Overview
overview
4Static
static
3ryujinx-mi...inx.sh
ubuntu-18.04-amd64
1ryujinx-mi...inx.sh
debian-9-armhf
1ryujinx-mi...inx.sh
debian-9-mips
1ryujinx-mi...inx.sh
debian-9-mipsel
1ryujinx-mi...AppRun
ubuntu-18.04-amd64
1ryujinx-mi...AppRun
debian-9-armhf
1ryujinx-mi...AppRun
debian-9-mips
1ryujinx-mi...AppRun
debian-9-mipsel
1ryujinx-mi...age.sh
ubuntu-18.04-amd64
4ryujinx-mi...age.sh
debian-9-armhf
4ryujinx-mi...age.sh
debian-9-mips
4ryujinx-mi...age.sh
debian-9-mipsel
4ryujinx-mi..._up.py
windows7-x64
3ryujinx-mi..._up.py
windows10-2004-x64
3ryujinx-mi...lib.py
windows7-x64
3ryujinx-mi...lib.py
windows10-2004-x64
3ryujinx-mi...dle.sh
ubuntu-18.04-amd64
3ryujinx-mi...dle.sh
debian-9-armhf
3ryujinx-mi...dle.sh
debian-9-mips
3ryujinx-mi...dle.sh
debian-9-mipsel
3ryujinx-mi...ava.sh
ubuntu-18.04-amd64
1ryujinx-mi...ava.sh
debian-9-armhf
1ryujinx-mi...ava.sh
debian-9-mips
1ryujinx-mi...ava.sh
debian-9-mipsel
1ryujinx-mi...ess.sh
ubuntu-18.04-amd64
1ryujinx-mi...ess.sh
debian-9-armhf
1ryujinx-mi...ess.sh
debian-9-mips
1ryujinx-mi...ess.sh
debian-9-mipsel
1ryujinx-mi...ipt.sh
ubuntu-18.04-amd64
3ryujinx-mi...ipt.sh
debian-9-armhf
4ryujinx-mi...ipt.sh
debian-9-mips
4ryujinx-mi...ipt.sh
debian-9-mipsel
4Analysis
-
max time kernel
2s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
13-11-2024 11:33
Static task
static1
Behavioral task
behavioral1
Sample
ryujinx-mirror-master/distribution/linux/Ryujinx.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ryujinx-mirror-master/distribution/linux/Ryujinx.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ryujinx-mirror-master/distribution/linux/Ryujinx.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
ryujinx-mirror-master/distribution/linux/Ryujinx.sh
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral5
Sample
ryujinx-mirror-master/distribution/linux/appimage/AppRun
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral6
Sample
ryujinx-mirror-master/distribution/linux/appimage/AppRun
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral7
Sample
ryujinx-mirror-master/distribution/linux/appimage/AppRun
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral8
Sample
ryujinx-mirror-master/distribution/linux/appimage/AppRun
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral9
Sample
ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral10
Sample
ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral11
Sample
ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral12
Sample
ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral13
Sample
ryujinx-mirror-master/distribution/macos/bundle_fix_up.py
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
ryujinx-mirror-master/distribution/macos/bundle_fix_up.py
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
ryujinx-mirror-master/distribution/macos/construct_universal_dylib.py
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
ryujinx-mirror-master/distribution/macos/construct_universal_dylib.py
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
ryujinx-mirror-master/distribution/macos/create_app_bundle.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral18
Sample
ryujinx-mirror-master/distribution/macos/create_app_bundle.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral19
Sample
ryujinx-mirror-master/distribution/macos/create_app_bundle.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral20
Sample
ryujinx-mirror-master/distribution/macos/create_app_bundle.sh
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral21
Sample
ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral22
Sample
ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral23
Sample
ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral24
Sample
ryujinx-mirror-master/distribution/macos/create_macos_build_ava.sh
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral25
Sample
ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral26
Sample
ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral27
Sample
ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral28
Sample
ryujinx-mirror-master/distribution/macos/create_macos_build_headless.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral29
Sample
ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral30
Sample
ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral31
Sample
ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral32
Sample
ryujinx-mirror-master/distribution/macos/shortcut-launch-script.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
-
Size
809B
-
MD5
345a6707b38e30bb5a86de4784e7d356
-
SHA1
88cc006bfd249bb4bf9bcfce6591bc90d3e37e73
-
SHA256
21a4859011ba30e9ae4076e38941d7abe8265dbb179550e6b3747f2239f717d3
-
SHA512
2680d3eba2bb4e914f1e8c8b267928b960548ab36a0fbd838b2bd05b91deadba644949ed4d0f5e091c13dec5f7f0acceb343fcbf1ae0e401032df443e44bf8d8
Malware Config
Signatures
-
Creates .desktop file 2 TTPs 1 IoCs
Linux desktops like GNOME require .desktop files to register applications. Sometimes abused by malware for persistence.
Processes:
cpdescription ioc Process File opened for modification /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop cp -
Processes:
cpmkdircpcpcpdescription ioc Process File opened for reading /proc/filesystems cp File opened for reading /proc/filesystems mkdir File opened for reading /proc/filesystems cp File opened for reading /proc/filesystems cp File opened for reading /proc/filesystems cp -
Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.
Processes:
cpcpcpdescription ioc Process File opened for modification /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop cp File opened for modification /tmp/ryujinx-mirror-master/AppDir/AppRun cp File opened for modification /tmp/ryujinx-mirror-master/AppDir/Ryujinx.svg cp
Processes
-
/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh/tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh1⤵PID:753
-
/usr/bin/dirnamedirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh2⤵PID:755
-
-
/bin/readlinkreadlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage2⤵PID:754
-
-
/bin/rmrm -rf AppDir2⤵PID:756
-
-
/bin/mkdirmkdir -p AppDir/usr/bin2⤵
- Reads runtime system information
PID:757
-
-
/bin/cpcp distribution/linux/Ryujinx.desktop AppDir/Ryujinx.desktop2⤵
- Creates .desktop file
- Reads runtime system information
- Writes file to tmp directory
PID:758
-
-
/bin/cpcp distribution/linux/appimage/AppRun AppDir/AppRun2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:760
-
-
/bin/cpcp distribution/misc/Logo.svg AppDir/Ryujinx.svg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:764
-
-
/bin/cpcp -r "publish/*" AppDir/usr/bin/2⤵
- Reads runtime system information
PID:767
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99B
MD5902aa5e1030864b07dd970bdd4084b36
SHA134bdade1ec19cb81d83aff70d2955c9b1a976c4b
SHA256bbe31cf20b833e15131527b16a5f1ce8419441f88a4ba43bbb188c88b2fb559c
SHA512bb923dfd26120e140082adc72220e54a5020e26813f75414225811e067b8e9117dba2bf08eac4566d62eabc99b305b9c2eab1ce30c785cc3c804d612f45caa78
-
Filesize
402B
MD5870af77d115b10ca5e0254bd723b6e47
SHA130979dd8c3988faaf5db82ff61cd8572cc7d4a16
SHA256a19dc6e539931df63d4813f787c51f460cf72e0c44b20add1c0c6ef56c47d840
SHA5126b717be5417f0592ce12bf02c14ac905677a1aa72cab81d0cab5dd397d2a40fe9bbd7fdaa289072fe4e482bd102c11f4b1dacec16ad706df4ba37d2908020f27