Overview
overview
7Static
static
1requiremetns.sh
debian-12-armhf
7requiremetns.sh
debian-12-mipsel
7requiremetns.sh
debian-9-armhf
4requiremetns.sh
debian-9-mips
6requiremetns.sh
debian-9-mipsel
6requiremetns.sh
ubuntu-18.04-amd64
3requiremetns.sh
ubuntu-20.04-amd64
7requiremetns.sh
ubuntu-22.04-amd64
7requiremetns.sh
ubuntu-24.04-amd64
7Analysis
-
max time kernel
43s -
max time network
10s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
01-07-2024 08:16
Static task
static1
Behavioral task
behavioral1
Sample
requiremetns.sh
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral2
Sample
requiremetns.sh
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral3
Sample
requiremetns.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral4
Sample
requiremetns.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral5
Sample
requiremetns.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral6
Sample
requiremetns.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral7
Sample
requiremetns.sh
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral8
Sample
requiremetns.sh
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral9
Sample
requiremetns.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
requiremetns.sh
-
Size
8KB
-
MD5
881149037815f5f9d7cf7f44ac19ddc5
-
SHA1
b2a727881e910bdc50069c21e138f6ccd897aa9f
-
SHA256
fb8078997d6da092759d88b428f48d878d8ea43eaa244bbe3679f197bdbd6b01
-
SHA512
f4f7685745415555f60f408b3b2a7b351b9f113f53b1e6ffbc50d416fe068c9747100955e2455e67d7b98dc92fca56bcebcbca59751d7cbce60534b336aacc01
-
SSDEEP
192:/Fa1ZIJvH8czpCyzdpB3f1SAij8E3YUNvmTC8KfbmP/oYv0Yd:/EHexC+HSAHE3YUN+TC8SbmQUfd
Malware Config
Signatures
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo https -
Reads runtime system information 9 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/fd apt File opened for reading /proc/filesystems dpkg File opened for reading /proc/sys/kernel/ngroups_max apt File opened for reading /proc/sys/crypto/fips_enabled https File opened for reading /proc/self/auxv https File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/self/fd apt File opened for reading /proc/filesystems dpkg -
Writes file to tmp directory 11 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/fileutl.message.C24xti apt File opened for modification /tmp/fileutl.message.TyuMwk apt File opened for modification /tmp/fileutl.message.bzMH4D apt File opened for modification /tmp/fileutl.message.JBlXb9 apt File opened for modification /tmp/fileutl.message.5vHenM apt File opened for modification /tmp/fileutl.message.hbuIri apt File opened for modification /tmp/fileutl.message.Ox64Wj apt File opened for modification /tmp/fileutl.message.s9jfFQ apt File opened for modification /tmp/fileutl.message.Plqgvl apt File opened for modification /tmp/fileutl.message.Dc3a2f apt File opened for modification /tmp/fileutl.message.U2X0uv apt
Processes
-
/tmp/requiremetns.sh/tmp/requiremetns.sh1⤵PID:666
-
/usr/bin/aptapt update2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:674 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:676
-
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http3⤵PID:683
-
-
/usr/lib/apt/methods/https/usr/lib/apt/methods/https3⤵PID:686
-
-
/usr/lib/apt/methods/https/usr/lib/apt/methods/https3⤵
- Checks CPU configuration
- Reads runtime system information
PID:693
-
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http3⤵PID:695
-
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:700
-
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:713
-
-
-
/usr/bin/aptapt install curl nano sudo neofetch -y2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:714 -
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
PID:716
-
-
-
/usr/bin/cutcut -f1 -d.2⤵PID:719
-