7fc812dd13f161aa83f65b9c0172bc368faf030829cb5b1cf4e08a4087bd8fdc

Analysis

max time kernel
0s
max time network
128s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
23-05-2024 13:07

Target

update-repo.sh
Size

707B
MD5

80604cfcaac66664b235ed29a505c8cf
SHA1

0d76de332611733b7805d58d150c8e4cd9a70150
SHA256

7fc812dd13f161aa83f65b9c0172bc368faf030829cb5b1cf4e08a4087bd8fdc
SHA512

52693e8a73eebb41efed1bc44347bce8617be97c35d358629a18a3d2246527879665f017ec6d589270108d25337416145b8b3f12c98a0efb104789218dd06449

Score

3^/10

Writes file to tmp directory 3 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/Packages	update-repo.sh
File opened for modification	/tmp/Packages.gz	update-repo.sh
File opened for modification	/tmp/Release	update-repo.sh

/tmp/update-repo.sh
/tmp/update-repo.sh
1⤵
- Writes file to tmp directory
PID:1516
- /usr/bin/dpkg-scanpackages
  dpkg-scanpackages -m ./main
  2⤵
  PID:1517
- /bin/gzip
  gzip -9c
  2⤵
  PID:1519
- /bin/cat
  cat Packages
  2⤵
  PID:1518
- /usr/bin/wc
  wc -c Packages
  2⤵
  PID:1520
- /usr/bin/wc
  wc -c Packages.gz
  2⤵
  PID:1521
- /bin/date
  date -u -R
  2⤵
  PID:1522
- /usr/bin/cut
  cut "-d " -f1
  2⤵
  PID:1525
- /usr/bin/md5sum
  md5sum Packages
  2⤵
  PID:1524
- /usr/bin/cut
  cut "-d " -f1
  2⤵
  PID:1528
- /usr/bin/md5sum
  md5sum Packages.gz
  2⤵
  PID:1527
- /usr/bin/cut
  cut "-d " -f1
  2⤵
  PID:1531
- /usr/bin/sha1sum
  sha1sum Packages
  2⤵
  PID:1530
- /usr/bin/cut
  cut "-d " -f1
  2⤵
  PID:1534
- /usr/bin/sha1sum
  sha1sum Packages.gz
  2⤵
  PID:1533
- /usr/bin/cut
  cut "-d " -f1
  2⤵
  PID:1537
- /usr/bin/sha256sum
  sha256sum Packages
  2⤵
  PID:1536
- /usr/bin/cut
  cut "-d " -f1
  2⤵
  PID:1540
- /usr/bin/sha256sum
  sha256sum Packages.gz
  2⤵
  PID:1539
- /bin/cat
  cat
  2⤵
  PID:1541
- /usr/bin/gpg
  gpg -abs -o Release.gpg Release
  2⤵
  PID:1542

/root/.gnupg/.#lk0x000056301981c500.ubuntu1804-amd64-20240508-en-13.1542

Filesize
43B

MD5
e2c5f7a69cd31827fe8c6ad321f2e7e9

SHA1
9585f69901c4716109262f3a3caf49fa734603c2

SHA256
2a87d6cbcb927b3eaa7d77c494709b94f3c55df3c501123d03176a2781178330

SHA512
4c0d1ffe5de9718cf64200504f94a89d0ae4e074e3ff168ff70afa1f0b19853721ae9060c9783d36c0aec3868be895caf4daff999854cdafae8047a43db6fc40

Download Submit
/tmp/Release

Filesize
489B

MD5
84e0469efa709e75c6effa0977264e06

SHA1
7acd7f4284ad77eb7907bb67adbb470213af08c8

SHA256
f27020c050b5b7069cd741dac9de480ea5c62fa0b780272bde33823106a7e0f7

SHA512
7ea6e7cec8c548cb84bf0f2a548cc548cd713525f03c91c1613e5ebb0efa39e22c1661c67acab1fb9e659fed36961ee58ace0fd8261b15bbcd4cec05027600ad

Download Submit