Overview

overview

3

Static

static

1

oneprovider-2102.sh

ubuntu-18.04-amd64

3

oneprovider-2102.sh

debian-9-armhf

1

oneprovider-2102.sh

debian-9-mips

oneprovider-2102.sh

debian-9-mipsel

Analysis

  • max time kernel
    2s
  • max time network
    131s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    24-05-2024 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    oneprovider-2102.sh

  • Size

    4KB

  • MD5

    fa616d717eea04b0b4906fc047fa8f7a

  • SHA1

    37679409f6223f9b89c1a44e74f197f1895653d2

  • SHA256

    7a0a1881e427300088da8d512f1251fb081ee49ff0bacd551cdfe78bf9edba53

  • SHA512

    5503e3dcebe943513c1859b2bedb030584405b5bd4fcc258680e56fbd13162d5f13479ec2f7194c6233af9dbe2e9139ab8bf8daaf812ff92368431fe3d0a228d

  • SSDEEP

    96:3auKUtckixpbroD/NrfLiL6JZE7eT5woPRG3PETD:gU5ixdoD/NrjiL6asD

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 13 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 21 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/oneprovider-2102.sh
    /tmp/oneprovider-2102.sh
    1⤵
      PID:1505
      • /bin/uname
        uname -m
        2⤵
          PID:1506
        • /usr/bin/id
          id -un
          2⤵
          • Reads runtime system information
          PID:1508
        • /usr/bin/rev
          rev
          2⤵
            PID:1514
          • /usr/bin/cut
            cut -c 2-
            2⤵
              PID:1513
            • /usr/bin/rev
              rev
              2⤵
                PID:1512
              • /usr/bin/tr
                tr "\\n" -
                2⤵
                  PID:1511
                • /usr/bin/lsb_release
                  lsb_release -sic
                  2⤵
                    PID:1510
                  • /usr/bin/tr
                    tr "[:upper:]" "[:lower:]"
                    2⤵
                      PID:1517
                    • /bin/sh
                      sh -c "apt-get update && apt-get install -y gnupg2"
                      2⤵
                        PID:1518
                        • /usr/bin/apt-get
                          apt-get update
                          3⤵
                          • Reads runtime system information
                          • Writes file to tmp directory
                          PID:1519
                          • /usr/bin/dpkg
                            /usr/bin/dpkg --print-foreign-architectures
                            4⤵
                            • Reads runtime system information
                            PID:1520
                          • /usr/lib/apt/methods/http
                            /usr/lib/apt/methods/http
                            4⤵
                              PID:1521
                            • /usr/lib/apt/methods/https
                              /usr/lib/apt/methods/https
                              4⤵
                                PID:1522
                              • /bin/sh
                                sh -c "[ ! -e /run/systemd/system ] || [ \$(id -u) -ne 0 ] || systemctl start --no-block apt-news.service esm-cache.service || true"
                                4⤵
                                  PID:1524
                                  • /usr/bin/id
                                    id -u
                                    5⤵
                                    • Reads runtime system information
                                    PID:1525
                                  • /bin/systemctl
                                    systemctl start --no-block apt-news.service esm-cache.service
                                    5⤵
                                    • Reads runtime system information
                                    PID:1526
                                • /usr/lib/apt/methods/https
                                  /usr/lib/apt/methods/https
                                  4⤵
                                    PID:1533
                                  • /usr/lib/apt/methods/http
                                    /usr/lib/apt/methods/http
                                    4⤵
                                      PID:1534
                                    • /usr/lib/apt/methods/http
                                      /usr/lib/apt/methods/http
                                      4⤵
                                        PID:1535
                                      • /usr/bin/dpkg
                                        /usr/bin/dpkg --print-foreign-architectures
                                        4⤵
                                        • Reads runtime system information
                                        PID:1539
                                      • /usr/bin/dpkg
                                        /usr/bin/dpkg --print-foreign-architectures
                                        4⤵
                                        • Reads runtime system information
                                        PID:1540

                                Network

                                MITRE ATT&CK Matrix

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • /tmp/fileutl.message.rXinyU
                                  Filesize

                                  235KB

                                  MD5

                                  373fe2f2ef99005d2550a482f09a3e51

                                  SHA1

                                  68e6572b55b1e77f7d171ebac7b2579b7a6bd51d

                                  SHA256

                                  7552d5ab0c3879756a860aaab8e7c2f8ffb9409ea9ff9e65fc046ba5c519ebe5

                                  SHA512

                                  def9e854b824d2fddc6a15f898be73cfb679ac38563f5af854546f49c9d5d2316a40176dc41d6b360bda7b65de53863a53e4eedadf6336000b031b77a113607b

                                  Download Submit