378e290f21800cf5e390318b0dbdb4998869d11ec7b4b55664cd3d0c078d1a05

Analysis

max time kernel
0s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
21/05/2024, 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

scan.sh
Size

819B
MD5

6c0aaf11a2659b37f02748a38da74678
SHA1

739cf333ee0ac6fd44cf5f09334d00d69ebd2a49
SHA256

378e290f21800cf5e390318b0dbdb4998869d11ec7b4b55664cd3d0c078d1a05
SHA512

da4ed037b1d239b86ed7962f814093c976eb6df4417e43168f492a6f9874957dae370352df9b32666204114c4819eff54dfecdbe6d0d18b1980e7e08e5746383

Score

3^/10

Malware Config

Signatures

Reads runtime system information 15 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/self/maps	awk

/tmp/scan.sh
/tmp/scan.sh
1⤵
PID:1516
- /usr/bin/awk
  awk -v "topic=AccountInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1519
- /bin/grep
  grep -lrF AccountInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1518
- /usr/bin/sort
  sort -u
  2⤵
  PID:1521
- /usr/bin/awk
  awk -v "topic=ETFInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1524
- /bin/grep
  grep -lrF ETFInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1523
- /usr/bin/sort
  sort -u
  2⤵
  PID:1526
- /usr/bin/awk
  awk -v "topic=IndexInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1529
- /bin/grep
  grep -lrF IndexInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1528
- /usr/bin/sort
  sort -u
  2⤵
  PID:1531
- /usr/bin/awk
  awk -v "topic=BondInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1534
- /bin/grep
  grep -lrF BondInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1533
- /usr/bin/sort
  sort -u
  2⤵
  PID:1536
- /usr/bin/awk
  awk -v "topic=FuturesInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1539
- /bin/grep
  grep -lrF FuturesInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1538
- /usr/bin/sort
  sort -u
  2⤵
  PID:1541
- /usr/bin/awk
  awk -v "topic=OptionInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1544
- /bin/grep
  grep -lrF OptionInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1543
- /usr/bin/sort
  sort -u
  2⤵
  PID:1546
- /usr/bin/awk
  awk -v "topic=StockInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1549
- /bin/grep
  grep -lrF StockInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1548
- /usr/bin/sort
  sort -u
  2⤵
  PID:1551
- /usr/bin/awk
  awk -v "topic=HKStockInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1554
- /bin/grep
  grep -lrF HKStockInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1553
- /usr/bin/sort
  sort -u
  2⤵
  PID:1556
- /usr/bin/awk
  awk -v "topic=INFuturesInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1559
- /bin/grep
  grep -lrF INFuturesInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1558
- /usr/bin/sort
  sort -u
  2⤵
  PID:1561
- /usr/bin/awk
  awk -v "topic=JPStockInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1564
- /bin/grep
  grep -lrF JPStockInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1563
- /usr/bin/sort
  sort -u
  2⤵
  PID:1566
- /usr/bin/awk
  awk -v "topic=KRStockInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1569
- /bin/grep
  grep -lrF KRStockInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1568
- /usr/bin/sort
  sort -u
  2⤵
  PID:1571
- /usr/bin/awk
  awk -v "topic=TWStockInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1574
- /bin/grep
  grep -lrF TWStockInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1573
- /usr/bin/sort
  sort -u
  2⤵
  PID:1576
- /usr/bin/awk
  awk -v "topic=CryInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1579
- /bin/grep
  grep -lrF CryInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1578
- /usr/bin/sort
  sort -u
  2⤵
  PID:1581
- /usr/bin/awk
  awk -v "topic=USFuturesInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1584
- /bin/grep
  grep -lrF USFuturesInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1583
- /usr/bin/sort
  sort -u
  2⤵
  PID:1586
- /usr/bin/awk
  awk -v "topic=USStockInfo" "{dir=\$(extract_directory \$0); print topic\":\"dir}"
  2⤵
  - Reads runtime system information
  PID:1589
- /bin/grep
  grep -lrF USStockInfo /app "--include=*.java" "--include=*.py" "--include=*.js" "--include=*.sh" "--include=*.txt"
  2⤵
  PID:1588
- /usr/bin/sort
  sort -u
  2⤵
  PID:1591

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads