Analysis
-
max time kernel
0s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
-
submitted
21-05-2024 05:56
General
-
Target
mainteanace.sh
-
Size
1KB
-
MD5
5121492c7ff75de55dfa6e917a42ded1
-
SHA1
010846349a560fefd585aae10ba015244c7cd6b1
-
SHA256
1660c83ed3ff61e9658e5cc7372c353eca5fe08c71c3d49e20f5c1a91ee29a4b
-
SHA512
16c8f4028a78c9481374c1f199ea9dd31f91fc0945cb15b9f416f0fd610a2c7321536add514d414d20cf64c119bf004990652e792dfb5cd5e8fda5c2378165eb
Score
6/10
Malware Config
Signatures
-
Checks system information (zLinux) 1 TTPs 1 IoCs
Check system information on IBM zSystems which indicate if the system is a virtual machine.
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 24 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 3 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 27 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/mainteanace.sh/tmp/mainteanace.sh1⤵
-
/usr/bin/awkawk "{print \$2, \$3, \$4}"2⤵
- Reads runtime system information
-
/usr/bin/lsb_releaselsb_release -d2⤵
-
/usr/bin/xargsxargs2⤵
- Reads runtime system information
-
/usr/local/sbin/echoecho Intel Core Processor "(Broadwell)"3⤵
-
/usr/local/bin/echoecho Intel Core Processor "(Broadwell)"3⤵
-
/usr/sbin/echoecho Intel Core Processor "(Broadwell)"3⤵
-
/usr/bin/echoecho Intel Core Processor "(Broadwell)"3⤵
-
/sbin/echoecho Intel Core Processor "(Broadwell)"3⤵
-
/bin/echoecho Intel Core Processor "(Broadwell)"3⤵
-
/usr/bin/awkawk -F: "{print \$2}"2⤵
- Reads runtime system information
-
/bin/grepgrep "Model name"2⤵
-
/usr/bin/lscpulscpu2⤵
- Checks system information (zLinux)
- Checks CPU configuration
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/bin/awkawk "{print }"2⤵
- Reads runtime system information
-
/bin/dfdf -H2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print}"2⤵
- Reads runtime system information
-
/usr/bin/whoamiwhoami2⤵
-
/usr/bin/awkawk "{print}"2⤵
- Reads runtime system information
-
/bin/lsls /etc/nginx/sites-available2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print}"2⤵
- Reads runtime system information
-
/bin/lsls /etc/apache/sites-available2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print}"2⤵
- Reads runtime system information
-
/usr/bin/nodenode -v2⤵
-
/usr/bin/awkawk "{print}"2⤵
- Reads runtime system information
-
/usr/bin/awkawk "FNR == 1 {print}"2⤵
- Reads runtime system information
-
/bin/grepgrep mysql2⤵
-
/usr/bin/dpkgdpkg -l2⤵
- Reads runtime system information
-
/usr/local/sbin/dpkg-querydpkg-query --list --2⤵
-
/usr/local/bin/dpkg-querydpkg-query --list --2⤵
-
/usr/sbin/dpkg-querydpkg-query --list --2⤵
-
/usr/bin/dpkg-querydpkg-query --list --2⤵
-
/usr/bin/awkawk "FNR == 1 {print}"2⤵
- Reads runtime system information
-
/bin/grepgrep mongo2⤵
-
/usr/bin/dpkgdpkg -l2⤵
- Reads runtime system information
-
/usr/local/sbin/dpkg-querydpkg-query --list --2⤵
-
/usr/local/bin/dpkg-querydpkg-query --list --2⤵
-
/usr/sbin/dpkg-querydpkg-query --list --2⤵
-
/usr/bin/dpkg-querydpkg-query --list --2⤵
-
/usr/bin/awkawk "{print}"2⤵
- Reads runtime system information
-
/usr/bin/sudosudo find /var/log/ -name "*.gz" -type f -delete2⤵
- Reads runtime system information
-
/usr/bin/sortsort -u2⤵
-
/usr/bin/findfind /opt/bitnami -type d -perm 7772⤵
- Reads runtime system information
-
/usr/bin/sortsort -u2⤵
-
/usr/bin/findfind /var/www/html -maxdepth 3 -type d -perm 7772⤵
- Reads runtime system information
-
/usr/bin/awkawk "FNR == 1 {print}"2⤵
- Reads runtime system information
-
/usr/bin/lastlast -xF reboot2⤵