Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    31-08-2024 19:49

General

  • Target

    mono-CppSharp-20950c5/build/build.sh

  • Size

    5KB

  • MD5

    e5930c1d46caea36f047869039e151fa

  • SHA1

    461156ade90e9085c83218343461466f81b64020

  • SHA256

    4f034380c41c136e827e6b291034e2ca91a252a04a67505abfdcc2133a63f637

  • SHA512

    d68168b33b1622a06f46af8b16cde023604bc381f3229b360c33866faef05fd74afc3daff1fd1453c27febac4cbc3b08a99697bcc945989376253e9e5e6877c6

  • SSDEEP

    96:1+0QLQCKkbatyFQ9ot+kq7YV3l1ds3Lmy9vs567yXr81I8F:6LQCKkbatiDt+kq7YV11ds3JZsNu

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/mono-CppSharp-20950c5/build/build.sh
    /tmp/mono-CppSharp-20950c5/build/build.sh
    1⤵
      PID:1510
    • /usr/local/sbin/bash
      bash /tmp/mono-CppSharp-20950c5/build/build.sh
      1⤵
        PID:1510
      • /usr/local/bin/bash
        bash /tmp/mono-CppSharp-20950c5/build/build.sh
        1⤵
          PID:1510
        • /usr/sbin/bash
          bash /tmp/mono-CppSharp-20950c5/build/build.sh
          1⤵
            PID:1510
          • /usr/bin/bash
            bash /tmp/mono-CppSharp-20950c5/build/build.sh
            1⤵
              PID:1510
            • /sbin/bash
              bash /tmp/mono-CppSharp-20950c5/build/build.sh
              1⤵
                PID:1510
              • /bin/bash
                bash /tmp/mono-CppSharp-20950c5/build/build.sh
                1⤵
                • Writes file to tmp directory
                PID:1510
                • /usr/bin/dirname
                  dirname /tmp/mono-CppSharp-20950c5/build/build.sh
                  2⤵
                    PID:1513
                  • /bin/uname
                    uname -m
                    2⤵
                      PID:1514
                    • /usr/bin/tr
                      tr "[:upper:]" "[:lower:]"
                      2⤵
                        PID:1516
                      • /bin/uname
                        uname -s
                        2⤵
                          PID:1517
                        • /usr/bin/curl
                          curl -L -O https://github.com/premake/premake-core/releases/download/v5.0.0-beta2/premake-5.0.0-beta2-linux.tar.gz
                          2⤵
                            PID:1518

                        Network

                        MITRE ATT&CK Matrix

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • /tmp/sh-thd.CrErMg

                          Filesize

                          1B

                          MD5

                          68b329da9893e34099c7d8ad5cb9c940

                          SHA1

                          adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

                          SHA256

                          01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

                          SHA512

                          be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09