dbe10899d241e72a7b53cd2cb7b99eff5f3c8ef55ab536e686e42935364b65d3

Analysis

max time kernel
0s
max time network
131s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
21-05-2024 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kill_all.sh
Size

156B
MD5

78039b02603cff7e49d38b35dcbce302
SHA1

1859a5c8b414eaa238cb2a379b8968bba113a7cc
SHA256

dbe10899d241e72a7b53cd2cb7b99eff5f3c8ef55ab536e686e42935364b65d3
SHA512

eaded90abd36f4b4515482e3aa2d2ece4e15e855ed88cdad8296a14cdf018a59387a01aadfd879b9ed3396445cb146e6a85d92446c40c108ef7bbae30d45bbec

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/26/stat	ps
File opened for reading	/proc/28/cmdline	ps
File opened for reading	/proc/80/status	ps
File opened for reading	/proc/179/stat	ps
File opened for reading	/proc/183/stat	ps
File opened for reading	/proc/485/cmdline	ps
File opened for reading	/proc/695/cmdline	ps
File opened for reading	/proc/12/status	ps
File opened for reading	/proc/1205/stat	ps
File opened for reading	/proc/743/stat	ps
File opened for reading	/proc/979/cmdline	ps
File opened for reading	/proc/1368/status	ps
File opened for reading	/proc/322/status	ps
File opened for reading	/proc/1083/status	ps
File opened for reading	/proc/171/cmdline	ps
File opened for reading	/proc/36/stat	ps
File opened for reading	/proc/82/cmdline	ps
File opened for reading	/proc/1525/stat	ps
File opened for reading	/proc/6/cmdline	ps
File opened for reading	/proc/567/status	ps
File opened for reading	/proc/1329/status	ps
File opened for reading	/proc/1523/cmdline	ps
File opened for reading	/proc/1529/status	ps
File opened for reading	/proc/11/cmdline	ps
File opened for reading	/proc/176/cmdline	ps
File opened for reading	/proc/188/cmdline	ps
File opened for reading	/proc/1179/cmdline	ps
File opened for reading	/proc/34/stat	ps
File opened for reading	/proc/447/cmdline	ps
File opened for reading	/proc/476/stat	ps
File opened for reading	/proc/586/stat	ps
File opened for reading	/proc/684/stat	ps
File opened for reading	/proc/85/stat	ps
File opened for reading	/proc/1/status	ps
File opened for reading	/proc/185/stat	ps
File opened for reading	/proc/213/status	ps
File opened for reading	/proc/1162/cmdline	ps
File opened for reading	/proc/81/cmdline	ps
File opened for reading	/proc/1100/cmdline	ps
File opened for reading	/proc/1527/cmdline	ps
File opened for reading	/proc/472/stat	ps
File opened for reading	/proc/28/status	ps
File opened for reading	/proc/185/cmdline	ps
File opened for reading	/proc/486/status	ps
File opened for reading	/proc/1191/stat	ps
File opened for reading	/proc/16/cmdline	ps
File opened for reading	/proc/115/stat	ps
File opened for reading	/proc/170/cmdline	ps
File opened for reading	/proc/9/cmdline	ps
File opened for reading	/proc/23/cmdline	ps
File opened for reading	/proc/78/status	ps
File opened for reading	/proc/658/stat	ps
File opened for reading	/proc/1086/stat	ps
File opened for reading	/proc/1149/status	ps
File opened for reading	/proc/1149/cmdline	ps
File opened for reading	/proc/18/cmdline	ps
File opened for reading	/proc/1076/stat	ps
File opened for reading	/proc/1166/stat	ps
File opened for reading	/proc/503/stat	ps
File opened for reading	/proc/10/status	ps
File opened for reading	/proc/31/status	ps
File opened for reading	/proc/36/status	ps
File opened for reading	/proc/736/stat	ps
File opened for reading	/proc/945/stat	ps

/tmp/kill_all.sh
/tmp/kill_all.sh
1⤵
PID:1525
- /bin/grep
  grep -v grep
  2⤵
  PID:1529
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:1530
- /bin/grep
  grep php-cgi
  2⤵
  PID:1528
- /bin/ps
  ps -eaf
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1527

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads