Analysis

  • max time kernel
    1s
  • max time network
    132s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    31-08-2024 19:11

General

  • Target

    hubotio-hubot-b50c39c/script/bootstrap

  • Size

    33B

  • MD5

    9ff37553075c9254accb4a03fd09ccf1

  • SHA1

    5bf6592517586b93f5bfaf7de24878d3f97000d6

  • SHA256

    0211a7600c7ce9849ebda83b4aa80c7697cb489b8836446e3a374ea475808c98

  • SHA512

    471834857e2a2889cae05f60feca25d0662f7b129336d7f3d3b0c31403c45393faaca95fa9dce3ff8017f470b2c6fb54440b95e19665ca7ac6b9347073149be4

Score
4/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/hubotio-hubot-b50c39c/script/bootstrap
    /tmp/hubotio-hubot-b50c39c/script/bootstrap
    1⤵
      PID:1484
    • /usr/local/sbin/bash
      bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
      1⤵
        PID:1484
      • /usr/local/bin/bash
        bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
        1⤵
          PID:1484
        • /usr/sbin/bash
          bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
          1⤵
            PID:1484
          • /usr/bin/bash
            bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
            1⤵
              PID:1484
            • /sbin/bash
              bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
              1⤵
                PID:1484
              • /bin/bash
                bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
                1⤵
                  PID:1484
                  • /usr/bin/npm
                    npm install
                    2⤵
                      PID:1485
                    • /usr/local/sbin/node
                      node /usr/bin/npm install
                      2⤵
                        PID:1485
                      • /usr/local/bin/node
                        node /usr/bin/npm install
                        2⤵
                          PID:1485
                        • /usr/sbin/node
                          node /usr/bin/npm install
                          2⤵
                            PID:1485
                          • /usr/bin/node
                            node /usr/bin/npm install
                            2⤵
                            • Changes its process name
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            PID:1485

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads