Analysis

  • max time kernel
    9s
  • max time network
    12s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240418-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    31-08-2024 19:49

General

  • Target

    mono-CppSharp-20950c5/build/build.sh

  • Size

    5KB

  • MD5

    e5930c1d46caea36f047869039e151fa

  • SHA1

    461156ade90e9085c83218343461466f81b64020

  • SHA256

    4f034380c41c136e827e6b291034e2ca91a252a04a67505abfdcc2133a63f637

  • SHA512

    d68168b33b1622a06f46af8b16cde023604bc381f3229b360c33866faef05fd74afc3daff1fd1453c27febac4cbc3b08a99697bcc945989376253e9e5e6877c6

  • SSDEEP

    96:1+0QLQCKkbatyFQ9ot+kq7YV3l1ds3Lmy9vs567yXr81I8F:6LQCKkbatiDt+kq7YV11ds3JZsNu

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/mono-CppSharp-20950c5/build/build.sh
    /tmp/mono-CppSharp-20950c5/build/build.sh
    1⤵
      PID:751
    • /usr/local/sbin/bash
      bash /tmp/mono-CppSharp-20950c5/build/build.sh
      1⤵
        PID:751
      • /usr/local/bin/bash
        bash /tmp/mono-CppSharp-20950c5/build/build.sh
        1⤵
          PID:751
        • /usr/sbin/bash
          bash /tmp/mono-CppSharp-20950c5/build/build.sh
          1⤵
            PID:751
          • /usr/bin/bash
            bash /tmp/mono-CppSharp-20950c5/build/build.sh
            1⤵
              PID:751
            • /sbin/bash
              bash /tmp/mono-CppSharp-20950c5/build/build.sh
              1⤵
                PID:751
              • /bin/bash
                bash /tmp/mono-CppSharp-20950c5/build/build.sh
                1⤵
                • Writes file to tmp directory
                PID:751
                • /usr/bin/dirname
                  dirname /tmp/mono-CppSharp-20950c5/build/build.sh
                  2⤵
                    PID:760
                  • /bin/uname
                    uname -m
                    2⤵
                      PID:762
                    • /usr/bin/tr
                      tr "[:upper:]" "[:lower:]"
                      2⤵
                        PID:765
                      • /bin/uname
                        uname -s
                        2⤵
                          PID:767
                        • /usr/bin/curl
                          curl -L -O https://github.com/premake/premake-core/releases/download/v5.0.0-beta2/premake-5.0.0-beta2-linux.tar.gz
                          2⤵
                          • Reads runtime system information
                          • Writes file to tmp directory
                          PID:768
                        • /bin/tar
                          tar -xf premake-5.0.0-beta2-linux.tar.gz -C /tmp/mono-CppSharp-20950c5/build/premake ./premake5
                          2⤵
                          • Reads runtime system information
                          PID:773
                          • /usr/local/sbin/gzip
                            gzip -d
                            3⤵
                              PID:774
                            • /usr/local/bin/gzip
                              gzip -d
                              3⤵
                                PID:774
                              • /usr/sbin/gzip
                                gzip -d
                                3⤵
                                  PID:774
                                • /usr/bin/gzip
                                  gzip -d
                                  3⤵
                                    PID:774
                                  • /sbin/gzip
                                    gzip -d
                                    3⤵
                                      PID:774
                                    • /bin/gzip
                                      gzip -d
                                      3⤵
                                        PID:774
                                    • /bin/chmod
                                      chmod +x /tmp/mono-CppSharp-20950c5/build/premake/premake5
                                      2⤵
                                        PID:775
                                      • /bin/rm
                                        rm premake-5.0.0-beta2-linux.tar.gz
                                        2⤵
                                          PID:776
                                        • /tmp/mono-CppSharp-20950c5/build/premake.sh
                                          /tmp/mono-CppSharp-20950c5/build/premake.sh "--file=/tmp/mono-CppSharp-20950c5/build/llvm/LLVM.lua" download_llvm "--os=linux" "--arch=x86" "--configuration=Release"
                                          2⤵
                                            PID:777

                                        Network

                                        MITRE ATT&CK Matrix

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • /tmp/mono-CppSharp-20950c5/build/premake-5.0.0-beta2-linux.tar.gz

                                          Filesize

                                          836KB

                                          MD5

                                          40415c662cd30bdc27f17b89faf181f1

                                          SHA1

                                          4059b9b4c0ff931fb1f2b0c9272c43bb5827ef99

                                          SHA256

                                          4186b8fd66b55df935280f55663c6e46fd568799d89b7ff6a3cfb20d58ff6224

                                          SHA512

                                          dca77bff24a64dc5bc7e6b2af122e5b35ecc25df67e8a4e472c7373a49c1def66236f914e6484b1ccb9d1ed34ac3e9c22f43e292e72317a22d1c75498e5a8dca

                                        • /tmp/mono-CppSharp-20950c5/build/premake/premake5

                                          Filesize

                                          2.0MB

                                          MD5

                                          13c953b2e6a138b0707d41710aa73d29

                                          SHA1

                                          f5dc6fe29e8d55807ddffea351f49f557574680f

                                          SHA256

                                          8955d5bec667bc75fe45b2753ee52e0632d0b56a6aa5e63b7f4a404b4a2dd9f9

                                          SHA512

                                          27c2408779a82879bd72bf452af751eaba749638a57e9bbba7babe78473d87ab7e2622f14f76d5dcbf97d7477cce06a21b37bc9a5bdde640a8e62dd0e3df8f0e

                                        • /tmp/sh-thd.fiC65N

                                          Filesize

                                          1B

                                          MD5

                                          68b329da9893e34099c7d8ad5cb9c940

                                          SHA1

                                          adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

                                          SHA256

                                          01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

                                          SHA512

                                          be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09