Analysis

  • max time kernel
    12s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    31-08-2024 19:11

General

  • Target

    hubotio-hubot-b50c39c/script/bootstrap

  • Size

    33B

  • MD5

    9ff37553075c9254accb4a03fd09ccf1

  • SHA1

    5bf6592517586b93f5bfaf7de24878d3f97000d6

  • SHA256

    0211a7600c7ce9849ebda83b4aa80c7697cb489b8836446e3a374ea475808c98

  • SHA512

    471834857e2a2889cae05f60feca25d0662f7b129336d7f3d3b0c31403c45393faaca95fa9dce3ff8017f470b2c6fb54440b95e19665ca7ac6b9347073149be4

Score
4/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/hubotio-hubot-b50c39c/script/bootstrap
    /tmp/hubotio-hubot-b50c39c/script/bootstrap
    1⤵
      PID:672
    • /usr/local/sbin/bash
      bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
      1⤵
        PID:672
      • /usr/local/bin/bash
        bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
        1⤵
          PID:672
        • /usr/sbin/bash
          bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
          1⤵
            PID:672
          • /usr/bin/bash
            bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
            1⤵
              PID:672
            • /sbin/bash
              bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
              1⤵
                PID:672
              • /bin/bash
                bash /tmp/hubotio-hubot-b50c39c/script/bootstrap
                1⤵
                  PID:672
                  • /usr/bin/npm
                    npm install
                    2⤵
                      PID:675
                    • /usr/local/sbin/node
                      node /usr/bin/npm install
                      2⤵
                        PID:675
                      • /usr/local/bin/node
                        node /usr/bin/npm install
                        2⤵
                          PID:675
                        • /usr/sbin/node
                          node /usr/bin/npm install
                          2⤵
                            PID:675
                          • /usr/bin/node
                            node /usr/bin/npm install
                            2⤵
                            • Changes its process name
                            • Checks CPU configuration
                            • Reads CPU attributes
                            • Enumerates kernel/hardware configuration
                            • Reads runtime system information
                            PID:675

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads