Overview

overview

4

Static

static

1

custom/about.html

windows7-x64

3

custom/about.html

windows10-2004-x64

3

custom/header.html

windows7-x64

3

custom/header.html

windows10-2004-x64

3

custom/help.html

windows7-x64

3

custom/help.html

windows10-2004-x64

3

dialog/dialog.html

windows7-x64

3

dialog/dialog.html

windows10-2004-x64

3

dialog/js/dialog.js

windows7-x64

3

dialog/js/dialog.js

windows10-2004-x64

3

node_modul...mkdirp

ubuntu-18.04-amd64

3

node_modul...mkdirp

debian-9-armhf

4

node_modul...mkdirp

debian-9-mips

3

node_modul...mkdirp

debian-9-mipsel

3

node_modul...rp.cmd

windows7-x64

1

node_modul...rp.cmd

windows10-2004-x64

1

node_modul...rp.ps1

ubuntu-18.04-amd64

1

node_modul...rp.ps1

debian-9-armhf

1

node_modul...rp.ps1

debian-9-mips

1

node_modul...rp.ps1

debian-9-mipsel

1

node_modul...rimraf

ubuntu-18.04-amd64

3

node_modul...rimraf

debian-9-armhf

4

node_modul...rimraf

debian-9-mips

3

node_modul...rimraf

debian-9-mipsel

3

node_modul...af.cmd

windows7-x64

1

node_modul...af.cmd

windows10-2004-x64

1

node_modul...af.ps1

ubuntu-18.04-amd64

1

node_modul...af.ps1

debian-9-armhf

1

node_modul...af.ps1

debian-9-mips

1

node_modul...af.ps1

debian-9-mipsel

1

node_modul...DME.js

windows7-x64

3

node_modul...DME.js

windows10-2004-x64

3

Analysis

  • max time kernel
    0s
  • max time network
    132s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    21-11-2024 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    node_modules/.bin/rimraf

  • Size

    294B

  • MD5

    f178e4d9d266237c4747eb33eed35684

  • SHA1

    678d46ca0b1f43811604f8b6aaa0237acf4faedb

  • SHA256

    64ce06348f2c2e12fbf0f5db3d2943e00147a8ec47147702685a13acc7b908f5

  • SHA512

    264383c581c4ec8d1aca3f07b89d43b148db2061a360a17bce7a5457edae13a62271fdf519f4a238ff6ac714e79150a8c8ca6a55e64d819cc56f4bc5ce789c87

Score
3/10
discoveryexecution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs 4 IoCs

    Execution via JavaScript.

    execution
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/node_modules/.bin/rimraf
    /tmp/node_modules/.bin/rimraf
    1⤵
      PID:1484
      • /bin/sed
        sed -e "s,\\\\,/,g"
        2⤵
        • Reads runtime system information
        PID:1488
      • /usr/bin/dirname
        dirname /tmp/node_modules/.bin/rimraf
        2⤵
          PID:1485
        • /bin/uname
          uname
          2⤵
            PID:1489
        • /usr/local/sbin/node
          node /tmp/node_modules/.bin/../rimraf/bin.js
          1⤵
          • Command and Scripting Interpreter: JavaScript
          PID:1484
        • /usr/local/bin/node
          node /tmp/node_modules/.bin/../rimraf/bin.js
          1⤵
          • Command and Scripting Interpreter: JavaScript
          PID:1484
        • /usr/sbin/node
          node /tmp/node_modules/.bin/../rimraf/bin.js
          1⤵
          • Command and Scripting Interpreter: JavaScript
          PID:1484
        • /usr/bin/node
          node /tmp/node_modules/.bin/../rimraf/bin.js
          1⤵
          • Command and Scripting Interpreter: JavaScript
          • Enumerates kernel/hardware configuration
          • Reads runtime system information
          PID:1484

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads