Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    17-07-2024 20:09

General

  • Target

    resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh

  • Size

    382B

  • MD5

    17ce128289a3d19b931e6cd436bfdb14

  • SHA1

    581d5a68cfa8ec97caf34b15d4e411ff08a20f56

  • SHA256

    7b230bef0652681969d8dba281d5e3b750fdd822087e5dbd78b4030b5e1174ae

  • SHA512

    0b8e4d5a029bbc54433e106de14baceb0f874eb28e6ea939ece7eeb1cedb54cd0b5c08e8babe508bd25516ca8b032dff386b83192c93ba3db7127096c5905b00

Score
4/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
    /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
    1⤵
      PID:1535
    • /usr/local/sbin/sh
      sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
      1⤵
        PID:1535
      • /usr/local/bin/sh
        sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
        1⤵
          PID:1535
        • /usr/sbin/sh
          sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
          1⤵
            PID:1535
          • /usr/bin/sh
            sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
            1⤵
              PID:1535
            • /sbin/sh
              sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
              1⤵
                PID:1535
              • /bin/sh
                sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
                1⤵
                  PID:1535
                  • /usr/bin/npm
                    npm run docs:build
                    2⤵
                      PID:1536
                    • /usr/local/sbin/node
                      node /usr/bin/npm run docs:build
                      2⤵
                        PID:1536
                      • /usr/local/bin/node
                        node /usr/bin/npm run docs:build
                        2⤵
                          PID:1536
                        • /usr/sbin/node
                          node /usr/bin/npm run docs:build
                          2⤵
                            PID:1536
                          • /usr/bin/node
                            node /usr/bin/npm run docs:build
                            2⤵
                            • Changes its process name
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            PID:1536

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads