Overview

overview

4

Static

static

1

smartsynch...tem.sh

ubuntu-18.04-amd64

4

smartsynch...tem.sh

debian-9-armhf

4

smartsynch...tem.sh

debian-9-mips

4

smartsynch...tem.sh

debian-9-mipsel

4

smartsynch...tem.sh

ubuntu-18.04-amd64

3

smartsynch...tem.sh

debian-9-armhf

1

smartsynch...tem.sh

debian-9-mips

1

smartsynch...tem.sh

debian-9-mipsel

1

smartsynch...ize.sh

ubuntu-18.04-amd64

3

smartsynch...ize.sh

debian-9-armhf

1

smartsynch...ize.sh

debian-9-mips

1

smartsynch...ize.sh

debian-9-mipsel

1

smartsynch...n/java

ubuntu-24.04-amd64

4

smartsynch...in/jfr

ubuntu-24.04-amd64

4

smartsynch...eytool

ubuntu-20.04-amd64

4

smartsynch...gistry

ubuntu-24.04-amd64

4

smartsynch.../jexec

ubuntu-20.04-amd64

1

smartsynch...fs.jar

windows7-x64

1

smartsynch...fs.jar

windows10-2004-x64

1

smartsynch...helper

ubuntu-22.04-amd64

1

smartsynch...ket.so

ubuntu-22.04-amd64

1

smartsynch...ent.so

ubuntu-24.04-amd64

1

smartsynch...gss.so

ubuntu-22.04-amd64

1

smartsynch...aas.so

ubuntu-24.04-amd64

1

smartsynch...ava.so

ubuntu-18.04-amd64

1

smartsynch...dwp.so

ubuntu-24.04-amd64

1

smartsynch...age.so

ubuntu-24.04-amd64

1

smartsynch...jli.so

ubuntu-24.04-amd64

1

smartsynch...sig.so

ubuntu-22.04-amd64

1

smartsynch...ent.so

ubuntu-24.04-amd64

1

smartsynch...ent.so

ubuntu-20.04-amd64

1

smartsynch...ext.so

ubuntu-22.04-amd64

1

Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    01-09-2024 20:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    smartsynchronize/bin/add-menuitem.sh

  • Size

    2KB

  • MD5

    292bd8c7442f367735bb0f567ff7e666

  • SHA1

    b7f83667d6941e5ea50e8b095a2ab22d4116dc6c

  • SHA256

    d2fd430b5ad553e4e57cc88e437d2f4a3e24ea9c437801164da424702d4765d1

  • SHA512

    ee6352caabf672ccad06cde2e0cf40d1929cea99b64ccdb3dfb809fb9c16436117bfa07a1f1a928477cc42295b47e36980e51ecc3ddd5257468fad382a5135d4

Score
4/10
persistence

Malware Config

Signatures

  • Creates .desktop file 1 TTPs 1 IoCs

    Linux desktops like GNOME require .desktop files to register applications. Sometimes abused by malware for persistence.

    persistence
  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/smartsynchronize/bin/add-menuitem.sh
    /tmp/smartsynchronize/bin/add-menuitem.sh
    1⤵
    • Creates .desktop file
    • Writes file to tmp directory
    PID:738
    • /usr/bin/dirname
      dirname /tmp/smartsynchronize/bin/add-menuitem.sh
      2⤵
        PID:739
      • /bin/mktemp
        mktemp --directory
        2⤵
          PID:744
        • /bin/cat
          cat
          2⤵
            PID:746
          • /bin/chmod
            chmod 644 /tmp/tmp.YFKxE6SvTG/syntevo-smartsynchronize.desktop
            2⤵
              PID:750
            • /bin/rm
              rm /tmp/tmp.YFKxE6SvTG/syntevo-smartsynchronize.desktop
              2⤵
                PID:758
              • /bin/rm
                rm -R /tmp/tmp.YFKxE6SvTG
                2⤵
                  PID:759

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /tmp/sh-thd.p5eOlk
                Filesize

                301B

                MD5

                fb53516c34ab5225b8d4e45a06969b6b

                SHA1

                b3cad45de9d8326d25c1195a06c7554c2f85aee4

                SHA256

                b8c77d52ca9ed1281426ee7569040d4e606cb8a0914d25f28817ff6234c199ac

                SHA512

                f5c6d0c7d2353e98a3b20cc2cf08003e3467379791ae11d135379f3a486b7aad13696e1ad9d811aedc016988ad8b086e9e6bbd2e958d74042add5fd9d65cabf1

                Download Submit