Analysis Overview
SHA256
58d0c29c798bf5483b22258f43ff9db4966837c77ca6329bd43f172ea0c44757
Threat Level: Likely benign
The file install.sh was found to be: Likely benign.
Malicious Activity Summary
Checks CPU configuration
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-21 05:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 05:37
Reported
2024-05-21 06:09
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
149s
Max time network
128s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/maps | /usr/bin/awk | N/A |
Processes
/tmp/install.sh
[/tmp/install.sh]
/bin/which
[which curl]
/usr/bin/curl
[curl -sS --connect-timeout 10 -m 10 https://www.bt.cn/api/wpanel/SetupCount]
/usr/bin/whoami
[whoami]
/usr/bin/getconf
[getconf LONG_BIT]
/bin/grep
[grep -iE centos|Red Hat]
/bin/grep
[grep 6.]
/bin/cat
[cat /etc/redhat-release]
/usr/bin/cut
[cut -f 1 -d .]
/usr/bin/awk
[awk {print $2}]
/bin/grep
[grep Ubuntu]
/bin/cat
[cat /etc/issue]
/bin/cat
[cat /etc/hostname]
/usr/bin/wc
[wc -l]
/bin/grep
[grep processor]
/bin/cat
[cat /proc/cpuinfo]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | www.bt.cn | udp |
| US | 1.1.1.1:53 | www.bt.cn | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.2:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-21 05:37
Reported
2024-05-21 06:08
Platform
debian9-armhf-20240226-en
Max time network
13s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | www.bt.cn | udp |
| CN | 42.157.129.124:443 | www.bt.cn | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-21 05:37
Reported
2024-05-21 06:06
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-21 05:37
Reported
2024-05-21 06:06
Platform
debian9-mipsel-20240226-en