Analysis

  • max time kernel
    0s
  • max time network
    130s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    13-11-2024 11:33

General

  • Target

    ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh

  • Size

    809B

  • MD5

    345a6707b38e30bb5a86de4784e7d356

  • SHA1

    88cc006bfd249bb4bf9bcfce6591bc90d3e37e73

  • SHA256

    21a4859011ba30e9ae4076e38941d7abe8265dbb179550e6b3747f2239f717d3

  • SHA512

    2680d3eba2bb4e914f1e8c8b267928b960548ab36a0fbd838b2bd05b91deadba644949ed4d0f5e091c13dec5f7f0acceb343fcbf1ae0e401032df443e44bf8d8

Malware Config

Signatures

  • Creates .desktop file 2 TTPs 1 IoCs

    Linux desktops like GNOME require .desktop files to register applications. Sometimes abused by malware for persistence.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
    /tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
    1⤵
      PID:1492
      • /usr/bin/dirname
        dirname /tmp/ryujinx-mirror-master/distribution/linux/appimage/build-appimage.sh
        2⤵
          PID:1494
        • /bin/readlink
          readlink -f /tmp/ryujinx-mirror-master/distribution/linux/appimage
          2⤵
            PID:1493
          • /bin/rm
            rm -rf AppDir
            2⤵
              PID:1495
            • /bin/mkdir
              mkdir -p AppDir/usr/bin
              2⤵
              • Reads runtime system information
              PID:1496
            • /bin/cp
              cp distribution/linux/Ryujinx.desktop AppDir/Ryujinx.desktop
              2⤵
              • Creates .desktop file
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1497
            • /bin/cp
              cp distribution/linux/appimage/AppRun AppDir/AppRun
              2⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1498
            • /bin/cp
              cp distribution/misc/Logo.svg AppDir/Ryujinx.svg
              2⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1499
            • /bin/cp
              cp -r "publish/*" AppDir/usr/bin/
              2⤵
              • Reads runtime system information
              PID:1500

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/ryujinx-mirror-master/AppDir/AppRun

            Filesize

            99B

            MD5

            902aa5e1030864b07dd970bdd4084b36

            SHA1

            34bdade1ec19cb81d83aff70d2955c9b1a976c4b

            SHA256

            bbe31cf20b833e15131527b16a5f1ce8419441f88a4ba43bbb188c88b2fb559c

            SHA512

            bb923dfd26120e140082adc72220e54a5020e26813f75414225811e067b8e9117dba2bf08eac4566d62eabc99b305b9c2eab1ce30c785cc3c804d612f45caa78

          • /tmp/ryujinx-mirror-master/AppDir/Ryujinx.desktop

            Filesize

            402B

            MD5

            870af77d115b10ca5e0254bd723b6e47

            SHA1

            30979dd8c3988faaf5db82ff61cd8572cc7d4a16

            SHA256

            a19dc6e539931df63d4813f787c51f460cf72e0c44b20add1c0c6ef56c47d840

            SHA512

            6b717be5417f0592ce12bf02c14ac905677a1aa72cab81d0cab5dd397d2a40fe9bbd7fdaa289072fe4e482bd102c11f4b1dacec16ad706df4ba37d2908020f27