Overview

overview

3

Static

static

1

post-install.sh

ubuntu-18.04-amd64

3

post-install.sh

debian-9-armhf

1

post-install.sh

debian-9-mips

post-install.sh

debian-9-mipsel

pre-install.sh

ubuntu-18.04-amd64

1

pre-install.sh

debian-9-armhf

1

pre-install.sh

debian-9-mips

pre-install.sh

debian-9-mipsel

pre-uninstall.sh

ubuntu-18.04-amd64

1

pre-uninstall.sh

debian-9-armhf

1

pre-uninstall.sh

debian-9-mips

pre-uninstall.sh

debian-9-mipsel

start-stop.sh

ubuntu-18.04-amd64

1

start-stop.sh

debian-9-armhf

1

start-stop.sh

debian-9-mips

start-stop.sh

debian-9-mipsel

applicatio...x.html

windows7-x64

1

applicatio...x.html

windows10-2004-x64

1

applicatio...x.html

windows7-x64

1

applicatio...x.html

windows10-2004-x64

1

applicatio...oad.js

windows7-x64

3

applicatio...oad.js

windows10-2004-x64

3

applicatio...x.html

windows7-x64

1

applicatio...x.html

windows10-2004-x64

1

applicatio...x.html

windows7-x64

1

applicatio...x.html

windows10-2004-x64

1

applicatio...der.js

windows7-x64

3

applicatio...der.js

windows10-2004-x64

3

applicatio...x.html

windows7-x64

1

applicatio...x.html

windows10-2004-x64

1

applicatio...x.html

windows7-x64

1

applicatio...x.html

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    21-05-2024 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    post-install.sh

  • Size

    998B

  • MD5

    323814cbdccf86dc8e5fcb6892edc58b

  • SHA1

    14b645b4c43fc692bcbe0b5ac2c27bac324996b3

  • SHA256

    8f646300f3cb61486fcb32009cacfe8d882e2e4cb22b488a7bf3a238613e391a

  • SHA512

    7c63af7662cac9f4d5b17e10fc3be0d0cb491855e139b45a22a066d9b4ec2df410cdedc1b66f5f386f8551371fdb8c6f41a9dcf7afca357e12f14db663da99bb

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/post-install.sh
    /tmp/post-install.sh
    1⤵
      PID:1506
      • /bin/sed
        sed -n "s/\$config\\['db_password'\\] = '\\(.*\\)';/\\1/p" /usr/local/AppCentral/photo-gallery/application/config/photo_gallery.php
        2⤵
        • Reads runtime system information
        PID:1507
      • /bin/chown
        /bin/chown admin:administrators /usr/local/AppCentral/photo-gallery/application/session/
        2⤵
          PID:1508
        • /bin/chown
          /bin/chown admin:administrators /usr/local/AppCentral/photo-gallery/application/upload/
          2⤵
            PID:1509
          • /usr/builtin/sbin/avahiregister
            /usr/builtin/sbin/avahiregister -reg pg "%h" _ASUSTOR_PG._tcp -2
            2⤵
              PID:1510

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads