Overview

overview

8

Static

static

3

IPFS-Deskt....0.exe

windows7-x64

4

IPFS-Deskt....0.exe

windows10-2004-x64

8

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

IPFS Desktop.exe

windows10-2004-x64

8

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...all.sh

ubuntu-18.04-amd64

3

resources/...all.sh

debian-9-armhf

3

resources/...all.sh

debian-9-mips

3

resources/...all.sh

debian-9-mipsel

3

resources/...fs.exe

windows7-x64

1

resources/...fs.exe

windows10-2004-x64

8

resources/...oad.js

windows7-x64

3

resources/...oad.js

windows10-2004-x64

3

resources/...orm.js

windows7-x64

3

resources/...orm.js

windows10-2004-x64

3

resources/...dex.js

windows7-x64

3

resources/...dex.js

windows10-2004-x64

3

resources/...all.js

windows7-x64

3

resources/...all.js

windows10-2004-x64

3

resources/elevate.exe

windows7-x64

3

Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    12/10/2024, 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/node_modules/kubo/kubo/install.sh

  • Size

    948B

  • MD5

    a04937db8165114b79f937fbd0106383

  • SHA1

    6f68c244d3e2baf946f15916d1d45b385b086a69

  • SHA256

    71c6257fe99fea22db3d2af0b0f9e223be44df24f755bd2c717cf4c392742e91

  • SHA512

    efe01101af4da4c6e084c9ba083a13a2f47222c1782924563e2d49501813bc323982bd17579d120549ac9e68f1427712ed6a77234491cbf9479f5a87e5cb9719

Score
3/10
discovery

Malware Config

Signatures

  • Reads runtime system information 6 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 3 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/resources/app.asar.unpacked/node_modules/kubo/kubo/install.sh
    /tmp/resources/app.asar.unpacked/node_modules/kubo/kubo/install.sh
    1⤵
      PID:780
      • /usr/bin/dirname
        dirname /tmp/resources/app.asar.unpacked/node_modules/kubo/kubo/install.sh
        2⤵
          PID:781
        • /bin/mkdir
          mkdir -p /usr/local/bin
          2⤵
          • Reads runtime system information
          PID:783
        • /bin/mv
          mv /tmp/resources/app.asar.unpacked/node_modules/kubo/kubo/ipfs /usr/local/bin/ipfs
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          PID:784
        • /bin/mkdir
          mkdir -p /usr/bin
          2⤵
          • Reads runtime system information
          PID:786
        • /bin/mv
          mv /tmp/resources/app.asar.unpacked/node_modules/kubo/kubo/ipfs /usr/bin/ipfs
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          PID:787
        • /bin/mkdir
          mkdir -p /.local/bin
          2⤵
          • Reads runtime system information
          PID:789
        • /bin/mv
          mv /tmp/resources/app.asar.unpacked/node_modules/kubo/kubo/ipfs /.local/bin/ipfs
          2⤵
          • Reads runtime system information
          • System Network Configuration Discovery
          PID:790

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads