Overview
overview
4Static
static
3mono-CppSh...ild.sh
ubuntu-18.04-amd64
3mono-CppSh...ild.sh
debian-9-armhf
4mono-CppSh...ild.sh
debian-9-mips
3mono-CppSh...ild.sh
debian-9-mipsel
3mono-CppSh...ate.sh
ubuntu-18.04-amd64
1mono-CppSh...ate.sh
debian-9-armhf
1mono-CppSh...ate.sh
debian-9-mips
1mono-CppSh...ate.sh
debian-9-mipsel
1mono-CppSh...LVM.js
windows7-x64
3mono-CppSh...LVM.js
windows10-2004-x64
3mono-CppSh...ake.sh
ubuntu-18.04-amd64
1mono-CppSh...ake.sh
debian-9-armhf
1mono-CppSh...ake.sh
debian-9-mips
1mono-CppSh...ake.sh
debian-9-mipsel
1mono-CppSh...le.vbs
windows7-x64
1mono-CppSh...le.vbs
windows10-2004-x64
1mono-CppSh...est.sh
ubuntu-18.04-amd64
1mono-CppSh...est.sh
debian-9-armhf
1mono-CppSh...est.sh
debian-9-mips
1mono-CppSh...est.sh
debian-9-mipsel
1mono-CppSh...ngs.js
windows7-x64
3mono-CppSh...ngs.js
windows10-2004-x64
3mono-CppSh...ser.js
windows7-x64
3mono-CppSh...ser.js
windows10-2004-x64
3mono-CppSh...SDL.js
windows7-x64
3mono-CppSh...SDL.js
windows10-2004-x64
3mono-CppSh...ext.js
windows7-x64
3mono-CppSh...ext.js
windows10-2004-x64
3mono-CppSh...tor.js
windows7-x64
3mono-CppSh...tor.js
windows10-2004-x64
3mono-CppSh...ass.js
windows7-x64
3mono-CppSh...ass.js
windows10-2004-x64
3Analysis
-
max time kernel
9s -
max time network
12s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
31-08-2024 19:49
Static task
static1
Behavioral task
behavioral1
Sample
mono-CppSharp-20950c5/build/build.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
mono-CppSharp-20950c5/build/build.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
mono-CppSharp-20950c5/build/build.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
mono-CppSharp-20950c5/build/build.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral5
Sample
mono-CppSharp-20950c5/build/generate.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral6
Sample
mono-CppSharp-20950c5/build/generate.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral7
Sample
mono-CppSharp-20950c5/build/generate.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral8
Sample
mono-CppSharp-20950c5/build/generate.sh
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral9
Sample
mono-CppSharp-20950c5/build/llvm/LLVM.js
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
mono-CppSharp-20950c5/build/llvm/LLVM.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
mono-CppSharp-20950c5/build/premake.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral12
Sample
mono-CppSharp-20950c5/build/premake.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
mono-CppSharp-20950c5/build/premake.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral14
Sample
mono-CppSharp-20950c5/build/premake.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral15
Sample
mono-CppSharp-20950c5/build/scripts/Vagrantfile.vbs
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
mono-CppSharp-20950c5/build/scripts/Vagrantfile.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
mono-CppSharp-20950c5/build/test.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral18
Sample
mono-CppSharp-20950c5/build/test.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral19
Sample
mono-CppSharp-20950c5/build/test.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral20
Sample
mono-CppSharp-20950c5/build/test.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral21
Sample
mono-CppSharp-20950c5/docs/GeneratingBindings.js
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
mono-CppSharp-20950c5/docs/GeneratingBindings.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
mono-CppSharp-20950c5/examples/Parser/Parser.js
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
mono-CppSharp-20950c5/examples/Parser/Parser.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
mono-CppSharp-20950c5/examples/SDL/SDL.js
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
mono-CppSharp-20950c5/examples/SDL/SDL.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
mono-CppSharp-20950c5/src/AST/ASTContext.js
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
mono-CppSharp-20950c5/src/AST/ASTContext.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
mono-CppSharp-20950c5/src/AST/ASTVisitor.js
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
mono-CppSharp-20950c5/src/AST/ASTVisitor.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
mono-CppSharp-20950c5/src/AST/Class.js
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
mono-CppSharp-20950c5/src/AST/Class.js
Resource
win10v2004-20240802-en
General
-
Target
mono-CppSharp-20950c5/build/build.sh
-
Size
5KB
-
MD5
e5930c1d46caea36f047869039e151fa
-
SHA1
461156ade90e9085c83218343461466f81b64020
-
SHA256
4f034380c41c136e827e6b291034e2ca91a252a04a67505abfdcc2133a63f637
-
SHA512
d68168b33b1622a06f46af8b16cde023604bc381f3229b360c33866faef05fd74afc3daff1fd1453c27febac4cbc3b08a99697bcc945989376253e9e5e6877c6
-
SSDEEP
96:1+0QLQCKkbatyFQ9ot+kq7YV3l1ds3Lmy9vs567yXr81I8F:6LQCKkbatiDt+kq7YV11ds3JZsNu
Malware Config
Signatures
-
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/filesystems tar -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/sh-thd.fiC65N bash File opened for modification /tmp/mono-CppSharp-20950c5/build/premake-5.0.0-beta2-linux.tar.gz curl
Processes
-
/tmp/mono-CppSharp-20950c5/build/build.sh/tmp/mono-CppSharp-20950c5/build/build.sh1⤵PID:751
-
/usr/local/sbin/bashbash /tmp/mono-CppSharp-20950c5/build/build.sh1⤵PID:751
-
/usr/local/bin/bashbash /tmp/mono-CppSharp-20950c5/build/build.sh1⤵PID:751
-
/usr/sbin/bashbash /tmp/mono-CppSharp-20950c5/build/build.sh1⤵PID:751
-
/usr/bin/bashbash /tmp/mono-CppSharp-20950c5/build/build.sh1⤵PID:751
-
/sbin/bashbash /tmp/mono-CppSharp-20950c5/build/build.sh1⤵PID:751
-
/bin/bashbash /tmp/mono-CppSharp-20950c5/build/build.sh1⤵
- Writes file to tmp directory
PID:751 -
/usr/bin/dirnamedirname /tmp/mono-CppSharp-20950c5/build/build.sh2⤵PID:760
-
-
/bin/unameuname -m2⤵PID:762
-
-
/usr/bin/trtr "[:upper:]" "[:lower:]"2⤵PID:765
-
-
/bin/unameuname -s2⤵PID:767
-
-
/usr/bin/curlcurl -L -O https://github.com/premake/premake-core/releases/download/v5.0.0-beta2/premake-5.0.0-beta2-linux.tar.gz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:768
-
-
/bin/tartar -xf premake-5.0.0-beta2-linux.tar.gz -C /tmp/mono-CppSharp-20950c5/build/premake ./premake52⤵
- Reads runtime system information
PID:773 -
/usr/local/sbin/gzipgzip -d3⤵PID:774
-
-
/usr/local/bin/gzipgzip -d3⤵PID:774
-
-
/usr/sbin/gzipgzip -d3⤵PID:774
-
-
/usr/bin/gzipgzip -d3⤵PID:774
-
-
/sbin/gzipgzip -d3⤵PID:774
-
-
/bin/gzipgzip -d3⤵PID:774
-
-
-
/bin/chmodchmod +x /tmp/mono-CppSharp-20950c5/build/premake/premake52⤵PID:775
-
-
/bin/rmrm premake-5.0.0-beta2-linux.tar.gz2⤵PID:776
-
-
/tmp/mono-CppSharp-20950c5/build/premake.sh/tmp/mono-CppSharp-20950c5/build/premake.sh "--file=/tmp/mono-CppSharp-20950c5/build/llvm/LLVM.lua" download_llvm "--os=linux" "--arch=x86" "--configuration=Release"2⤵PID:777
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
836KB
MD540415c662cd30bdc27f17b89faf181f1
SHA14059b9b4c0ff931fb1f2b0c9272c43bb5827ef99
SHA2564186b8fd66b55df935280f55663c6e46fd568799d89b7ff6a3cfb20d58ff6224
SHA512dca77bff24a64dc5bc7e6b2af122e5b35ecc25df67e8a4e472c7373a49c1def66236f914e6484b1ccb9d1ed34ac3e9c22f43e292e72317a22d1c75498e5a8dca
-
Filesize
2.0MB
MD513c953b2e6a138b0707d41710aa73d29
SHA1f5dc6fe29e8d55807ddffea351f49f557574680f
SHA2568955d5bec667bc75fe45b2753ee52e0632d0b56a6aa5e63b7f4a404b4a2dd9f9
SHA51227c2408779a82879bd72bf452af751eaba749638a57e9bbba7babe78473d87ab7e2622f14f76d5dcbf97d7477cce06a21b37bc9a5bdde640a8e62dd0e3df8f0e
-
Filesize
1B
MD568b329da9893e34099c7d8ad5cb9c940
SHA1adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA25601ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09