Analysis

  • max time kernel
    14s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    01-09-2024 00:55

General

  • Target

    cdimascio-express-openapi-validator-47a39b3/build.sh

  • Size

    112B

  • MD5

    22587c4e1adc1d9816d049c0772aaaa4

  • SHA1

    b7c2ab92cfd9dee573243523c691071e36f36e56

  • SHA256

    32331f6116a67c36e07096c68dac22c5fba678d34d8fe99ff54d0182220fab2d

  • SHA512

    3e45c3f74eb38bc887d5815449a270c5163e0ef5d74319ec04d9715c0804966a019915f71c369c2b9b3b957b8c940475e3b454648534b7bbcde32df8f26338b4

Score
4/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/cdimascio-express-openapi-validator-47a39b3/build.sh
    /tmp/cdimascio-express-openapi-validator-47a39b3/build.sh
    1⤵
      PID:674
      • /bin/rm
        rm -rf node_modules
        2⤵
          PID:677
        • /usr/bin/npm
          npm ci
          2⤵
            PID:679
          • /usr/local/sbin/node
            node /usr/bin/npm ci
            2⤵
              PID:679
            • /usr/local/bin/node
              node /usr/bin/npm ci
              2⤵
                PID:679
              • /usr/sbin/node
                node /usr/bin/npm ci
                2⤵
                  PID:679
                • /usr/bin/node
                  node /usr/bin/npm ci
                  2⤵
                  • Changes its process name
                  • Checks CPU configuration
                  • Reads CPU attributes
                  • Enumerates kernel/hardware configuration
                  • Reads runtime system information
                  PID:679

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads