Analysis

  • max time kernel
    12s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    31-08-2024 19:11

General

  • Target

    hubotio-hubot-b50c39c/bin/e2e-test.sh

  • Size

    1KB

  • MD5

    de8297d7cf8a0a3b701a8e42352e9b5f

  • SHA1

    773dbe1fb290506eb78db785f52727cdf65e5fc5

  • SHA256

    55f0020a3e03ca75d72c056bfb883ea773df240eed1d5a5703791799ebd95537

  • SHA512

    3a2169e750ca95e0d154b3d2c1354a6dd89bca02584fdb493100e63b08864a81e0f1390061fbd0a2ebd34399e9fa3f7f1c7d055943ee9f0c51eaa8814b454955

Score
4/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/hubotio-hubot-b50c39c/bin/e2e-test.sh
    /tmp/hubotio-hubot-b50c39c/bin/e2e-test.sh
    1⤵
      PID:684
      • /bin/mktemp
        mktemp -d
        2⤵
          PID:694
        • /usr/bin/npm
          npm init -y
          2⤵
            PID:696
          • /usr/local/sbin/node
            node /usr/bin/npm init -y
            2⤵
              PID:696
            • /usr/local/bin/node
              node /usr/bin/npm init -y
              2⤵
                PID:696
              • /usr/sbin/node
                node /usr/bin/npm init -y
                2⤵
                  PID:696
                • /usr/bin/node
                  node /usr/bin/npm init -y
                  2⤵
                  • Changes its process name
                  • Checks CPU configuration
                  • Reads CPU attributes
                  • Enumerates kernel/hardware configuration
                  • Reads runtime system information
                  PID:696

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads