4cbcf875e1ab8f7628aaeb16e854eed9269a082f1209e18f68154ebfad772841

Analysis

max time kernel
0s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22/05/2024, 12:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

generate.sh
Size

4KB
MD5

2a4f4a4f430d3bcc280e6e29a6dba5ca
SHA1

76088ee83d01cade9adde126db8190d6fa869fed
SHA256

4cbcf875e1ab8f7628aaeb16e854eed9269a082f1209e18f68154ebfad772841
SHA512

7a595fa23a138e5c270f3a15a1a7d43afb0cf9bf5f0491c81ad97d740ffbf37ef86bf1ce6f4e56350adf1472c8e9fa81d538994319841ec3d2a1117cda272065
SSDEEP

48:uY32gwQnAPA1A7ZIb1nuWhIZVWhIZtsw0swNHUsw0swNHKOYOczus8oFl6c4swyn:uhZQ9QRE8wh8w9od1157nLoNQtQBK

Score

3^/10

Malware Config

Signatures

Reads runtime system information 46 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	sudo
File opened for reading	/proc/sys/kernel/ngroups_max	sudo
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/self/stat	sudo
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/self/fd	xargs
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	sed

/tmp/generate.sh
/tmp/generate.sh
1⤵
PID:1497
- /bin/rm
  rm -v -r /tank/Software/ldraw/collider/ /tank/Software/ldraw/connectivity/ /tank/Software/ldraw/parts/ /tank/Software/ldraw/p/ /tank/Software/ldraw/UnOfficial/ /tank/Software/ldraw/CustomParts/aliases/parts/ /tank/Software/ldraw/CustomParts/aliases/collider/ /tank/Software/ldraw/CustomParts/aliases/connectivity/
  2⤵
  PID:1498
- /bin/cp
  cp -v -r /tank/Software/ldraw/CustomParts/clean/collider/ /tank/Software/ldraw/CustomParts/clean/connectivity/ /tank/Software/ldraw/CustomParts/clean/parts/ /tank/Software/ldraw/CustomParts/clean/p/ /tank/Software/ldraw/CustomParts/clean/UnOfficial/ /tank/Software/ldraw/
  2⤵
  - Reads runtime system information
  PID:1499
- /usr/bin/comm
  comm -23 /dev/fd/63 /dev/fd/62
  2⤵
  PID:1500
- /bin/grep
  grep -F .
  2⤵
  PID:1507
- /usr/bin/sort
  sort
  2⤵
  PID:1508
- /usr/bin/tr
  tr "[A-Z]" "[a-z]"
  2⤵
  PID:1509
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/collider /tank/Software/ldraw/CustomParts/connectivity /tank/Software/ldraw/CustomParts/p /tank/Software/ldraw/CustomParts/parts
  2⤵
  - Reads runtime system information
  PID:1506
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/collider /tank/Software/ldraw/CustomParts/connectivity /tank/Software/ldraw/CustomParts/p /tank/Software/ldraw/CustomParts/parts
  2⤵
  - Reads runtime system information
  PID:1505
- /usr/bin/sort
  sort
  2⤵
  PID:1511
- /usr/bin/tr
  tr "[A-Z]" "[a-z]"
  2⤵
  PID:1516
- /bin/sed
  sed s_/tank/software/ldraw/customparts/_/tank/Software/ldraw/CustomParts/_
  2⤵
  - Reads runtime system information
  PID:1510
- /bin/sed
  sed "s_^_/tank/Software/ldraw/CustomParts/connectivity/_"
  2⤵
  - Reads runtime system information
  PID:1520
- /bin/sed
  sed "s/\$/.conn/"
  2⤵
  - Reads runtime system information
  PID:1519
- /usr/bin/comm
  comm -23 /dev/fd/63 /dev/fd/62
  2⤵
  PID:1518
- /bin/grep
  grep -F .
  2⤵
  PID:1528
- /usr/bin/sort
  sort
  2⤵
  PID:1527
- /bin/grep
  grep -F .conn
  2⤵
  PID:1526
- /bin/sed
  sed "s/.....\$//"
  2⤵
  - Reads runtime system information
  PID:1529
- /usr/bin/sort
  sort
  2⤵
  PID:1530
- /bin/sed
  sed "s/....\$//"
  2⤵
  - Reads runtime system information
  PID:1525
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/connectivity/ -printf "%P\\n"
  2⤵
  - Reads runtime system information
  PID:1524
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/parts/ -printf "%P\\n"
  2⤵
  - Reads runtime system information
  PID:1523
- /bin/sed
  sed "s_^_/tank/Software/ldraw/CustomParts/collider/_"
  2⤵
  - Reads runtime system information
  PID:1533
- /bin/sed
  sed "s/\$/.col/"
  2⤵
  - Reads runtime system information
  PID:1532
- /usr/bin/comm
  comm -23 /dev/fd/63 /dev/fd/62
  2⤵
  PID:1531
- /bin/grep
  grep -F .col
  2⤵
  PID:1541
- /usr/bin/sort
  sort
  2⤵
  PID:1540
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/collider/ -printf "%P\\n"
  2⤵
  - Reads runtime system information
  PID:1539
- /bin/grep
  grep -F .
  2⤵
  PID:1542
- /bin/sed
  sed "s/....\$//"
  2⤵
  - Reads runtime system information
  PID:1543
- /bin/sed
  sed "s/....\$//"
  2⤵
  - Reads runtime system information
  PID:1538
- /usr/bin/sort
  sort
  2⤵
  PID:1544
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/parts/ -printf "%P\\n"
  2⤵
  - Reads runtime system information
  PID:1537
- /bin/sed
  sed "s_^_/tank/Software/ldraw/CustomParts/p/_"
  2⤵
  - Reads runtime system information
  PID:1549
- /usr/bin/comm
  comm -23 /dev/fd/63 /dev/fd/62
  2⤵
  PID:1548
- /usr/bin/sort
  sort
  2⤵
  PID:1555
- /usr/bin/awk
  awk "NF>1{print \$NF}"
  2⤵
  - Reads runtime system information
  PID:1556
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/p/ -type f -printf "%P\\n"
  2⤵
  - Reads runtime system information
  PID:1554
- /usr/bin/xargs
  xargs
  2⤵
  - Reads runtime system information
  PID:1557
- - /usr/local/sbin/echo
    echo
    3⤵
    PID:1566
- - /usr/local/bin/echo
    echo
    3⤵
    PID:1566
- - /usr/sbin/echo
    echo
    3⤵
    PID:1566
- - /usr/bin/echo
    echo
    3⤵
    PID:1566
- - /sbin/echo
    echo
    3⤵
    PID:1566
- - /bin/echo
    echo
    3⤵
    PID:1566
- /bin/grep
  grep "^1 "
  2⤵
  PID:1553
- /bin/sed
  sed "s/ /\\n/g"
  2⤵
  - Reads runtime system information
  PID:1558
- /bin/sed
  sed "s/\\r//g"
  2⤵
  - Reads runtime system information
  PID:1559
- /bin/sed
  sed "s/\\\\/\\//"
  2⤵
  - Reads runtime system information
  PID:1560
- /usr/bin/tr
  tr "[A-Z]" "[a-z]"
  2⤵
  PID:1561
- /usr/bin/sort
  sort
  2⤵
  PID:1562
- /usr/bin/uniq
  uniq
  2⤵
  PID:1563
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/parts/ -type f
  2⤵
  - Reads runtime system information
  PID:1565
- /bin/cat
  cat
  2⤵
  PID:1552
- /bin/rm
  rm -v
  2⤵
  PID:1567
- /bin/mkdir
  mkdir /tank/Software/ldraw/CustomParts/aliases/collider
  2⤵
  - Reads runtime system information
  PID:1568
- /bin/mkdir
  mkdir /tank/Software/ldraw/CustomParts/aliases/connectivity
  2⤵
  - Reads runtime system information
  PID:1569
- /bin/mkdir
  mkdir /tank/Software/ldraw/CustomParts/aliases/parts
  2⤵
  - Reads runtime system information
  PID:1570
- /bin/sed
  sed "s_^_/tank/Software/ldraw/CustomParts/parts/_"
  2⤵
  - Reads runtime system information
  PID:1574
- /bin/sed
  sed "s/\$/a.dat/"
  2⤵
  - Reads runtime system information
  PID:1573
- /usr/bin/comm
  comm -12 /dev/fd/63 /dev/fd/62
  2⤵
  PID:1572
- /usr/bin/sort
  sort
  2⤵
  PID:1582
- /bin/sed
  sed "s/.....\$//"
  2⤵
  - Reads runtime system information
  PID:1581
- /usr/bin/sort
  sort
  2⤵
  PID:1583
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/clean/parts/ /tank/Software/ldraw/CustomParts/clean/UnOfficial/parts -printf "%P\\n"
  2⤵
  - Reads runtime system information
  PID:1578
- /bin/sed
  sed "s/....\$//"
  2⤵
  - Reads runtime system information
  PID:1580
- /bin/grep
  grep -F a.dat
  2⤵
  PID:1579
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/parts/ -printf "%P\\n"
  2⤵
  - Reads runtime system information
  PID:1577
- /bin/cp
  cp -v /tank/Software/ldraw/CustomParts/aliases/parts/
  2⤵
  - Reads runtime system information
  PID:1584
- /bin/sed
  sed "s/....\$//"
  2⤵
  - Reads runtime system information
  PID:1588
- /bin/grep
  grep -F .
  2⤵
  PID:1587
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/aliases/parts/ -printf "%P\\n"
  2⤵
  - Reads runtime system information
  PID:1586
- /bin/grep
  grep -F .
  2⤵
  PID:1591
- /usr/bin/find
  find /tank/Software/ldraw/CustomParts/aliases
  2⤵
  - Reads runtime system information
  PID:1590
- /bin/cp
  cp -v -r /tank/Software/ldraw/CustomParts/collider/ /tank/Software/ldraw/CustomParts/connectivity/ /tank/Software/ldraw/CustomParts/parts/ /tank/Software/ldraw/CustomParts/p/ /tank/Software/ldraw/UnOfficial/
  2⤵
  - Reads runtime system information
  PID:1592
- /bin/cp
  cp -v -r /tank/Software/ldraw/CustomParts/aliases/collider/ /tank/Software/ldraw/CustomParts/aliases/connectivity/ /tank/Software/ldraw/CustomParts/aliases/parts/ /tank/Software/ldraw/
  2⤵
  - Reads runtime system information
  PID:1593
- /bin/cp
  cp -v -r /tank/Software/ldraw/CustomParts/aliases/collider/ /tank/Software/ldraw/CustomParts/aliases/connectivity/ /tank/Software/ldraw/CustomParts/aliases/parts/ /tank/Software/ldraw/UnOfficial/
  2⤵
  - Reads runtime system information
  PID:1594
- /bin/zip
  /bin/zip -9 -r aliases.zip connectivity/ collider/ parts/
  2⤵
  PID:1595
- /usr/bin/sudo
  sudo mv -v aliases.zip /srv/http/
  2⤵
  - Reads runtime system information
  PID:1596
- /bin/zip
  /bin/zip -9 -r bionicle_parts.zip connectivity/ collider/ parts/ p/ aliases/
  2⤵
  PID:1597
- /usr/bin/sudo
  sudo mv -v bionicle_parts.zip /srv/http/
  2⤵
  - Reads runtime system information
  PID:1601

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads