Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
-
submitted
24/05/2024, 12:55
General
-
Target
oneclient-2102.sh
-
Size
5KB
-
MD5
0f965827f49e64c9090d34cf084965de
-
SHA1
b6d0b481ccecb1468a95f8440241c6467485bdfa
-
SHA256
86d41ab47eb057f493046468e45e1590b815eb69e5d3d459d8283aec770ada55
-
SHA512
8348fd4bd02577b4f7fcb0b8432f9222ee3f9b3d318ea6e90b66385b3ae533b8ae04202a350c043e4ce6e20fe3f0802a12d00bd2c1d5ae62037a6882fcecafaa
-
SSDEEP
96:3aKWUTvKxpbtoD/NyfLiL6JdE3IBT5g9ZBAvRwoPRP3LMD:GaSxzoD/NyjiL6RhYD
Malware Config
Signatures
-
Reads runtime system information 24 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 12 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/oneclient-2102.sh/tmp/oneclient-2102.sh1⤵
-
/bin/unameuname -m2⤵
-
-
/usr/bin/idid -un2⤵
- Reads runtime system information
-
-
/usr/bin/revrev2⤵
-
-
/usr/bin/cutcut -c 2-2⤵
-
-
/usr/bin/revrev2⤵
-
-
/usr/bin/trtr "\\n" -2⤵
-
-
/usr/bin/lsb_releaselsb_release -sic2⤵
-
-
/usr/bin/trtr "[:upper:]" "[:lower:]"2⤵
-
-
/bin/shsh -c "curl -sSL http://packages.onedata.org/onedata.gpg.key | apt-key add -"2⤵
-
/usr/bin/apt-keyapt-key add -3⤵
- Writes file to tmp directory
-
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring4⤵
- Reads runtime system information
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures5⤵
- Reads runtime system information
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring4⤵
- Reads runtime system information
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures5⤵
- Reads runtime system information
-
-
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys4⤵
- Reads runtime system information
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures5⤵
- Reads runtime system information
-
-
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI4⤵
- Reads runtime system information
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures5⤵
- Reads runtime system information
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring4⤵
- Reads runtime system information
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures5⤵
- Reads runtime system information
-
-
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f4⤵
- Reads runtime system information
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures5⤵
- Reads runtime system information
-
-
-
/usr/bin/apt-configapt-config shell GPG_EXE Apt::Key::gpgcommand4⤵
- Reads runtime system information
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures5⤵
- Reads runtime system information
-
-
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX4⤵
-
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.rmFjsu29QK4⤵
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"4⤵
- Reads runtime system information
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"4⤵
- Reads runtime system information
-
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.rmFjsu29QK/empty.gpg4⤵
- Writes file to tmp directory
-
-
/usr/bin/gpggpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/apt-key-gpghome.rmFjsu29QK --quiet --check-trustdb --keyring /tmp/apt-key-gpghome.rmFjsu29QK/empty.gpg4⤵
- Writes file to tmp directory
-
-
/bin/shsh /tmp/apt-key-gpghome.rmFjsu29QK/gpg.0.sh --batch --import4⤵
-
-
/usr/local/sbin/gpggpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/apt-key-gpghome.rmFjsu29QK --no-auto-check-trustdb --trust-model always --batch --import4⤵
-
-
/usr/local/bin/gpggpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/apt-key-gpghome.rmFjsu29QK --no-auto-check-trustdb --trust-model always --batch --import4⤵
-
-
/usr/sbin/gpggpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/apt-key-gpghome.rmFjsu29QK --no-auto-check-trustdb --trust-model always --batch --import4⤵
-
-
/usr/bin/gpggpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/apt-key-gpghome.rmFjsu29QK --no-auto-check-trustdb --trust-model always --batch --import4⤵
- Writes file to tmp directory
-
-
/usr/bin/idid -u4⤵
- Reads runtime system information
-
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.rmFjsu29QK4⤵
-
-
/bin/rmrm -f /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg4⤵
-
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg4⤵
- Writes file to tmp directory
-
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d4⤵
- Reads runtime system information
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures5⤵
- Reads runtime system information
-
-
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/4⤵
-
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"4⤵
- Reads runtime system information
-
-
/usr/bin/sortsort4⤵
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg4⤵
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg4⤵
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg4⤵
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg4⤵
-
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg4⤵
-
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg4⤵
-
-
/bin/cpcp -a /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg /tmp/apt-key-gpghome.rmFjsu29QK/pubring.orig.gpg4⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"4⤵
- Reads runtime system information
-
-
/bin/sedsed -e "s#'#'\"'\"'#g"4⤵
- Reads runtime system information
-
-
/bin/shsh /tmp/apt-key-gpghome.rmFjsu29QK/gpg.1.sh --quiet --batch --import -4⤵
-
-
/usr/local/sbin/shsh /tmp/apt-key-gpghome.rmFjsu29QK/gpg.0.sh --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
/usr/local/bin/shsh /tmp/apt-key-gpghome.rmFjsu29QK/gpg.0.sh --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
/usr/sbin/shsh /tmp/apt-key-gpghome.rmFjsu29QK/gpg.0.sh --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
/usr/bin/shsh /tmp/apt-key-gpghome.rmFjsu29QK/gpg.0.sh --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
/sbin/shsh /tmp/apt-key-gpghome.rmFjsu29QK/gpg.0.sh --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
/bin/shsh /tmp/apt-key-gpghome.rmFjsu29QK/gpg.0.sh --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
/usr/local/sbin/gpggpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/apt-key-gpghome.rmFjsu29QK --no-auto-check-trustdb --trust-model always --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
/usr/local/bin/gpggpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/apt-key-gpghome.rmFjsu29QK --no-auto-check-trustdb --trust-model always --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
/usr/sbin/gpggpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/apt-key-gpghome.rmFjsu29QK --no-auto-check-trustdb --trust-model always --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
/usr/bin/gpggpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/apt-key-gpghome.rmFjsu29QK --no-auto-check-trustdb --trust-model always --keyring /tmp/apt-key-gpghome.rmFjsu29QK/pubring.gpg --quiet --batch --import -4⤵
-
-
-
/usr/bin/curlcurl -sSL http://packages.onedata.org/onedata.gpg.key3⤵
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42B
MD52ce53448dd62d90c75fa9469388a1f64
SHA1d20ecd66eff475f2231b6281f6aa083be14c6bcf
SHA256d3e0abe0a49b3f47e8efe6493b57ae9e1ba8bb7a15332dd87fdbcc27227a721d
SHA51298caa0ec1f36469522a50ceb501f4381a39a26beeae09fe6cfd9b7485a164b518cf39cb3294c24df15a2ec47ac10bfa18b634869ba2816391124640bc6d739d6
-
Filesize
42B
MD51c2d99e312d817076ebc556423949289
SHA1108d960a4c1bf66be9b807626a5bf9866e4485ec
SHA2562c475bba76b82c157f820b0b0593d8abc586eb8362632f48484d77520d70903e
SHA512998cfe93e5ebe4b220bc2584b13d037b21c54a5c75816111f1baa2a99a5ef05b4d3511c377c928e7f783750a4bacb64d72d3603ebfbba3d23fd0a671ebda47d5
-
Filesize
174B
MD5970906d85ee13a0382d707ad170cf178
SHA1f7aa24490eb59c095267243d30af107ab1ce84c4
SHA2562286acecb137946067e6c580a58cb99925e031a61a131b2c6400315ac57784f3
SHA512ca987dd277988046a49fa2f55dbde5c79a94cca8acdf9f5add5a6314e9108f6b933431153bbeac5a468710c335bf0cb28664ddf6fce584122d4615d453c4b382
-
Filesize
122B
MD5b199f3a8f6858b4bc4b2da1d630e404c
SHA1f16ac40e2c0d083592d161c4cdc6cdd5e1954c65
SHA256cf1ea74f5772a39078fcc03120769b963012acef3b02eeb3e2427d74154cead1
SHA512c46bc89443dd74d38b7d7cbb74873a40d5e4f202d039c28e886439d16a08a849da2ed6effd279c9009673063e41b32c79dfa7564178b845effc9df0798b7ba28
-
Filesize
7KB
MD5b3bf35c5e796db394a50f96b908b690f
SHA1b1e90de4d9d88bac6c67926c0ff6263e3ef7c2d2
SHA256cf419d6c58bea5f2586043ecbad4c44f27d6f6060e5be19993b857105a5be094
SHA512a97f8881c83ddc681623e4f503f8f758afe85ae6c34e2339a635e9521ae1303aebb90a6bef7c1136b6bd2b7418facacf98643f24e8bb40f1f93fb8a8ef714a96