Overview

overview

6

Static

static

1

post-install.sh

ubuntu-18.04-amd64

1

post-install.sh

debian-9-armhf

1

post-install.sh

debian-9-mips

post-install.sh

debian-9-mipsel

post-uninstall.sh

ubuntu-18.04-amd64

1

post-uninstall.sh

debian-9-armhf

1

post-uninstall.sh

debian-9-mips

post-uninstall.sh

debian-9-mipsel

pre-install.sh

ubuntu-18.04-amd64

1

pre-install.sh

debian-9-armhf

1

pre-install.sh

debian-9-mips

pre-install.sh

debian-9-mipsel

pre-uninstall.sh

ubuntu-18.04-amd64

1

pre-uninstall.sh

debian-9-armhf

1

pre-uninstall.sh

debian-9-mips

pre-uninstall.sh

debian-9-mipsel

start-stop.sh

ubuntu-18.04-amd64

1

start-stop.sh

debian-9-armhf

1

start-stop.sh

debian-9-mips

start-stop.sh

debian-9-mipsel

bin/xCloudClient

ubuntu-18.04-amd64

6

monitor.sh

ubuntu-18.04-amd64

1

monitor.sh

debian-9-armhf

1

monitor.sh

debian-9-mips

monitor.sh

debian-9-mipsel

restart_xcloud.sh

ubuntu-18.04-amd64

1

restart_xcloud.sh

debian-9-armhf

1

restart_xcloud.sh

debian-9-mips

restart_xcloud.sh

debian-9-mipsel

searchSharePath.sh

ubuntu-18.04-amd64

3

searchSharePath.sh

debian-9-armhf

1

searchSharePath.sh

debian-9-mips

Analysis

  • max time kernel
    0s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    21/05/2024, 06:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    searchSharePath.sh

  • Size

    2KB

  • MD5

    3c7655349d7a5106ea60c4fdd9a230a1

  • SHA1

    d2cc131af48c3547835914db640decc01486ca1a

  • SHA256

    9835fdde3aa4fca60ec63c2e169d777cfa506c14f37a82ab848235e11bdb8de2

  • SHA512

    4905ca4dea4ba7bd9c899b298571882fe283b89421848f5486798f1f5b138ace4ca9418d32fc1fe7efdfcc98bc04302331f49fec5ff37d64be5f151b87ba2097

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 6 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/searchSharePath.sh
    /tmp/searchSharePath.sh
    1⤵
      PID:1517
      • /bin/mkdir
        mkdir -p /volume1/Public/xcloud
        2⤵
        • Reads runtime system information
        PID:1518
      • /bin/mkdir
        mkdir -p /volume1/Public/xcloud/music
        2⤵
        • Reads runtime system information
        PID:1519
      • /bin/mkdir
        mkdir -p /volume1/Public/xcloud/video
        2⤵
        • Reads runtime system information
        PID:1520
      • /bin/mkdir
        mkdir -p /volume1/Public/xcloud/docs
        2⤵
        • Reads runtime system information
        PID:1521
      • /bin/mkdir
        mkdir -p /volume1/Public/xcloud/pic
        2⤵
        • Reads runtime system information
        PID:1522
      • /bin/mkdir
        mkdir -p /volume1/Public/xcloud/pic/instant
        2⤵
        • Reads runtime system information
        PID:1523
      • /bin/ln
        ln -s /volume1/Public/xcloud /volume1/Web/xCloud/source
        2⤵
          PID:1524
        • /bin/echo
          /bin/echo "/volume0/usr/builtin/etc/samba/smb.conf is no exist!"
          2⤵
            PID:1525

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads