Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    21-05-2024 05:37

General

  • Target

    install.sh

  • Size

    35KB

  • MD5

    a7cfd82d01c8501703bfa55efdee0316

  • SHA1

    9541779c8c03397db5b6dc4af5245797ad2fef52

  • SHA256

    58d0c29c798bf5483b22258f43ff9db4966837c77ca6329bd43f172ea0c44757

  • SHA512

    f02daf28a52d466226e03216c94557b9958a06ad5ddcf2a88d836890c1b2dabc8397859ddb81a3652d005f69dfb4e6d5ad6d86ee0f8116a9691210864e20227a

  • SSDEEP

    768:iJy+9/hQH7hzV6MGadpYFMcDW9gvHTlRs/TkPk0slo443ZwX:iH/hQH7hR6MGadpSMKW9gvJRs/TkPk0Y

Score
4/10

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/install.sh
    /tmp/install.sh
    1⤵
      PID:1480
      • /bin/which
        which curl
        2⤵
          PID:1481
        • /usr/bin/curl
          curl -sS --connect-timeout 10 -m 10 https://www.bt.cn/api/wpanel/SetupCount
          2⤵
            PID:1482
          • /usr/bin/whoami
            whoami
            2⤵
              PID:1498
            • /usr/bin/getconf
              getconf LONG_BIT
              2⤵
                PID:1499
              • /bin/grep
                grep -iE "centos|Red Hat"
                2⤵
                  PID:1503
                • /bin/grep
                  grep " 6."
                  2⤵
                    PID:1502
                  • /bin/cat
                    cat /etc/redhat-release
                    2⤵
                      PID:1501
                    • /usr/bin/cut
                      cut -f 1 -d .
                      2⤵
                        PID:1508
                      • /usr/bin/awk
                        awk "{print \$2}"
                        2⤵
                        • Reads runtime system information
                        PID:1507
                      • /bin/grep
                        grep Ubuntu
                        2⤵
                          PID:1506
                        • /bin/cat
                          cat /etc/issue
                          2⤵
                            PID:1505
                          • /bin/cat
                            cat /etc/hostname
                            2⤵
                              PID:1509
                            • /usr/bin/wc
                              wc -l
                              2⤵
                                PID:1513
                              • /bin/grep
                                grep processor
                                2⤵
                                  PID:1512
                                • /bin/cat
                                  cat /proc/cpuinfo
                                  2⤵
                                  • Checks CPU configuration
                                  PID:1511

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads