Analysis

  • max time kernel
    301s
  • max time network
    1679s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    18-07-2024 15:18

General

  • Target

    start.sh

  • Size

    556B

  • MD5

    a832de50849461f39011c4aa4d5a41d4

  • SHA1

    9cab7ded4ccc5add10b8a93a69deb037cda59a75

  • SHA256

    a1d5bc1444f2e66c241687096914cd9ce3ce1b1ab92127abca226bb74c5b4618

  • SHA512

    af017d9236fb03bb554b0a489d0ebc8186cbdaec7fd7ddf049bba99f0594974e58e677cd19d681c9161919ee64582cf67fdf5c55e14653bd1b1fe35b8d99fbc5

Score
4/10

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/start.sh
    /tmp/start.sh
    1⤵
      PID:647
      • /bin/mktemp
        mktemp
        2⤵
        • Writes file to tmp directory
        PID:648
      • /usr/bin/curl
        curl -fsL https://github.com/ChrisTitusTech/linutil/releases/latest/download/linutil -o /tmp/tmp.8Kgir5Xxij
        2⤵
        • Checks CPU configuration
        • Reads runtime system information
        PID:650

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads