Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22-05-2024 11:40

General

  • Target

    wireguard-install.sh

  • Size

    14KB

  • MD5

    b2b666dcc7d7c9129637d440a1f0c7e0

  • SHA1

    07223c071106705de40bd2836b69db76ccf569ec

  • SHA256

    ed76a56e70e67195e15d8d08554631d387518bf8594182b94c9200fc96c6f64b

  • SHA512

    44838f364bf735eca7fcd6d63785ec8d8c5dbab8f1040381c1958b4d3a2d0299e9b798b810d77a8d50620ee163ccef7a333bac1eabdde1170f339bef3480e762

  • SSDEEP

    192:+lgpG3vZqRWS6AWNVM4tQ/YNGcQRSJdWiPQGadfmgKE+lqowBAcz5mSy0dbRq3WB:+B/ZaWS69ttQVfRB+qowz5mS9nk4

Score
6/10

Malware Config

Signatures

  • Checks hardware identifiers (DMI) 1 TTPs 4 IoCs

    Checks DMI information which indicate if the system is a virtual machine.

  • Reads runtime system information 14 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/wireguard-install.sh
    /tmp/wireguard-install.sh
    1⤵
      PID:1523
      • /usr/bin/systemd-detect-virt
        systemd-detect-virt
        2⤵
        • Checks hardware identifiers (DMI)
        • Reads runtime system information
        PID:1524
      • /usr/bin/systemd-detect-virt
        systemd-detect-virt
        2⤵
        • Checks hardware identifiers (DMI)
        • Reads runtime system information
        PID:1525
      • /usr/bin/head
        head -1
        2⤵
          PID:1529
        • /bin/sed
          sed -ne "s|^.* inet \\([^/]*\\)/.* scope global.*\$|\\1|p"
          2⤵
          • Reads runtime system information
          PID:1528
        • /sbin/ip
          ip -4 addr
          2⤵
            PID:1527
          • /usr/bin/head
            head -1
            2⤵
              PID:1533
            • /bin/sed
              sed -ne "s|^.* inet6 \\([^/]*\\)/.* scope global.*\$|\\1|p"
              2⤵
              • Reads runtime system information
              PID:1532
            • /sbin/ip
              ip -6 addr
              2⤵
                PID:1531
              • /usr/bin/head
                head -1
                2⤵
                  PID:1546
                • /bin/grep
                  grep -Po "(?<=dev )(\\S+)"
                  2⤵
                    PID:1545
                  • /bin/grep
                    grep default
                    2⤵
                      PID:1544
                    • /sbin/ip
                      ip -4 route ls
                      2⤵
                        PID:1543

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads