3709f975f8d2be4489cd24680054ddde800998204c3f57ea4083042560054022

Analysis

max time kernel
0s
max time network
129s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
25/05/2024, 12:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fmc-data-backup-mysql-v3.sh
Size

3KB
MD5

f2a7911a83972070438a7fd24ac5c5cf
SHA1

3e3ac24f32b189515aac91e42bda499672084766
SHA256

3709f975f8d2be4489cd24680054ddde800998204c3f57ea4083042560054022
SHA512

724f400ef7ceebcd6782db19dae9adfc9afc3cb28627bd5f2653070ede93a1ca5606f38b12d7c98508e274cb270bb91b3560eec8632eb1b0ae6e7d2d196ab693

Score

6^/10

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/4/cmdline	ps
File opened for reading	/proc/36/cmdline	ps
File opened for reading	/proc/83/cmdline	ps
File opened for reading	/proc/465/stat	ps
File opened for reading	/proc/480/status	ps
File opened for reading	/proc/1016/status	ps
File opened for reading	/proc/1135/cmdline	ps
File opened for reading	/proc/24/status	ps
File opened for reading	/proc/1016/cmdline	ps
File opened for reading	/proc/17/cmdline	ps
File opened for reading	/proc/407/status	ps
File opened for reading	/proc/551/stat	ps
File opened for reading	/proc/1171/cmdline	ps
File opened for reading	/proc/sys/kernel/pid_max	ps
File opened for reading	/proc/1159/cmdline	ps
File opened for reading	/proc/4/stat	ps
File opened for reading	/proc/166/status	ps
File opened for reading	/proc/179/cmdline	ps
File opened for reading	/proc/983/status	ps
File opened for reading	/proc/1135/stat	ps
File opened for reading	/proc/12/stat	ps
File opened for reading	/proc/98/cmdline	ps
File opened for reading	/proc/405/cmdline	ps
File opened for reading	/proc/542/status	ps
File opened for reading	/proc/680/status	ps
File opened for reading	/proc/1098/stat	ps
File opened for reading	/proc/1/cmdline	ps
File opened for reading	/proc/482/status	ps
File opened for reading	/proc/1173/stat	ps
File opened for reading	/proc/27/cmdline	ps
File opened for reading	/proc/877/status	ps
File opened for reading	/proc/1090/cmdline	ps
File opened for reading	/proc/1118/status	ps
File opened for reading	/proc/1169/stat	ps
File opened for reading	/proc/165/cmdline	ps
File opened for reading	/proc/682/status	ps
File opened for reading	/proc/176/cmdline	ps
File opened for reading	/proc/1049/cmdline	ps
File opened for reading	/proc/1132/cmdline	ps
File opened for reading	/proc/1022/cmdline	ps
File opened for reading	/proc/1166/stat	ps
File opened for reading	/proc/1481/cmdline	ps
File opened for reading	/proc/3/cmdline	ps
File opened for reading	/proc/247/cmdline	ps
File opened for reading	/proc/1132/stat	ps
File opened for reading	/proc/165/stat	ps
File opened for reading	/proc/676/status	ps
File opened for reading	/proc/1045/status	ps
File opened for reading	/proc/1082/cmdline	ps
File opened for reading	/proc/98/stat	ps
File opened for reading	/proc/162/stat	ps
File opened for reading	/proc/1278/cmdline	ps
File opened for reading	/proc/79/cmdline	ps
File opened for reading	/proc/1213/stat	ps
File opened for reading	/proc/84/status	ps
File opened for reading	/proc/204/status	ps
File opened for reading	/proc/1367/stat	ps
File opened for reading	/proc/uptime	ps
File opened for reading	/proc/1180/stat	ps
File opened for reading	/proc/78/cmdline	ps
File opened for reading	/proc/79/status	ps
File opened for reading	/proc/524/cmdline	ps
File opened for reading	/proc/1045/stat	ps
File opened for reading	/proc/1230/stat	ps

/tmp/fmc-data-backup-mysql-v3.sh
/tmp/fmc-data-backup-mysql-v3.sh
1⤵
PID:1483
- /bin/grep
  grep -v "mysql\\|Database\\|information_schema\\|performance_schema\\|sys"
  2⤵
  PID:1486
- /bin/date
  date "+%Y%m%d%H"
  2⤵
  PID:1487
- /bin/date
  date "+%u"
  2⤵
  PID:1488
- /usr/bin/wc
  wc -l
  2⤵
  PID:1493
- /bin/grep
  grep -v grep
  2⤵
  PID:1492
- /bin/grep
  grep mysqld
  2⤵
  PID:1491
- /bin/ps
  ps -ef
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1490
- /usr/bin/wc
  wc -l
  2⤵
  PID:1498
- /bin/grep
  grep -v grep
  2⤵
  PID:1497
- /bin/grep
  grep 3306
  2⤵
  PID:1496
- /bin/date
  date
  2⤵
  PID:1499

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads