2950da8027d2ce4a74d5d2ba7ff3268b3bbacc96ea4d70f7462ff8e02f1d4d17

Analysis

max time kernel
0s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
21/05/2024, 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

input_dev.sh
Size

190B
MD5

e0b2255a646e4de31449703449035e7b
SHA1

b2a1e645ea8153e601a26005bbad377627ec8186
SHA256

31745942e304f9380ecc0d7d33cb3a1fc74a718e9883fea24db248dd512c2a97
SHA512

c0bf282e4847a9223b0e252d00b169984a62ed44327d9976dfa4d758e61e39062f85ef884607627cc3f84743bf31e13407ef8ae3262ffc93ce2e7824a4e557f8

Score

3^/10

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/module/joydev/initstate	modprobe

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/cmdline	modprobe

/tmp/input_dev.sh
/tmp/input_dev.sh
1⤵
PID:1480
- /sbin/modprobe
  modprobe joydev
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1481
- /usr/bin/seq
  seq 0 3
  2⤵
  PID:1482
- /bin/ln
  ln -sf /dev/js0 /dev/input/
  2⤵
  PID:1483
- /bin/ln
  ln -sf /dev/js1 /dev/input/
  2⤵
  PID:1484
- /bin/ln
  ln -sf /dev/js2 /dev/input/
  2⤵
  PID:1485
- /bin/ln
  ln -sf /dev/js3 /dev/input/
  2⤵
  PID:1486
- /usr/bin/seq
  seq 1 20
  2⤵
  PID:1487
- /bin/ln
  ln -sf /dev/event1 /dev/input/
  2⤵
  PID:1488
- /bin/ln
  ln -sf /dev/event2 /dev/input/
  2⤵
  PID:1489
- /bin/ln
  ln -sf /dev/event3 /dev/input/
  2⤵
  PID:1490
- /bin/ln
  ln -sf /dev/event4 /dev/input/
  2⤵
  PID:1491
- /bin/ln
  ln -sf /dev/event5 /dev/input/
  2⤵
  PID:1492
- /bin/ln
  ln -sf /dev/event6 /dev/input/
  2⤵
  PID:1493
- /bin/ln
  ln -sf /dev/event7 /dev/input/
  2⤵
  PID:1494
- /bin/ln
  ln -sf /dev/event8 /dev/input/
  2⤵
  PID:1495
- /bin/ln
  ln -sf /dev/event9 /dev/input/
  2⤵
  PID:1496
- /bin/ln
  ln -sf /dev/event10 /dev/input/
  2⤵
  PID:1497
- /bin/ln
  ln -sf /dev/event11 /dev/input/
  2⤵
  PID:1498
- /bin/ln
  ln -sf /dev/event12 /dev/input/
  2⤵
  PID:1499
- /bin/ln
  ln -sf /dev/event13 /dev/input/
  2⤵
  PID:1500
- /bin/ln
  ln -sf /dev/event14 /dev/input/
  2⤵
  PID:1501
- /bin/ln
  ln -sf /dev/event15 /dev/input/
  2⤵
  PID:1502
- /bin/ln
  ln -sf /dev/event16 /dev/input/
  2⤵
  PID:1503
- /bin/ln
  ln -sf /dev/event17 /dev/input/
  2⤵
  PID:1504
- /bin/ln
  ln -sf /dev/event18 /dev/input/
  2⤵
  PID:1505
- /bin/ln
  ln -sf /dev/event19 /dev/input/
  2⤵
  PID:1506
- /bin/ln
  ln -sf /dev/event20 /dev/input/
  2⤵
  PID:1507

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads