Overview

overview

4

Static

static

1

install.sh

ubuntu-18.04-amd64

4

install.sh

debian-9-armhf

1

install.sh

debian-9-mips

install.sh

debian-9-mipsel

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    23-05-2024 12:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    install.sh

  • Size

    24KB

  • MD5

    aebe5780709158e9a214fd260effa48f

  • SHA1

    34e4a235c99bda6257dfeb5241ebb1d545af9753

  • SHA256

    088865512a391af538dd63b3b635a4151b4b478fd648ed3c7f87bd43ac41d0e0

  • SHA512

    36ea620836a890bda390434a513480ca42a4534297791739b9135077bda5d60547b30ab19226a8632ffd3ed9a13665b7ce89c909aa282c799ba914321ee007b3

  • SSDEEP

    384:v0oE8f6tMMgPTSTEGpc/wWTW6DAyrSncRs/TPk0sl/w43Twk:tkMMMTXGpWWMABcRs/TPk0sl/w43Twk

Score
4/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/install.sh
    /tmp/install.sh
    1⤵
      PID:1505
      • /usr/bin/whoami
        whoami
        2⤵
          PID:1506
        • /usr/bin/getconf
          getconf LONG_BIT
          2⤵
            PID:1507
          • /bin/grep
            grep -iE "centos|Red Hat"
            2⤵
              PID:1511
            • /bin/grep
              grep " 6."
              2⤵
                PID:1510
              • /bin/cat
                cat /etc/redhat-release
                2⤵
                  PID:1509
                • /bin/grep
                  grep Ubuntu
                  2⤵
                    PID:1514
                  • /bin/cat
                    cat /etc/issue
                    2⤵
                      PID:1513
                    • /usr/bin/cut
                      cut -f 1 -d .
                      2⤵
                        PID:1516
                      • /usr/bin/awk
                        awk "{print \$2}"
                        2⤵
                        • Reads runtime system information
                        PID:1515
                      • /usr/bin/wc
                        wc -l
                        2⤵
                          PID:1523
                        • /bin/grep
                          grep processor
                          2⤵
                            PID:1522
                          • /bin/cat
                            cat /proc/cpuinfo
                            2⤵
                            • Checks CPU configuration
                            PID:1521

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads