Overview

overview

10

Static

static

10

platforms/...479.sh

ubuntu-18.04-amd64

3

platforms/...479.sh

debian-9-armhf

3

platforms/...479.sh

debian-9-mips

3

platforms/...479.sh

debian-9-mipsel

3

platforms/...481.sh

ubuntu-18.04-amd64

1

platforms/...481.sh

debian-9-armhf

1

platforms/...481.sh

debian-9-mips

1

platforms/...481.sh

debian-9-mipsel

1

platforms/...232.sh

ubuntu-18.04-amd64

3

platforms/...232.sh

debian-9-armhf

3

platforms/...232.sh

debian-9-mips

3

platforms/...232.sh

debian-9-mipsel

3

platforms/...612.py

windows7-x64

3

platforms/...612.py

windows10-2004-x64

3

platforms/...701.sh

windows7-x64

3

platforms/...701.sh

windows10-2004-x64

3

platforms/...898.sh

ubuntu-18.04-amd64

platforms/...898.sh

debian-9-armhf

platforms/...898.sh

debian-9-mips

platforms/...898.sh

debian-9-mipsel

platforms/...010.pl

ubuntu-18.04-amd64

platforms/...010.pl

debian-9-armhf

platforms/...010.pl

debian-9-mips

platforms/...010.pl

debian-9-mipsel

platforms/...070.pl

ubuntu-18.04-amd64

platforms/...070.pl

debian-9-armhf

platforms/...070.pl

debian-9-mips

platforms/...070.pl

debian-9-mipsel

platforms/...071.pl

ubuntu-18.04-amd64

1

platforms/...071.pl

debian-9-armhf

1

platforms/...071.pl

debian-9-mips

1

platforms/...071.pl

debian-9-mipsel

1

Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    25-11-2024 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    platforms/QNX/local/1479.sh

  • Size

    644B

  • MD5

    f2273bf88664e68857f46681317c9cc7

  • SHA1

    1ee20de6c758683652740ff8cce2281461a53893

  • SHA256

    710313d9fb5b811740f47cd8256de2ec1fa8dc8eb266532718382f5af867c8ca

  • SHA512

    4706f1e79dea89c043ad835e19ace01e24464c59946f1b767b014d7c2c33d8c3ce10c2e05e844d1fea4df255024ea23ea292f81170339ea238c58ec669aa2c9a

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 11 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/platforms/QNX/local/1479.sh
    /tmp/platforms/QNX/local/1479.sh
    1⤵
    • Writes file to tmp directory
    PID:1526
    • /bin/cat
      cat
      2⤵
        PID:1527
      • /usr/bin/make
        make phfontphf
        2⤵
          PID:1528
          • /usr/local/sbin/cc
            cc phfontphf.c -o phfontphf
            3⤵
              PID:1529
            • /usr/local/bin/cc
              cc phfontphf.c -o phfontphf
              3⤵
                PID:1529
              • /usr/sbin/cc
                cc phfontphf.c -o phfontphf
                3⤵
                  PID:1529
                • /usr/bin/cc
                  cc phfontphf.c -o phfontphf
                  3⤵
                  • Writes file to tmp directory
                  PID:1529
                  • /usr/lib/gcc/x86_64-linux-gnu/7/cc1
                    /usr/lib/gcc/x86_64-linux-gnu/7/cc1 -quiet -imultiarch x86_64-linux-gnu phfontphf.c -quiet -dumpbase phfontphf.c "-mtune=generic" "-march=x86-64" -auxbase phfontphf -fstack-protector-strong -Wformat -Wformat-security -o /tmp/cc6AsvCb.s
                    4⤵
                    • Writes file to tmp directory
                    PID:1530
                  • /usr/local/sbin/as
                    as --64 -o /tmp/ccR3xGcM.o /tmp/cc6AsvCb.s
                    4⤵
                      PID:1531
                    • /usr/local/bin/as
                      as --64 -o /tmp/ccR3xGcM.o /tmp/cc6AsvCb.s
                      4⤵
                        PID:1531
                      • /usr/sbin/as
                        as --64 -o /tmp/ccR3xGcM.o /tmp/cc6AsvCb.s
                        4⤵
                          PID:1531
                        • /usr/bin/as
                          as --64 -o /tmp/ccR3xGcM.o /tmp/cc6AsvCb.s
                          4⤵
                          • Writes file to tmp directory
                          PID:1531
                        • /usr/lib/gcc/x86_64-linux-gnu/7/collect2
                          /usr/lib/gcc/x86_64-linux-gnu/7/collect2 -plugin /usr/lib/gcc/x86_64-linux-gnu/7/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccm0hoSm.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" --build-id --eh-frame-hdr -m elf_x86_64 "--hash-style=gnu" --as-needed -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie -z now -z relro -o phfontphf /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/Scrt1.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/7/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/7 -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/7/../../.. /tmp/ccR3xGcM.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state /usr/lib/gcc/x86_64-linux-gnu/7/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crtn.o
                          4⤵
                          • Writes file to tmp directory
                          PID:1532
                          • /usr/bin/ld
                            /usr/bin/ld -plugin /usr/lib/gcc/x86_64-linux-gnu/7/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccm0hoSm.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" --build-id --eh-frame-hdr -m elf_x86_64 "--hash-style=gnu" --as-needed -dynamic-linker /lib64/ld-linux-x86-64.so.2 -pie -z now -z relro -o phfontphf /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/Scrt1.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/7/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/7 -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/7/../../.. /tmp/ccR3xGcM.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state /usr/lib/gcc/x86_64-linux-gnu/7/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crtn.o
                            5⤵
                            • Writes file to tmp directory
                            PID:1533
                    • /bin/ln
                      ln -s /usr/photon/bin/phfont ./phfont
                      2⤵
                        PID:1534
                      • /tmp/platforms/QNX/local/phfont
                        ./phfont
                        2⤵
                          PID:1535
                        • /bin/rm
                          rm phfont phfontphf phfontphf.c
                          2⤵
                            PID:1536

                        Network

                        MITRE ATT&CK Matrix

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • /tmp/cc6AsvCb.s
                          Filesize

                          617B

                          MD5

                          e5e82fe50111b17db78ba9d0c76b8e3b

                          SHA1

                          b0a631382a79864be3c0dea2b15c2dd3bd2991b1

                          SHA256

                          b9d6b299eb0c9882f01df8cb70d01ef9350b9c6ffe45b21a1a3b5ce379ef3e63

                          SHA512

                          577dc034a23480a3c15edd11fdfe26a943835c69f6334f70d50ae68e0978b476249036b630e37d267055340d7867b253b15ac7c06f5ac970f41c1de7cd1352e6

                          Download Submit

                        • /tmp/ccR3xGcM.o
                          Filesize

                          1KB

                          MD5

                          f2302186bfead636d3c2e067e955f3de

                          SHA1

                          cd40576412128327654861c2951869745de745f6

                          SHA256

                          52a4ebb7f9e8894e246cebc3e38f1f8ee750b60503a90d7b929a0e350c82e11e

                          SHA512

                          3f42e109e2f7059f62175b323ade15f664e9a29b998dbafb9dfcbb0ca1c99620d050261140fae64ce455de76b263aca992755193bf6fd880a2bc5536bb6e8ec5

                          Download Submit

                        • /tmp/platforms/QNX/local/phfontphf
                          Filesize

                          8KB

                          MD5

                          c011220420607ed65d1a8c10b2d9d437

                          SHA1

                          5ad6c2f264c9cc79aaac97bff8e50e83ac5d4f5b

                          SHA256

                          8de10d33f534efa78a181f0fac6b3a47f5eb5d443a9f0011ee643a0b230ba16c

                          SHA512

                          604605e188496db91851ff4aed958886c085ad1c06be6308adcee2b70368340c060c5b52d79b46d48a4a99273272a2e9d7a93ac10df84e55405a57c813ea50d0

                          Download Submit

                        • /tmp/platforms/QNX/local/phfontphf.c
                          Filesize

                          128B

                          MD5

                          21bbe0b519bf442c3afdf1ac622e0637

                          SHA1

                          4d068ce6feba9e3fb2c27408c94bff2637ca22ec

                          SHA256

                          0d8d3adeed3013b55b9cd8e3ac5cbad673ce4aa214e2cd44c15dc4f2a6fdec36

                          SHA512

                          e476b1c6d6f7a2c3aab88733daae032f86d4bc9ca6b0b5e535875682579a14ac276cd8aadee5bc62a6426bf69a44d12f6b954d1bae9cc8e821108422af8b5fd4

                          Download Submit