Analysis

  • max time kernel
    5s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    11-05-2024 04:19

General

  • Target

    NetShred X 6.0.2/Open Gatekeeper friendly

  • Size

    1KB

  • MD5

    dc9fb0fdb63b80375e7fdd5f67022847

  • SHA1

    55437344bde13777a3e309599aa6c7930721d4d7

  • SHA256

    45f8b43453cb19232902844bfde4af6471f3762880f23e968bfca28a33c26817

  • SHA512

    59f501c0b2843254f97e1c7492c295fd0cb41ca024b92cee617db471ee815aea823969381c95a7ab7a581957e2964673e3e0336ac02233d7dc0392cadae78fd7

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/NetShred X 6.0.2/Open Gatekeeper friendly
    "/tmp/NetShred X 6.0.2/Open Gatekeeper friendly"
    1⤵
      PID:1524
      • /usr/bin/clear
        clear
        2⤵
          PID:1525
        • /usr/bin/dirname
          dirname "/tmp/NetShred X 6.0.2/Open Gatekeeper friendly"
          2⤵
            PID:1526
          • /bin/rm
            rm -rf /tmp/tnt17775
            2⤵
              PID:1527
            • /bin/mkdir
              mkdir -p /tmp/tnt17775
              2⤵
              • Reads runtime system information
              PID:1528
            • /bin/cp
              cp "/tmp/NetShred X 6.0.2/Manual install/NetShred X 6.0.2 [TNT].dmg" /tmp/tnt17775
              2⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1529
            • /bin/mkdir
              mkdir -p /tmp/tnt17775/mount
              2⤵
              • Reads runtime system information
              PID:1531
            • /usr/bin/find
              find /tmp/tnt17775/mount -maxdepth 1 "!" -type l "!" -path /tmp/tnt17775/mount -exec xattr -r -d com.apple.quarantine "{}" ";"
              2⤵
              • Reads runtime system information
              PID:1533
            • /bin/sleep
              sleep 5
              2⤵
                PID:1535

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /tmp/tnt17775/NetShred X 6.0.2 [TNT].dmg
              Filesize

              3.4MB

              MD5

              b4445a1d2526685b24df671313e9417b

              SHA1

              c3b7b3a0ba012a428709695772c187407bf40797

              SHA256

              32d131386d46c189a87ac5425e448cbd9cfb10d1117d0f9084ff7cf3b1d7317b

              SHA512

              f5caf85550caaaeee5bf17992aba5bfac67254a68fc1827b571e4397d9433ec1d495b8ed6cbea8e27b6c3503414ce1dd301be16ca54999aee8a7a2be7ba90f32