Overview

overview

3

Static

static

1

weixin.sh

ubuntu-18.04-amd64

3

weixin.sh

debian-9-armhf

1

weixin.sh

debian-9-mips

weixin.sh

debian-9-mipsel

Analysis

  • max time kernel
    148s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    21-05-2024 05:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    weixin.sh

  • Size

    1KB

  • MD5

    93055525d0ebf4b382833a3dc0ccf823

  • SHA1

    93e47f24a89b3d5b5f015cb6f6b915855aae5142

  • SHA256

    02057a8d76fe0827e774c6c3a723f7227f0015b005cb15ddbc7afb62c4a60854

  • SHA512

    889dc674f766adc34a38b844c52c29169625fa83718ba8a6e13ee7e31ed352ee21f459612389fde9fa7653968bbfe8869f6d511e13565edf94038e75a0bb58b0

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/weixin.sh
    /tmp/weixin.sh
    1⤵
      PID:1516
      • /usr/bin/dirname
        dirname /tmp/weixin.sh
        2⤵
          PID:1519
        • /usr/bin/basename
          basename /tmp/weixin.sh
          2⤵
            PID:1520
          • /bin/date
            date "+%F"
            2⤵
              PID:1521
            • /bin/mkdir
              mkdir -p /tmp/logs
              2⤵
              • Reads runtime system information
              PID:1522
            • /usr/bin/curl
              curl "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=" -H "Content-Type: application/json" -d " { \"msgtype\": \"text\", \"text\": { \"content\": \"\" } }"
              2⤵
                PID:1524

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads