Malware Analysis Report

2024-10-24 21:46

Sample ID 240521-gbc6wsdc88
Target install.sh
SHA256 58d0c29c798bf5483b22258f43ff9db4966837c77ca6329bd43f172ea0c44757
Tags
antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

58d0c29c798bf5483b22258f43ff9db4966837c77ca6329bd43f172ea0c44757

Threat Level: Likely benign

The file install.sh was found to be: Likely benign.

Malicious Activity Summary

antivm

Checks CPU configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 05:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 05:37

Reported

2024-05-21 06:09

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

149s

Max time network

128s

Command Line

[/tmp/install.sh]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/cat N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/maps /usr/bin/awk N/A

Processes

/tmp/install.sh

[/tmp/install.sh]

/bin/which

[which curl]

/usr/bin/curl

[curl -sS --connect-timeout 10 -m 10 https://www.bt.cn/api/wpanel/SetupCount]

/usr/bin/whoami

[whoami]

/usr/bin/getconf

[getconf LONG_BIT]

/bin/grep

[grep -iE centos|Red Hat]

/bin/grep

[grep 6.]

/bin/cat

[cat /etc/redhat-release]

/usr/bin/cut

[cut -f 1 -d .]

/usr/bin/awk

[awk {print $2}]

/bin/grep

[grep Ubuntu]

/bin/cat

[cat /etc/issue]

/bin/cat

[cat /etc/hostname]

/usr/bin/wc

[wc -l]

/bin/grep

[grep processor]

/bin/cat

[cat /proc/cpuinfo]

Network

Country Destination Domain Proto
US 1.1.1.1:53 www.bt.cn udp
US 1.1.1.1:53 www.bt.cn udp
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.2:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-21 05:37

Reported

2024-05-21 06:08

Platform

debian9-armhf-20240226-en

Max time network

13s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:53 www.bt.cn udp
CN 42.157.129.124:443 www.bt.cn tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-21 05:37

Reported

2024-05-21 06:06

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-21 05:37

Reported

2024-05-21 06:06

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A