Overview

overview

7

Static

static

1

triage-script.sh

debian-12-armhf

7

triage-script.sh

debian-9-armhf

3

triage-script.sh

ubuntu-18.04-amd64

3

triage-script.sh

ubuntu-20.04-amd64

7

triage-script.sh

ubuntu-22.04-amd64

7

triage-script.sh

ubuntu-24.04-amd64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    triage-script.sh

  • Size

    374B

  • Sample

    240714-q2khbsvfna

  • MD5

    d5ddd9f908abed74c331bd35db6d474c

  • SHA1

    cad94573973dc064905c7f563d07255b46cf66ab

  • SHA256

    0ea689b8e3ae9659b0779dde8f313e5f26aed139d448244be8558baf1d372747

  • SHA512

    ca2c965100cbd4bfa1b1c5423de3bc5b23ba52d19715413f3b0f8587f976af9e8e8454f44d43743388843ab77e42ab5dd4bb82315dacbb63322833f2050fdbe8

Score
7/10
antivminfostealerlinux

Malware Config

Targets

    • Target

      triage-script.sh

    • Size

      374B

    • MD5

      d5ddd9f908abed74c331bd35db6d474c

    • SHA1

      cad94573973dc064905c7f563d07255b46cf66ab

    • SHA256

      0ea689b8e3ae9659b0779dde8f313e5f26aed139d448244be8558baf1d372747

    • SHA512

      ca2c965100cbd4bfa1b1c5423de3bc5b23ba52d19715413f3b0f8587f976af9e8e8454f44d43743388843ab77e42ab5dd4bb82315dacbb63322833f2050fdbe8

    Score
    7/10
    antivminfostealer

    • Executes dropped EXE

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

      infostealer

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Checks mountinfo of local process

      Checks mountinfo of running processes which indicate if it is running in chroot jail.

      antivm

    • Deletes log files

      Deletes log files on the system.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Write file to user bin folder

    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks