Analysis

  • max time kernel
    11s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    17-07-2024 20:09

General

  • Target

    resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh

  • Size

    382B

  • MD5

    17ce128289a3d19b931e6cd436bfdb14

  • SHA1

    581d5a68cfa8ec97caf34b15d4e411ff08a20f56

  • SHA256

    7b230bef0652681969d8dba281d5e3b750fdd822087e5dbd78b4030b5e1174ae

  • SHA512

    0b8e4d5a029bbc54433e106de14baceb0f874eb28e6ea939ece7eeb1cedb54cd0b5c08e8babe508bd25516ca8b032dff386b83192c93ba3db7127096c5905b00

Score
4/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
    /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
    1⤵
      PID:772
    • /usr/local/sbin/sh
      sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
      1⤵
        PID:772
      • /usr/local/bin/sh
        sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
        1⤵
          PID:772
        • /usr/sbin/sh
          sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
          1⤵
            PID:772
          • /usr/bin/sh
            sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
            1⤵
              PID:772
            • /sbin/sh
              sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
              1⤵
                PID:772
              • /bin/sh
                sh /tmp/resources/app.asar.unpacked/node_modules/iohook/deploy-docs.sh
                1⤵
                  PID:772
                  • /usr/bin/npm
                    npm run docs:build
                    2⤵
                      PID:773
                    • /usr/local/sbin/node
                      node /usr/bin/npm run docs:build
                      2⤵
                        PID:773
                      • /usr/local/bin/node
                        node /usr/bin/npm run docs:build
                        2⤵
                          PID:773
                        • /usr/sbin/node
                          node /usr/bin/npm run docs:build
                          2⤵
                            PID:773
                          • /usr/bin/node
                            node /usr/bin/npm run docs:build
                            2⤵
                            • Changes its process name
                            • Checks CPU configuration
                            • Reads CPU attributes
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            PID:773

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads