51975eab92064e45d930354994df59cb9c8a5eec9454d9bc46aae7d4a9d569fc

Analysis

max time kernel
0s
max time network
129s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22/05/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

agent360.sh
Size

48KB
MD5

d968ed25118ec0c5646c2884f7ac7784
SHA1

47a5a5104e000586bf8b702fe85ba52d0e46d26a
SHA256

51975eab92064e45d930354994df59cb9c8a5eec9454d9bc46aae7d4a9d569fc
SHA512

042b2edaafa08f20040a41a177af56bee716a21c44cce06c6125b46cf87d9f98971a03dc6891de6fdb6c1844cdc7af78f7df2b565ab2ae328ead230fce199b7b
SSDEEP

384:yvN2nUxZjPZ9WqHP8j1L+zKOS03NreeJtt2JtzJttTHRSeJd7OwpyU9a9/9dxHqo:SwUvLDWqvsES03G4XgxO7

Score

3^/10

Malware Config

Signatures

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	id

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/sh-thd.vLTLAX	agent360.sh

/tmp/agent360.sh
/tmp/agent360.sh
1⤵
- Writes file to tmp directory
PID:1506
- /usr/bin/id
  id -u
  2⤵
  - Reads runtime system information
  PID:1507
- /usr/bin/touch
  touch /var/log/agent360-install.log
  2⤵
  PID:1508
- /usr/bin/touch
  touch /var/log/agent360.log
  2⤵
  PID:1509
- /bin/grep
  /bin/grep -Eq "(^|:)/usr/local/bin/(\$|:)"
  2⤵
  PID:1511
- /usr/bin/wget
  wget -qO /etc/agent360.ini https://monitoring.platform360.io/agent360.ini
  2⤵
  PID:1512
- /usr/bin/head
  head -1
  2⤵
  PID:1520
- /bin/grep
  grep -o debian
  2⤵
  PID:1519
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1518
- /bin/grep
  grep -o ubuntu
  2⤵
  PID:1523
- /usr/bin/head
  head -1
  2⤵
  PID:1524
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1522
- /usr/bin/head
  head -1
  2⤵
  PID:1528
- /bin/grep
  grep -io centos
  2⤵
  PID:1527
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1526
- /usr/bin/head
  head -1
  2⤵
  PID:1532
- /bin/grep
  grep -io sangoma
  2⤵
  PID:1531
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1530
- /usr/bin/head
  head -1
  2⤵
  PID:1536
- /bin/grep
  grep -io scientific
  2⤵
  PID:1535
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1534
- /usr/bin/head
  head -1
  2⤵
  PID:1540
- /bin/grep
  grep -io Oracle
  2⤵
  PID:1539
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1538
- /usr/bin/head
  head -1
  2⤵
  PID:1544
- /bin/grep
  grep -o fedora
  2⤵
  PID:1543
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1542
- /usr/bin/head
  head -1
  2⤵
  PID:1548
- /bin/grep
  grep -io cloudlinux
  2⤵
  PID:1547
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1546
- /usr/bin/head
  head -1
  2⤵
  PID:1552
- /bin/grep
  grep -io SHMZ
  2⤵
  PID:1551
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1550
- /usr/bin/head
  head -1
  2⤵
  PID:1556
- /bin/grep
  grep -o amazon
  2⤵
  PID:1555
- /bin/cat
  cat /etc/lsb-release /etc/os-release
  2⤵
  PID:1554
- /bin/cat
  cat
  2⤵
  PID:1557

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/sh-thd.vLTLAX

Filesize
72B

MD5
ce717702f7c2e1d1b0142f50eb6cfa8b

SHA1
e01219d4d8c1dcb4ced7460abf53a888ebb94a42

SHA256
1c89cc1c6d6b9a1a7cbd8558416c614031fde2deacdf80377520b5287625f911

SHA512
6ecfdf9771590e53e2dcc97cf05290e43d6f8bbfaa4fa9c0104897c7a2c17097b9c004f620502021112e1be07476daac1a486f31f0cce6c587ba3e6cf27579f7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads