Overview

overview

7

Static

static

1

requiremetns.sh

debian-12-armhf

7

requiremetns.sh

debian-12-mipsel

7

requiremetns.sh

debian-9-armhf

4

requiremetns.sh

debian-9-mips

6

requiremetns.sh

debian-9-mipsel

6

requiremetns.sh

ubuntu-18.04-amd64

3

requiremetns.sh

ubuntu-20.04-amd64

7

requiremetns.sh

ubuntu-22.04-amd64

7

requiremetns.sh

ubuntu-24.04-amd64

7

Analysis

  • max time kernel
    2s
  • max time network
    897s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    01/07/2024, 08:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    requiremetns.sh

  • Size

    8KB

  • MD5

    881149037815f5f9d7cf7f44ac19ddc5

  • SHA1

    b2a727881e910bdc50069c21e138f6ccd897aa9f

  • SHA256

    fb8078997d6da092759d88b428f48d878d8ea43eaa244bbe3679f197bdbd6b01

  • SHA512

    f4f7685745415555f60f408b3b2a7b351b9f113f53b1e6ffbc50d416fe068c9747100955e2455e67d7b98dc92fca56bcebcbca59751d7cbce60534b336aacc01

  • SSDEEP

    192:/Fa1ZIJvH8czpCyzdpB3f1SAij8E3YUNvmTC8KfbmP/oYv0Yd:/EHexC+HSAHE3YUN+TC8SbmQUfd

Score
3/10

Malware Config

Signatures

  • Enumerates kernel/hardware configuration 1 TTPs 4 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 24 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 37 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/requiremetns.sh
    /tmp/requiremetns.sh
    1⤵
      PID:1504
      • /usr/bin/apt
        apt update
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        PID:1505
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          3⤵
          • Reads runtime system information
          PID:1506
        • /usr/lib/apt/methods/http
          /usr/lib/apt/methods/http
          3⤵
            PID:1508
          • /usr/lib/apt/methods/https
            /usr/lib/apt/methods/https
            3⤵
              PID:1509
            • /bin/sh
              sh -c "[ ! -e /run/systemd/system ] || [ \$(id -u) -ne 0 ] || systemctl start --no-block apt-news.service esm-cache.service || true"
              3⤵
                PID:1511
                • /usr/bin/id
                  id -u
                  4⤵
                  • Reads runtime system information
                  PID:1512
                • /bin/systemctl
                  systemctl start --no-block apt-news.service esm-cache.service
                  4⤵
                  • Reads runtime system information
                  PID:1513
              • /usr/lib/apt/methods/https
                /usr/lib/apt/methods/https
                3⤵
                  PID:1517
                • /usr/lib/apt/methods/http
                  /usr/lib/apt/methods/http
                  3⤵
                    PID:1521
                  • /usr/lib/apt/methods/http
                    /usr/lib/apt/methods/http
                    3⤵
                      PID:1522
                    • /usr/bin/dpkg
                      /usr/bin/dpkg --print-foreign-architectures
                      3⤵
                      • Reads runtime system information
                      PID:1526
                    • /usr/bin/dpkg
                      /usr/bin/dpkg --print-foreign-architectures
                      3⤵
                      • Reads runtime system information
                      PID:1527
                  • /usr/bin/apt
                    apt install curl nano sudo neofetch -y
                    2⤵
                    • Reads runtime system information
                    • Writes file to tmp directory
                    PID:1528
                    • /usr/bin/dpkg
                      /usr/bin/dpkg --print-foreign-architectures
                      3⤵
                      • Reads runtime system information
                      PID:1529
                    • /usr/bin/dpkg
                      /usr/bin/dpkg --print-foreign-architectures
                      3⤵
                      • Reads runtime system information
                      PID:1530
                    • /bin/sh
                      /bin/sh -c "[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
                      3⤵
                        PID:1531
                        • /usr/bin/snap
                          /usr/bin/snap advise-snap --from-apt
                          4⤵
                          • Enumerates kernel/hardware configuration
                          • Reads runtime system information
                          PID:1532
                      • /usr/lib/apt/methods/http
                        /usr/lib/apt/methods/http
                        3⤵
                          PID:1540
                        • /bin/sh
                          /bin/sh -c "[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
                          3⤵
                            PID:1541
                            • /usr/bin/snap
                              /usr/bin/snap advise-snap --from-apt
                              4⤵
                              • Enumerates kernel/hardware configuration
                              • Reads runtime system information
                              PID:1542
                          • /bin/sh
                            /bin/sh -c "[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
                            3⤵
                              PID:1550
                              • /usr/bin/snap
                                /usr/bin/snap advise-snap --from-apt
                                4⤵
                                • Enumerates kernel/hardware configuration
                                • Reads runtime system information
                                PID:1551
                            • /usr/lib/apt/methods/http
                              /usr/lib/apt/methods/http
                              3⤵
                                PID:1559
                              • /bin/sh
                                /bin/sh -c "[ ! -f /usr/bin/snap ] || /usr/bin/snap advise-snap --from-apt 2>/dev/null || true"
                                3⤵
                                  PID:1563
                                  • /usr/bin/snap
                                    /usr/bin/snap advise-snap --from-apt
                                    4⤵
                                    • Enumerates kernel/hardware configuration
                                    • Reads runtime system information
                                    PID:1564
                              • /usr/bin/cut
                                cut -f1 -d.
                                2⤵
                                  PID:1574

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads