Overview

overview

10

Static

static

10

platforms/...479.sh

ubuntu-18.04-amd64

3

platforms/...479.sh

debian-9-armhf

3

platforms/...479.sh

debian-9-mips

3

platforms/...479.sh

debian-9-mipsel

3

platforms/...481.sh

ubuntu-18.04-amd64

1

platforms/...481.sh

debian-9-armhf

1

platforms/...481.sh

debian-9-mips

1

platforms/...481.sh

debian-9-mipsel

1

platforms/...232.sh

ubuntu-18.04-amd64

3

platforms/...232.sh

debian-9-armhf

3

platforms/...232.sh

debian-9-mips

3

platforms/...232.sh

debian-9-mipsel

3

platforms/...612.py

windows7-x64

3

platforms/...612.py

windows10-2004-x64

3

platforms/...701.sh

windows7-x64

3

platforms/...701.sh

windows10-2004-x64

3

platforms/...898.sh

ubuntu-18.04-amd64

platforms/...898.sh

debian-9-armhf

platforms/...898.sh

debian-9-mips

platforms/...898.sh

debian-9-mipsel

platforms/...010.pl

ubuntu-18.04-amd64

platforms/...010.pl

debian-9-armhf

platforms/...010.pl

debian-9-mips

platforms/...010.pl

debian-9-mipsel

platforms/...070.pl

ubuntu-18.04-amd64

platforms/...070.pl

debian-9-armhf

platforms/...070.pl

debian-9-mips

platforms/...070.pl

debian-9-mipsel

platforms/...071.pl

ubuntu-18.04-amd64

1

platforms/...071.pl

debian-9-armhf

1

platforms/...071.pl

debian-9-mips

1

platforms/...071.pl

debian-9-mipsel

1

Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    25-11-2024 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    platforms/aix/local/4232.sh

  • Size

    635B

  • MD5

    a3546946df48b2c8403d47b61e0c329f

  • SHA1

    6f631ee5481c1d31041b72a4fb8dbca1788419c0

  • SHA256

    6dd9464a2091f42438f09c9aa668fa0133837ec281e576db9778a23b0cb9018f

  • SHA512

    0b83d1409ecfd3013dbe652b8d5b15a52602096e1fd71701c2d64179dbddb8eccc50002fc76acb759f57e173431e2a16a2b5f12dbce768017ccf6f826afac7c3

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 11 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/platforms/aix/local/4232.sh
    /tmp/platforms/aix/local/4232.sh
    1⤵
    • Writes file to tmp directory
    PID:1524
    • /bin/cat
      cat
      2⤵
        PID:1525
      • /usr/bin/gcc
        gcc piolib.c -o piolib -shared -fPIC
        2⤵
        • Writes file to tmp directory
        PID:1526
        • /usr/lib/gcc/x86_64-linux-gnu/7/cc1
          /usr/lib/gcc/x86_64-linux-gnu/7/cc1 -quiet -imultiarch x86_64-linux-gnu piolib.c -quiet -dumpbase piolib.c "-mtune=generic" "-march=x86-64" -auxbase piolib -fPIC -fstack-protector-strong -Wformat -Wformat-security -o /tmp/ccI0JUNu.s
          3⤵
          • Writes file to tmp directory
          PID:1527
        • /usr/local/sbin/as
          as --64 -o /tmp/ccc6Ih16.o /tmp/ccI0JUNu.s
          3⤵
            PID:1528
          • /usr/local/bin/as
            as --64 -o /tmp/ccc6Ih16.o /tmp/ccI0JUNu.s
            3⤵
              PID:1528
            • /usr/sbin/as
              as --64 -o /tmp/ccc6Ih16.o /tmp/ccI0JUNu.s
              3⤵
                PID:1528
              • /usr/bin/as
                as --64 -o /tmp/ccc6Ih16.o /tmp/ccI0JUNu.s
                3⤵
                • Writes file to tmp directory
                PID:1528
              • /usr/lib/gcc/x86_64-linux-gnu/7/collect2
                /usr/lib/gcc/x86_64-linux-gnu/7/collect2 -plugin /usr/lib/gcc/x86_64-linux-gnu/7/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccWrtslJ.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" --build-id --eh-frame-hdr -m elf_x86_64 "--hash-style=gnu" --as-needed -shared -z relro -o piolib /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/7/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/7 -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/7/../../.. /tmp/ccc6Ih16.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state /usr/lib/gcc/x86_64-linux-gnu/7/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crtn.o
                3⤵
                • Writes file to tmp directory
                PID:1529
                • /usr/bin/ld
                  /usr/bin/ld -plugin /usr/lib/gcc/x86_64-linux-gnu/7/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/x86_64-linux-gnu/7/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccWrtslJ.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" --build-id --eh-frame-hdr -m elf_x86_64 "--hash-style=gnu" --as-needed -shared -z relro -o piolib /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crti.o /usr/lib/gcc/x86_64-linux-gnu/7/crtbeginS.o -L/usr/lib/gcc/x86_64-linux-gnu/7 -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu -L/usr/lib/gcc/x86_64-linux-gnu/7/../../../../lib -L/lib/x86_64-linux-gnu -L/lib/../lib -L/usr/lib/x86_64-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/x86_64-linux-gnu/7/../../.. /tmp/ccc6Ih16.o -lgcc --push-state --as-needed -lgcc_s --pop-state -lc -lgcc --push-state --as-needed -lgcc_s --pop-state /usr/lib/gcc/x86_64-linux-gnu/7/crtendS.o /usr/lib/gcc/x86_64-linux-gnu/7/../../../x86_64-linux-gnu/crtn.o
                  4⤵
                  • Writes file to tmp directory
                  PID:1530
            • /usr/lpd/pio/etc/pioout
              /usr/lpd/pio/etc/pioout -R ./piolib
              2⤵
                PID:1531
              • /bin/rm
                rm -f piolib.c piolib
                2⤵
                  PID:1532

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /tmp/ccI0JUNu.s
                Filesize

                986B

                MD5

                85ede4317f5e131f1dcc0ddc40e28be7

                SHA1

                07f633e3ded415a8f652d51f7e9529e497c42fea

                SHA256

                0506e31ef4a44786ae3f57d9415d29393fcb17f8f250f7206f01887375a03728

                SHA512

                b26d56539ce9fd25cd33fc4f660a5e6e698d8e01a9012454e5c76c57a5d21019248859af2ee80e1f028ee0e02aa4f93a3c97a375a63d8e3adc4ed5a048a4f89c

                Download Submit

              • /tmp/ccc6Ih16.o
                Filesize

                2KB

                MD5

                b002b6b7b9cc7df24e3cd4ad8e7e60f0

                SHA1

                56f4735e1bb2376900df8b45c2dc9b046755bedf

                SHA256

                9bfd5a82b18cea531fad4ae9c48a3658135d5c54c0d200340228c9317ca4cddc

                SHA512

                cb2cd998d6011444a5f8a4f76e659c9d1fed74235b4a825293a5c8e58b664a254006cbeb5499da41c0f5c2b2685326400c2d102384deb4fbcb5a6250d30cec72

                Download Submit

              • /tmp/platforms/aix/local/piolib
                Filesize

                7KB

                MD5

                37277c8fafff5c50fabb9f40f7a338d2

                SHA1

                8274ac1fe9997d93a6a4b0c491b2444b60eaee73

                SHA256

                db58e2bb23eaca0744091aaf735a1051eded957c63b72971b8b1259af4b8d1cb

                SHA512

                b55631e8f2349b193eb54996737d552fade7b3d131796b3b819bb5d2cc45e539cd08d019607cece38f12aa8ba17f24cd990c1e598d8fcfa99f3ae9c129249be5

                Download Submit

              • /tmp/platforms/aix/local/piolib.c
                Filesize

                273B

                MD5

                7d7d2ea6cde42ce582f464e4436246b9

                SHA1

                e902c4c205bff6e4e03506159d35891d68edbd62

                SHA256

                dee8d23345dc1b1f2ab6c126a3aa9d03800164e90d8f0823be48296ba6bce036

                SHA512

                8539d0ca0b56e8cbcf1d3a2e71db0b9aec4ff949dc9bae54657ecc87e94eeea3eee5d9b442c4c670142c6cd1fb48c568cab65dcf4f31ff4bab4ab2e60844f4d2

                Download Submit