2950da8027d2ce4a74d5d2ba7ff3268b3bbacc96ea4d70f7462ff8e02f1d4d17

Analysis

max time kernel
0s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
21/05/2024, 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

input_dev.sh
Size

190B
MD5

e0b2255a646e4de31449703449035e7b
SHA1

b2a1e645ea8153e601a26005bbad377627ec8186
SHA256

31745942e304f9380ecc0d7d33cb3a1fc74a718e9883fea24db248dd512c2a97
SHA512

c0bf282e4847a9223b0e252d00b169984a62ed44327d9976dfa4d758e61e39062f85ef884607627cc3f84743bf31e13407ef8ae3262ffc93ce2e7824a4e557f8

Score

3^/10

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/module/joydev/initstate	modprobe

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/cmdline	modprobe

/tmp/input_dev.sh
/tmp/input_dev.sh
1⤵
PID:1480
- /sbin/modprobe
  modprobe joydev
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1481
- /usr/bin/seq
  seq 0 3
  2⤵
  PID:1482
- /bin/ln
  ln -sf /dev/js0 /dev/input/
  2⤵
  PID:1483
- /bin/ln
  ln -sf /dev/js1 /dev/input/
  2⤵
  PID:1484
- /bin/ln
  ln -sf /dev/js2 /dev/input/
  2⤵
  PID:1485
- /bin/ln
  ln -sf /dev/js3 /dev/input/
  2⤵
  PID:1486
- /usr/bin/seq
  seq 1 20
  2⤵
  PID:1487
- /bin/ln
  ln -sf /dev/event1 /dev/input/
  2⤵
  PID:1488
- /bin/ln
  ln -sf /dev/event2 /dev/input/
  2⤵
  PID:1489
- /bin/ln
  ln -sf /dev/event3 /dev/input/
  2⤵
  PID:1490
- /bin/ln
  ln -sf /dev/event4 /dev/input/
  2⤵
  PID:1491
- /bin/ln
  ln -sf /dev/event5 /dev/input/
  2⤵
  PID:1492
- /bin/ln
  ln -sf /dev/event6 /dev/input/
  2⤵
  PID:1493
- /bin/ln
  ln -sf /dev/event7 /dev/input/
  2⤵
  PID:1494
- /bin/ln
  ln -sf /dev/event8 /dev/input/
  2⤵
  PID:1495
- /bin/ln
  ln -sf /dev/event9 /dev/input/
  2⤵
  PID:1496
- /bin/ln
  ln -sf /dev/event10 /dev/input/
  2⤵
  PID:1497
- /bin/ln
  ln -sf /dev/event11 /dev/input/
  2⤵
  PID:1498
- /bin/ln
  ln -sf /dev/event12 /dev/input/
  2⤵
  PID:1499
- /bin/ln
  ln -sf /dev/event13 /dev/input/
  2⤵
  PID:1500
- /bin/ln
  ln -sf /dev/event14 /dev/input/
  2⤵
  PID:1501
- /bin/ln
  ln -sf /dev/event15 /dev/input/
  2⤵
  PID:1502
- /bin/ln
  ln -sf /dev/event16 /dev/input/
  2⤵
  PID:1503
- /bin/ln
  ln -sf /dev/event17 /dev/input/
  2⤵
  PID:1504
- /bin/ln
  ln -sf /dev/event18 /dev/input/
  2⤵
  PID:1505
- /bin/ln
  ln -sf /dev/event19 /dev/input/
  2⤵
  PID:1506
- /bin/ln
  ln -sf /dev/event20 /dev/input/
  2⤵
  PID:1507

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...