Analysis

  • max time kernel
    148s
  • max time network
    7s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    31-08-2024 19:49

General

  • Target

    mono-CppSharp-20950c5/build/build.sh

  • Size

    5KB

  • MD5

    e5930c1d46caea36f047869039e151fa

  • SHA1

    461156ade90e9085c83218343461466f81b64020

  • SHA256

    4f034380c41c136e827e6b291034e2ca91a252a04a67505abfdcc2133a63f637

  • SHA512

    d68168b33b1622a06f46af8b16cde023604bc381f3229b360c33866faef05fd74afc3daff1fd1453c27febac4cbc3b08a99697bcc945989376253e9e5e6877c6

  • SSDEEP

    96:1+0QLQCKkbatyFQ9ot+kq7YV3l1ds3Lmy9vs567yXr81I8F:6LQCKkbatiDt+kq7YV11ds3JZsNu

Score
4/10

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/mono-CppSharp-20950c5/build/build.sh
    /tmp/mono-CppSharp-20950c5/build/build.sh
    1⤵
      PID:667
    • /usr/local/sbin/bash
      bash /tmp/mono-CppSharp-20950c5/build/build.sh
      1⤵
        PID:667
      • /usr/local/bin/bash
        bash /tmp/mono-CppSharp-20950c5/build/build.sh
        1⤵
          PID:667
        • /usr/sbin/bash
          bash /tmp/mono-CppSharp-20950c5/build/build.sh
          1⤵
            PID:667
          • /usr/bin/bash
            bash /tmp/mono-CppSharp-20950c5/build/build.sh
            1⤵
              PID:667
            • /sbin/bash
              bash /tmp/mono-CppSharp-20950c5/build/build.sh
              1⤵
                PID:667
              • /bin/bash
                bash /tmp/mono-CppSharp-20950c5/build/build.sh
                1⤵
                • Writes file to tmp directory
                PID:667
                • /usr/bin/dirname
                  dirname /tmp/mono-CppSharp-20950c5/build/build.sh
                  2⤵
                    PID:672
                  • /bin/uname
                    uname -m
                    2⤵
                      PID:676
                    • /usr/bin/tr
                      tr "[:upper:]" "[:lower:]"
                      2⤵
                        PID:679
                      • /bin/uname
                        uname -s
                        2⤵
                          PID:680
                        • /usr/bin/curl
                          curl -L -O https://github.com/premake/premake-core/releases/download/v5.0.0-beta2/premake-5.0.0-beta2-linux.tar.gz
                          2⤵
                          • Checks CPU configuration
                          • Reads runtime system information
                          PID:681

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • /tmp/sh-thd.o80bQb

                        Filesize

                        1B

                        MD5

                        68b329da9893e34099c7d8ad5cb9c940

                        SHA1

                        adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

                        SHA256

                        01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

                        SHA512

                        be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09