Analysis
-
max time kernel
149s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
22-05-2024 11:40
Static task
static1
Behavioral task
behavioral1
Sample
wireguard-install.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
wireguard-install.sh
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral3
Sample
wireguard-install.sh
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral4
Sample
wireguard-install.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
wireguard-install.sh
-
Size
14KB
-
MD5
b2b666dcc7d7c9129637d440a1f0c7e0
-
SHA1
07223c071106705de40bd2836b69db76ccf569ec
-
SHA256
ed76a56e70e67195e15d8d08554631d387518bf8594182b94c9200fc96c6f64b
-
SHA512
44838f364bf735eca7fcd6d63785ec8d8c5dbab8f1040381c1958b4d3a2d0299e9b798b810d77a8d50620ee163ccef7a333bac1eabdde1170f339bef3480e762
-
SSDEEP
192:+lgpG3vZqRWS6AWNVM4tQ/YNGcQRSJdWiPQGadfmgKE+lqowBAcz5mSy0dbRq3WB:+B/ZaWS69ttQVfRB+qowz5mS9nk4
Malware Config
Signatures
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
Processes:
systemd-detect-virtsystemd-detect-virtdescription ioc process File opened for reading /sys/class/dmi/id/product_name systemd-detect-virt File opened for reading /sys/class/dmi/id/sys_vendor systemd-detect-virt File opened for reading /sys/class/dmi/id/product_name systemd-detect-virt File opened for reading /sys/class/dmi/id/sys_vendor systemd-detect-virt -
Reads runtime system information 14 IoCs
Reads data from /proc virtual filesystem.
Processes:
systemd-detect-virtsystemd-detect-virtsedseddescription ioc process File opened for reading /proc/1/sched systemd-detect-virt File opened for reading /proc/filesystems systemd-detect-virt File opened for reading /proc/sys/kernel/osrelease systemd-detect-virt File opened for reading /proc/1/sched systemd-detect-virt File opened for reading /proc/cmdline systemd-detect-virt File opened for reading /proc/self/stat systemd-detect-virt File opened for reading /proc/cmdline systemd-detect-virt File opened for reading /proc/filesystems systemd-detect-virt File opened for reading /proc/1/environ systemd-detect-virt File opened for reading /proc/1/environ systemd-detect-virt File opened for reading /proc/filesystems sed File opened for reading /proc/sys/kernel/osrelease systemd-detect-virt File opened for reading /proc/self/stat systemd-detect-virt File opened for reading /proc/filesystems sed
Processes
-
/tmp/wireguard-install.sh/tmp/wireguard-install.sh1⤵PID:1523
-
/usr/bin/systemd-detect-virtsystemd-detect-virt2⤵
- Checks hardware identifiers (DMI)
- Reads runtime system information
PID:1524 -
/usr/bin/systemd-detect-virtsystemd-detect-virt2⤵
- Checks hardware identifiers (DMI)
- Reads runtime system information
PID:1525 -
/usr/bin/headhead -12⤵PID:1529
-
/bin/sedsed -ne "s|^.* inet \\([^/]*\\)/.* scope global.*\$|\\1|p"2⤵
- Reads runtime system information
PID:1528 -
/sbin/ipip -4 addr2⤵PID:1527
-
/usr/bin/headhead -12⤵PID:1533
-
/bin/sedsed -ne "s|^.* inet6 \\([^/]*\\)/.* scope global.*\$|\\1|p"2⤵
- Reads runtime system information
PID:1532 -
/sbin/ipip -6 addr2⤵PID:1531
-
/usr/bin/headhead -12⤵PID:1546
-
/bin/grepgrep -Po "(?<=dev )(\\S+)"2⤵PID:1545
-
/bin/grepgrep default2⤵PID:1544
-
/sbin/ipip -4 route ls2⤵PID:1543