bin/idid sys2⤵
- Reads runtime system information
PID:1564
-
-
/usr/bin/idid sync2⤵
- Reads runtime system information
PID:1565
-
-
/usr/bin/idid games2⤵
- Reads runtime system information
PID:1566
-
-
/usr/bin/idid man2⤵
- Reads runtime system information
PID:1567
-
-
/usr/bin/idid lp2⤵
- Reads runtime system information
PID:1568
-
-
/usr/bin/idid mail2⤵
- Reads runtime system information
PID:1569
-
-
/usr/bin/idid news2⤵
- Reads runtime system information
PID:1570
-
-
/usr/bin/idid uucp2⤵PID:1571
-
-
/usr/bin/idid proxy2⤵
- Reads runtime system information
PID:1572
-
-
/usr/bin/idid www-data2⤵
- Reads runtime system information
PID:1573
-
-
/usr/bin/idid backup2⤵
- Reads runtime system information
PID:1574
-
-
/usr/bin/idid list2⤵
- Reads runtime system information
PID:1575
-
-
/usr/bin/idid irc2⤵PID:1576
-
-
/usr/bin/idid gnats2⤵
- Reads runtime system information
PID:1577
-
-
/usr/bin/idid nobody2⤵
- Reads runtime system information
PID:1578
-
-
/usr/bin/idid systemd-network2⤵
- Reads runtime system information
PID:1579
-
-
/usr/bin/idid systemd-resolve2⤵
- Reads runtime system information
PID:1580
-
-
/usr/bin/idid syslog2⤵
- Reads runtime system information
PID:1581
-
-
/usr/bin/idid messagebus2⤵
- Reads runtime system information
PID:1582
-
-
/usr/bin/idid _apt2⤵
- Reads runtime system information
PID:1583
-
-
/usr/bin/idid uuidd2⤵PID:1584
-
-
/usr/bin/idid avahi-autoipd2⤵
- Reads runtime system information
PID:1585
-
-
/usr/bin/idid usbmux2⤵
- Reads runtime system information
PID:1586
-
-
/usr/bin/idid dnsmasq2⤵
- Reads runtime system information
PID:1587
-
-
/usr/bin/idid rtkit2⤵
- Reads runtime system information
PID:1588
-
-
/usr/bin/idid cups-pk-helper2⤵
- Reads runtime system information
PID:1589
-
-
/usr/bin/idid saned2⤵
- Reads runtime system information
PID:1590
-
-
/usr/bin/idid speech-dispatcher2⤵
- Reads runtime system information
PID:1592
-
-
/usr/bin/idid whoopsie2⤵
- Reads runtime system information
PID:1593
-
-
/usr/bin/idid colord2⤵
- Reads runtime system information
PID:1594
-
-
/usr/bin/idid kernoops2⤵
- Reads runtime system information
PID:1595
-
-
/usr/bin/idid pulse2⤵
- Reads runtime system information
PID:1596
-
-
/usr/bin/idid avahi2⤵
- Reads runtime system information
PID:1597
-
-
/usr/bin/idid hplip2⤵PID:1598
-
-
/usr/bin/idid geoclue2⤵
- Reads runtime system information
PID:1599
-
-
/usr/bin/idid gnome-initial-setup2⤵
- Reads runtime system information
PID:1600
-
-
/usr/bin/idid gdm2⤵
- Reads runtime system information
PID:1601
-
-
/usr/bin/idid sshd2⤵
- Reads runtime system information
PID:1602
-
-
/usr/bin/idid user2⤵
- Reads runtime system information
PID:1603
-
-
/bin/hostnamehostname2⤵PID:1604
-
-
/bin/unameuname -m2⤵PID:1605
-
-
/usr/bin/whoamiwhoami2⤵PID:1606
-