b4628af0f464a5c3034cae20f00df217e7e345f1a5d2ff5282089021d6b345b7

Analysis

max time kernel
0s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22/05/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbb-post-roomeet-2.7.sh
Size

7KB
MD5

faf5333849009ecbc10b6a249b5d5a6c
SHA1

11ba5e3886006c82218b0980fe01c29140be0ba0
SHA256

b4628af0f464a5c3034cae20f00df217e7e345f1a5d2ff5282089021d6b345b7
SHA512

011805bc72cf4118dacccff01f1d43f395de07f2ff3e64c0262273e6d7452e2ffaa3a0bba293d93a99391fff2e047f204c8281bf9ac3aaa9fc1d3ff436a6effa
SSDEEP

96:XkvUHBCmveIknEhGW50e05040z08050y020YXeX5X4XzX8X5XyX2XTECPGTACBEv:X2oTveIM72FAZ2PDIeJoL0JKGP8tYn

Score

3^/10

Malware Config

Signatures

Reads runtime system information 14 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	mkdir

/tmp/bbb-post-roomeet-2.7.sh
/tmp/bbb-post-roomeet-2.7.sh
1⤵
PID:1500
- /usr/bin/wget
  wget https://files.roomeet.ir/bbb/defaults/roomeet/roomeet-default-2.6.pdf -O /var/www/bigbluebutton-default/assets/default.pdf
  2⤵
  PID:1501
- /usr/bin/wget
  wget https://files.roomeet.ir/bbb/defaults/roomeet/roomeet-favicon.ico -O /var/www/bigbluebutton-default/assets/favicon.ico
  2⤵
  PID:1502
- /usr/bin/wget
  wget https://files.roomeet.ir/bbb/fa.css -O /var/www/bigbluebutton-default/assets/fa.css
  2⤵
  PID:1503
- /bin/sed
  sed -e "s|https://||g"
  2⤵
  - Reads runtime system information
  PID:1513
- /bin/sed
  sed -e "s|/bigbluebutton/||g"
  2⤵
  - Reads runtime system information
  PID:1512
- /usr/bin/cut
  cut -c 10-
  2⤵
  PID:1511
- /bin/grep
  grep URL:
  2⤵
  PID:1510
- /bin/sed
  sed -i "s|^defaultWelcomeMessage=.*|defaultWelcomeMessage=\\n|" /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
  2⤵
  - Reads runtime system information
  PID:1524
- /bin/sed
  sed -i "s|^defaultWelcomeMessageFooter=.*|defaultWelcomeMessageFooter=\\n|" /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
  2⤵
  - Reads runtime system information
  PID:1525
- /bin/sed
  sed -i "s!^maxFileSizeUpload.*!maxFileSizeUpload=200000000!g" /etc/bigbluebutton/bbb-web.properties
  2⤵
  - Reads runtime system information
  PID:1526
- /bin/sed
  sed -i "s!^ client_max_body_size.*! client_max_body_size 1024m;!g" /usr/share/bigbluebutton/nginx/web
  2⤵
  - Reads runtime system information
  PID:1527
- /bin/sed
  sed -i "s!^\\t\\t\\tclient_max_body_size.*! client_max_body_size 1024m;!g" /usr/share/bigbluebutton/nginx/web
  2⤵
  - Reads runtime system information
  PID:1528
- /bin/sed
  sed -i "s!^maxNumPages.*!maxNumPages=500!g" /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
  2⤵
  - Reads runtime system information
  PID:1529
- /bin/sed
  sed -i "s!^maxFileSizeUpload.*!maxFileSizeUpload=200000000!g" /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
  2⤵
  - Reads runtime system information
  PID:1530
- /bin/sed
  sed -i "s!^maxBigPdfPageSize.*!maxBigPdfPageSize=200000000!g" /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
  2⤵
  - Reads runtime system information
  PID:1531
- /bin/sed
  sed -i "s!^bigbluebutton.web.logoutURL.*!bigbluebutton.web.logoutURL=https://roomeet.ir/!g" /usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties
  2⤵
  - Reads runtime system information
  PID:1532
- /bin/mkdir
  mkdir /usr/share/meteor/bundle/programs/web.browser/app/resources/images/layouts/customStyle
  2⤵
  - Reads runtime system information
  PID:1533
- /bin/ln
  ln -s /usr/share/meteor/bundle/programs/web.browser/app/resources/images/layouts/smart.svg /usr/share/meteor/bundle/programs/web.browser/app/resources/images/layouts/customStyle/smart.svg
  2⤵
  PID:1534
- /bin/ln
  ln -s /usr/share/meteor/bundle/programs/web.browser/app/resources/images/layouts/custom.svg /usr/share/meteor/bundle/programs/web.browser/app/resources/images/layouts/customStyle/custom.svg
  2⤵
  PID:1535
- /bin/ln
  ln -s /usr/share/meteor/bundle/programs/web.browser/app/resources/images/layouts/videoFocus.svg /usr/share/meteor/bundle/programs/web.browser/app/resources/images/layouts/customStyle/videoFocus.svg
  2⤵
  PID:1536
- /bin/ln
  ln -s /usr/share/meteor/bundle/programs/web.browser/app/resources/images/layouts/presentationFocus.svg /usr/share/meteor/bundle/programs/web.browser/app/resources/images/layouts/customStyle/presentationFocus.svg
  2⤵
  PID:1537
- /bin/mkdir
  mkdir /usr/share/meteor/bundle/programs/web.browser.legacy/app/resources/images/layouts/customStyle
  2⤵
  - Reads runtime system information
  PID:1538
- /bin/ln
  ln -s /usr/share/meteor/bundle/programs/web.browser.legacy/app/resources/images/layouts/smart.svg /usr/share/meteor/bundle/programs/web.browser.legacy/app/resources/images/layouts/customStyle/smart.svg
  2⤵
  PID:1539
- /bin/ln
  ln -s /usr/share/meteor/bundle/programs/web.browser.legacy/app/resources/images/layouts/custom.svg /usr/share/meteor/bundle/programs/web.browser.legacy/app/resources/images/layouts/customStyle/custom.svg
  2⤵
  PID:1542
- /bin/ln
  ln -s /usr/share/meteor/bundle/programs/web.browser.legacy/app/resources/images/layouts/videoFocus.svg /usr/share/meteor/bundle/programs/web.browser.legacy/app/resources/images/layouts/customStyle/videoFocus.svg
  2⤵
  PID:1543
- /bin/ln
  ln -s /usr/share/meteor/bundle/programs/web.browser.legacy/app/resources/images/layouts/presentationFocus.svg /usr/share/meteor/bundle/programs/web.browser.legacy/app/resources/images/layouts/customStyle/presentationFocus.svg
  2⤵
  PID:1544
- /bin/sed
  sed -i "s/# - mp4/- mp4/g" /usr/local/bigbluebutton/core/scripts/presentation.yml
  2⤵
  - Reads runtime system information
  PID:1545

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads