Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

install.sh

ubuntu-18.04-amd64

3

install.sh

debian-9-armhf

1

install.sh

debian-9-mips

install.sh

debian-9-mipsel

Analysis

  • max time kernel
    1s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22/05/2024, 12:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    install.sh

  • Size

    52KB

  • MD5

    9983251298ea19d0b1b2221803c4862d

  • SHA1

    eb03b74d51f55664868fd4ec600c9cbc517fb76f

  • SHA256

    377f30578bb58780d0ee99fc1c77801d98493f4e86a158743ecb08a21576039c

  • SHA512

    f3ee503eca06d45295c3747f884c180b41b0456b5af3ca17df5536ee690deb2915e10b68916f3676f3f8d4e0f831dc2b1ad06d02247fa66fe8a9d9b09f83cb04

  • SSDEEP

    1536:aQHwBfFKTQ+ly+cNFrOf+DQoBvzEPhF42Y/8gwfndBxTi+SOMjXtiCMfaHWyv8x/:aQqfFKE+VcNNOf+BrEPhC2Y/8HfndBxD

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 13 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 23 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/install.sh
    /tmp/install.sh
    1⤵
    • Writes file to tmp directory
    PID:1507
    • /usr/bin/mkfifo
      mkfifo /tmp/log.pipe.1507
      2⤵
      • Reads runtime system information
      PID:1508
    • /usr/bin/tee
      tee /tmp/log.file.1507
      2⤵
      • Writes file to tmp directory
      PID:1509
    • /usr/bin/head
      head -c 1
      2⤵
        PID:1512
      • /bin/uname
        uname -s
        2⤵
          PID:1513
        • /usr/bin/apt-get
          /usr/bin/apt-get -qy update
          2⤵
          • Reads runtime system information
          • Writes file to tmp directory
          PID:1514
          • /usr/bin/dpkg
            /usr/bin/dpkg --print-foreign-architectures
            3⤵
            • Reads runtime system information
            PID:1515
          • /usr/lib/apt/methods/http
            /usr/lib/apt/methods/http
            3⤵
              PID:1516
            • /usr/lib/apt/methods/https
              /usr/lib/apt/methods/https
              3⤵
                PID:1517
              • /bin/sh
                sh -c "[ ! -e /run/systemd/system ] || [ \$(id -u) -ne 0 ] || systemctl start --no-block apt-news.service esm-cache.service || true"
                3⤵
                  PID:1519
                  • /usr/bin/id
                    id -u
                    4⤵
                    • Reads runtime system information
                    PID:1520
                  • /bin/systemctl
                    systemctl start --no-block apt-news.service esm-cache.service
                    4⤵
                    • Reads runtime system information
                    PID:1521
                • /usr/lib/apt/methods/https
                  /usr/lib/apt/methods/https
                  3⤵
                    PID:1522
                  • /usr/lib/apt/methods/http
                    /usr/lib/apt/methods/http
                    3⤵
                      PID:1526
                    • /usr/lib/apt/methods/http
                      /usr/lib/apt/methods/http
                      3⤵
                        PID:1527
                      • /usr/bin/dpkg
                        /usr/bin/dpkg --print-foreign-architectures
                        3⤵
                        • Reads runtime system information
                        PID:1532
                      • /usr/bin/dpkg
                        /usr/bin/dpkg --print-foreign-architectures
                        3⤵
                        • Reads runtime system information
                        PID:1536

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /tmp/fileutl.message.Sw13oW
                    Filesize

                    235KB

                    MD5

                    373fe2f2ef99005d2550a482f09a3e51

                    SHA1

                    68e6572b55b1e77f7d171ebac7b2579b7a6bd51d

                    SHA256

                    7552d5ab0c3879756a860aaab8e7c2f8ffb9409ea9ff9e65fc046ba5c519ebe5

                    SHA512

                    def9e854b824d2fddc6a15f898be73cfb679ac38563f5af854546f49c9d5d2316a40176dc41d6b360bda7b65de53863a53e4eedadf6336000b031b77a113607b

                    Download Submit

                  • /tmp/log.file.1507
                    Filesize

                    123B

                    MD5

                    4cb207c2f7292fdd3c8d0020d9d89007

                    SHA1

                    378ed39b81c68851eff28fbad4e871bf92da4c09

                    SHA256

                    efcd1825afe6427c244d9d3f7da3414bcbfcb1f1bef5d6cddb8cccf9a443243a

                    SHA512

                    d307201f271c66f8fa85155b544d6703d3e62c535be6d800a2af165a639b3ef91e0a2d7af790828af9b7d0fed72c2085574ac7d653ecc9746f6e1886522e6300

                    Download Submit