Overview

overview

3

Static

static

1

ssl_18s.sh

ubuntu-18.04-amd64

3

ssl_18s.sh

debian-9-armhf

1

ssl_18s.sh

debian-9-mips

ssl_18s.sh

debian-9-mipsel

Analysis

  • max time kernel
    0s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22/05/2024, 12:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ssl_18s.sh

  • Size

    3KB

  • MD5

    7867253fd64fbfc9edc14cd9ea5164bb

  • SHA1

    6cf753d8c44e06c9ee944bd58f0b576a00d28029

  • SHA256

    3b42d6122b6ec24d662be96cdd94e292565493d036331c2726c4794d0a6490be

  • SHA512

    42c9c5b103fc656f8c4e85ee5da79e1e9af17348963ac953450eace29dc577d4f7f9257d182fe57f81e282ded9f7079ff628a3bf39b558079914ca7c427e8dec

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 30 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/ssl_18s.sh
    /tmp/ssl_18s.sh
    1⤵
      PID:1495
      • /usr/bin/sudo
        sudo a2dissite default.conf
        2⤵
        • Reads runtime system information
        PID:1498
      • /usr/bin/sudo
        sudo mv /etc/apache2/sites-available/default.conf /etc/apache2/sites-available/default-bak.conf
        2⤵
        • Reads runtime system information
        PID:1499
      • /usr/bin/sudo
        sudo a2dissite default-le-ssl.conf
        2⤵
        • Reads runtime system information
        PID:1503
      • /usr/bin/sudo
        sudo mv /etc/apache2/sites-available/default-le-ssl.conf /etc/apache2/sites-available/default-bak-le-ssl.conf
        2⤵
        • Reads runtime system information
        PID:1512
      • /usr/bin/sudo
        sudo a2dissite 000-default.conf
        2⤵
        • Reads runtime system information
        PID:1513
      • /usr/bin/sudo
        sudo a2dissite default-ssl.conf
        2⤵
        • Reads runtime system information
        PID:1520
      • /usr/bin/sudo
        sudo cp /var/www/default_18s.conf /etc/apache2/sites-available/default.conf
        2⤵
        • Reads runtime system information
        PID:1521
      • /usr/bin/sudo
        sudo a2ensite default.conf
        2⤵
        • Reads runtime system information
        PID:1527
      • /usr/bin/sudo
        sudo service apache2 restart
        2⤵
        • Reads runtime system information
        PID:1531
      • /usr/bin/sudo
        sudo certbot --authenticator webroot --installer apache -w /var/www/public -d freehome.site --redirect --keep-until-expiring --agree-tos -m "[email protected]" --no-eff-email
        2⤵
        • Reads runtime system information
        PID:1538

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads