b4474348e53f927c304f9b7da84928aa3425484ec7715590b130bf71ea8afe1d

Analysis

max time kernel
113s
max time network
151s
platform
debian-9_mips
resource
debian9-mipsbe-20240729-en
resource tags

arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
25-11-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
Size

1KB
MD5

cba6e6dfa77711fe4a65875b4a77c032
SHA1

66164fc6a7f678daa293570e05963555d418831e
SHA256

17d0c0361e8a66efc1db45004a75fad9cb33426d6c07b90db838929c4ae96a74
SHA512

7d30bb242d3deb0e7e3df8881103bfa868cddbd6ff01aaae6d64aa37eecaaf145785e21882e2fdf1c9e6aee2e05a1d888438a1fc780fb78c36e22e4ebd496842

Score

3^/10

discovery execution

Malware Config

Signatures

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd	gpgconf
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/self/fd	apt-get
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/crypto/fips_enabled	gpgv
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/kernel/ngroups_max	apt-get
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/sys/crypto/fips_enabled	gpg-connect-agent
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/crypto/fips_enabled	gpg-connect-agent
File opened for reading	/proc/self/fd	apt-get
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/sys/crypto/fips_enabled	gpgconf
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/crypto/fips_enabled	gpgconf
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	gpgv
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/sys/crypto/fips_enabled	gpgv
File opened for reading	/proc/sys/crypto/fips_enabled	https
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/sys/crypto/fips_enabled	gpg-connect-agent
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/filesystems	tar
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/crypto/fips_enabled	gpgconf
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd	apt-config

Writes file to tmp directory 32 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg	touch
File opened for modification	/tmp/fileutl.message.jSBOVo	apt-get
File opened for modification	/tmp/google-chrome-beta_current_amd64.deb	curl
File opened for modification	/tmp/fileutl.message.07sklC	apt-get
File opened for modification	/tmp/fileutl.message.60aqWL	apt-get
File opened for modification	/tmp/fileutl.message.L4XXNs	apt-get
File opened for modification	/tmp/apt.data.SnhQTp	gpgv
File opened for modification	/tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg	apt-key
File opened for modification	/tmp/apt.conf.VmmStC	gpgv
File opened for modification	/tmp/fileutl.message.H7wFAu	apt-get
File opened for modification	/tmp/fileutl.message.odx139	apt-get
File opened for modification	/tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg	apt-key
File opened for modification	/tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.orig.gpg	cp
File opened for modification	/tmp/fileutl.message.Sou5Ux	apt-get
File opened for modification	/tmp/fileutl.message.9dcEHz	apt-get
File opened for modification	/tmp/deb-file-google-chrome-beta_current_amd64.deb.gwVudj	apt-get
File opened for modification	/tmp/fileutl.message.UpzIWx	apt-get
File opened for modification	/tmp/fileutl.message.f0GHtP	apt-get
File opened for modification	/tmp/apt.conf.KvmZDA	gpgv
File opened for modification	/tmp/apt-key-gpghome.1H4subAFrZ/gpg.1.sh	apt-key
File opened for modification	/tmp/apt-key-gpghome.e7BP4e9eR1/gpg.1.sh	apt-key
File opened for modification	/tmp/fileutl.message.65y83p	apt-get
File opened for modification	/tmp/fileutl.message.CrqLlM	apt-get
File opened for modification	/tmp/apt.sig.2rG6Tj	gpgv
File opened for modification	/tmp/apt.sig.GdNlX4	gpgv
File opened for modification	/tmp/apt.data.nkXzpx	gpgv
File opened for modification	/tmp/apt-key-gpghome.yRCO2eBOmJ/gpg.1.sh	apt-key
File opened for modification	/tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg	touch
File opened for modification	/tmp/apt-key-gpghome.1H4subAFrZ/pubring.orig.gpg	cp
File opened for modification	/tmp/fileutl.message.6mzrSo	apt-get
File opened for modification	/tmp/fileutl.message.vhjNd8	apt-get
File opened for modification	/tmp/apt.conf.Ugkmfd	gpgv

Software Deployment Tools 1 TTPs 4 IoCs

Use software deployment tools to execute code.

execution

Software Deployment Tools

T1072

pid	Process
824	apt-get
983	apt-get
987	dpkg
822	dpkg

/tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
/tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:815

/usr/local/sbin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:815

/usr/local/bin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:815

/usr/sbin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:815

/usr/bin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:815

/sbin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:815

/bin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:815
- /usr/bin/arch
  arch
  2⤵
  PID:816
- /bin/bash
  bash -c "source /etc/os-release && echo \$ID"
  2⤵
  PID:821
- /usr/bin/dpkg
  dpkg --get-selections
  2⤵
  - Reads runtime system information
  - Software Deployment Tools
  PID:822
- /bin/grep
  grep -q "^google-chrome-beta[[:space:]]*install\$"
  2⤵
  PID:823
- /usr/bin/apt-get
  apt-get update
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  - Software Deployment Tools
  PID:824
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    PID:825
- - /usr/lib/apt/methods/http
    /usr/lib/apt/methods/http
    3⤵
    PID:826
- - /usr/lib/apt/methods/https
    /usr/lib/apt/methods/https
    3⤵
    PID:827
- - /usr/lib/apt/methods/https
    /usr/lib/apt/methods/https
    3⤵
    - Reads runtime system information
    PID:828
- - /usr/lib/apt/methods/http
    /usr/lib/apt/methods/http
    3⤵
    PID:829
- - /usr/lib/apt/methods/gpgv
    /usr/lib/apt/methods/gpgv
    3⤵
    PID:831
- - /usr/lib/apt/methods/gpgv
    /usr/lib/apt/methods/gpgv
    3⤵
    - Reads runtime system information
    - Writes file to tmp directory
    PID:832
  - - /usr/bin/apt-key
      /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.2rG6Tj /tmp/apt.data.SnhQTp
      4⤵
      Writes file to tmp directory
      PID:834
    - - /usr/bin/apt-config
        
        apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
        5⤵
        Reads runtime system information
        
        PID:836
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:837
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
        5⤵
        Reads runtime system information
        
        PID:838
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:839
    - - /usr/bin/apt-config
        
        apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
        5⤵
        Reads runtime system information
        
        PID:840
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:841
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
        5⤵
        Reads runtime system information
        
        PID:842
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:843
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
        5⤵
        Reads runtime system information
        
        PID:844
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        
        PID:845
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
        5⤵
        Reads runtime system information
        
        PID:846
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:847
    - - /usr/bin/apt-config
        
        apt-config shell GPGV Apt::Key::gpgvcommand
        5⤵
        Reads runtime system information
        
        PID:849
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:850
    - - /bin/mktemp
        
        mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
        5⤵
        
        PID:851
    - - /bin/chmod
        
        chmod 700 /tmp/apt-key-gpghome.yRCO2eBOmJ
        5⤵
        
        PID:852
    - - /bin/readlink
        
        readlink -f /tmp/apt-key-gpghome.yRCO2eBOmJ
        5⤵
        
        PID:853
    - - /bin/rm
        
        rm -f /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg
        5⤵
        
        PID:854
    - - /usr/bin/touch
        
        touch /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg
        5⤵
        Writes file to tmp directory
        
        PID:855
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
        5⤵
        Reads runtime system information
        
        PID:856
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:857
    - - /bin/readlink
        
        readlink -f /etc/apt/trusted.gpg.d/
        5⤵
        
        PID:858
    - - /usr/bin/find
        
        find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
        5⤵
        Reads runtime system information
        
        PID:859
    - - /usr/bin/sort
        
        sort
        5⤵
        
        PID:862
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
        5⤵
        
        PID:864
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
        5⤵
        
        PID:866
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
        5⤵
        
        PID:868
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
        5⤵
        
        PID:870
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
        5⤵
        
        PID:872
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
        5⤵
        
        PID:874
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
        5⤵
        
        PID:876
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
        5⤵
        
        PID:878
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
        5⤵
        
        PID:880
    - - /bin/cp
        
        cp -a /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.orig.gpg
        5⤵
        Reads runtime system information
        Writes file to tmp directory
        
        PID:881
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        Reads runtime system information
        
        PID:884
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        
        PID:887
    - - /usr/bin/gpgv
        
        gpgv --homedir /tmp/apt-key-gpghome.yRCO2eBOmJ --keyring /tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.2rG6Tj /tmp/apt.data.SnhQTp
        5⤵
        Reads runtime system information
        
        PID:888
    - - /usr/bin/gpgconf
        
        gpgconf --kill gpg-agent
        5⤵
        Reads runtime system information
        
        PID:889
      - /usr/bin/gpg-connect-agent
        
        gpg-connect-agent --no-autostart KILLAGENT
        6⤵
        Reads runtime system information
        
        PID:890
    - - /bin/rm
        
        rm -rf /tmp/apt-key-gpghome.yRCO2eBOmJ
        5⤵
        
        PID:891
  - - /usr/bin/apt-key
      /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release
      4⤵
      Writes file to tmp directory
      PID:893
    - - /usr/bin/apt-config
        
        apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
        5⤵
        
        PID:895
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:896
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
        5⤵
        
        PID:897
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:898
    - - /usr/bin/apt-config
        
        apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
        5⤵
        
        PID:899
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:900
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
        5⤵
        Reads runtime system information
        
        PID:901
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:902
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
        5⤵
        Reads runtime system information
        
        PID:903
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        
        PID:904
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
        5⤵
        Reads runtime system information
        
        PID:905
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:906
    - - /usr/bin/apt-config
        
        apt-config shell GPGV Apt::Key::gpgvcommand
        5⤵
        Reads runtime system information
        
        PID:908
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        
        PID:909
    - - /bin/mktemp
        
        mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
        5⤵
        
        PID:910
    - - /bin/chmod
        
        chmod 700 /tmp/apt-key-gpghome.1H4subAFrZ
        5⤵
        
        PID:911
    - - /bin/readlink
        
        readlink -f /tmp/apt-key-gpghome.1H4subAFrZ
        5⤵
        
        PID:912
    - - /bin/rm
        
        rm -f /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg
        5⤵
        
        PID:913
    - - /usr/bin/touch
        
        touch /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg
        5⤵
        Writes file to tmp directory
        
        PID:914
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
        5⤵
        Reads runtime system information
        
        PID:915
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:916
    - - /bin/readlink
        
        readlink -f /etc/apt/trusted.gpg.d/
        5⤵
        
        PID:917
    - - /usr/bin/find
        
        find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
        5⤵
        Reads runtime system information
        
        PID:918
    - - /usr/bin/sort
        
        sort
        5⤵
        
        PID:921
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
        5⤵
        
        PID:923
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
        5⤵
        
        PID:925
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
        5⤵
        
        PID:927
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
        5⤵
        
        PID:929
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
        5⤵
        
        PID:931
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
        5⤵
        
        PID:933
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
        5⤵
        
        PID:935
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
        5⤵
        
        PID:937
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
        5⤵
        
        PID:939
    - - /bin/cp
        
        cp -a /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg /tmp/apt-key-gpghome.1H4subAFrZ/pubring.orig.gpg
        5⤵
        Reads runtime system information
        Writes file to tmp directory
        
        PID:940
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        Reads runtime system information
        
        PID:943
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        Reads runtime system information
        
        PID:946
    - - /usr/bin/gpgv
        
        gpgv --homedir /tmp/apt-key-gpghome.1H4subAFrZ --keyring /tmp/apt-key-gpghome.1H4subAFrZ/pubring.gpg --ignore-time-conflict --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release
        5⤵
        Reads runtime system information
        
        PID:947
    - - /usr/bin/gpgconf
        
        gpgconf --kill gpg-agent
        5⤵
        Reads runtime system information
        
        PID:948
      - /usr/bin/gpg-connect-agent
        
        gpg-connect-agent --no-autostart KILLAGENT
        6⤵
        Reads runtime system information
        
        PID:949
    - - /bin/rm
        
        rm -rf /tmp/apt-key-gpghome.1H4subAFrZ
        5⤵
        
        PID:950
  - - /usr/bin/apt-key
      /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/keyrings/nodesource.gpg verify --status-fd 3 /tmp/apt.sig.GdNlX4 /tmp/apt.data.nkXzpx
      4⤵
      Writes file to tmp directory
      PID:952
    - - /usr/bin/apt-config
        
        apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
        5⤵
        Reads runtime system information
        
        PID:954
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:955
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
        5⤵
        Reads runtime system information
        
        PID:956
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:957
    - - /usr/bin/apt-config
        
        apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
        5⤵
        Reads runtime system information
        
        PID:958
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:959
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
        5⤵
        Reads runtime system information
        
        PID:960
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:961
    - - /usr/bin/apt-config
        
        apt-config shell GPGV Apt::Key::gpgvcommand
        5⤵
        
        PID:963
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:964
    - - /bin/mktemp
        
        mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
        5⤵
        
        PID:965
    - - /bin/chmod
        
        chmod 700 /tmp/apt-key-gpghome.e7BP4e9eR1
        5⤵
        
        PID:966
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        Reads runtime system information
        
        PID:970
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        
        PID:973
    - - /usr/bin/gpgv
        
        gpgv --homedir /tmp/apt-key-gpghome.e7BP4e9eR1 --keyring /etc/apt/keyrings/nodesource.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.GdNlX4 /tmp/apt.data.nkXzpx
        5⤵
        
        PID:975
    - - /usr/bin/gpgconf
        
        gpgconf --kill gpg-agent
        5⤵
        Reads runtime system information
        
        PID:976
      - /usr/bin/gpg-connect-agent
        
        gpg-connect-agent --no-autostart KILLAGENT
        6⤵
        Reads runtime system information
        
        PID:977
    - - /bin/rm
        
        rm -rf /tmp/apt-key-gpghome.e7BP4e9eR1
        5⤵
        
        PID:978
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    PID:979
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:980
- /usr/bin/curl
  curl -O https://dl.google.com/linux/direct/google-chrome-beta_current_amd64.deb
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:981
- /usr/bin/apt-get
  apt-get install -y ./google-chrome-beta_current_amd64.deb
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  - Software Deployment Tools
  PID:983
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:984
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    PID:985
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:986
- - /usr/bin/dpkg
    /usr/bin/dpkg -I /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    - Reads runtime system information
    - Software Deployment Tools
    PID:987
- - /usr/local/sbin/dpkg-deb
    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    PID:987
- - /usr/local/bin/dpkg-deb
    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    PID:987
- - /usr/sbin/dpkg-deb
    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    PID:987
- - /usr/bin/dpkg-deb
    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    PID:987
  - - /usr/local/sbin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:990
  - - /usr/local/bin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:990
  - - /usr/sbin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:990
  - - /usr/bin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:990
  - - /sbin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:990
  - - /bin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      Reads runtime system information
      PID:990
  - - /usr/local/sbin/rm
      rm -rf -- /tmp/dpkg-deb.kqgKI7
      4⤵
      PID:991
  - - /usr/local/bin/rm
      rm -rf -- /tmp/dpkg-deb.kqgKI7
      4⤵
      PID:991
  - - /usr/sbin/rm
      rm -rf -- /tmp/dpkg-deb.kqgKI7
      4⤵
      PID:991
  - - /usr/bin/rm
      rm -rf -- /tmp/dpkg-deb.kqgKI7
      4⤵
      PID:991
  - - /sbin/rm
      rm -rf -- /tmp/dpkg-deb.kqgKI7
      4⤵
      PID:991
  - - /bin/rm
      rm -rf -- /tmp/dpkg-deb.kqgKI7
      4⤵
      PID:991
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    PID:992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Software Deployment Tools

T1072

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Software Deployment Tools

T1072

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/apt-key-gpghome.1H4subAFrZ/gpg.1.sh

Filesize
82B

MD5
05c3778dc9407fd30b8979bc17d2601d

SHA1
7d1449d480f5ecd392f58eff3d143c93f54a21e4

SHA256
05602dcd1e5c07bbfeb2115ff2b5683e2a2b1cb12ebf05d364ed6ca2e529417e

SHA512
8612d09db07110ae13f62c93bc5d44fc4451da6805ff3bf4988cbc0e55e984ecff54285670b6dee18815ef508ca4dc3aba83537c2805ce87012f6b406c74ab66

Download Submit
/tmp/apt-key-gpghome.e7BP4e9eR1/gpg.1.sh

Filesize
71B

MD5
4a502d34c9274bf20ac5781ec24f97d5

SHA1
524c16347caa1e4e4c89fe3a397248a4059be41c

SHA256
11f70f1f445376846199cd886a909f58a5eca110d2539720b1b938410836514d

SHA512
93ef1e10a3d08717b72b129dced28bd24adf1f94b86631b53ab15b5156b0c1b692962ce29c53f3ce9ef08b42a12db213927f1b1bca4a3f534de8f3ea7441a1bf

Download Submit
/tmp/apt-key-gpghome.yRCO2eBOmJ/gpg.1.sh

Filesize
82B

MD5
753ebce1fe66fbe706f12a47a36c3acf

SHA1
f51333a188bf519afc3c15b71fca5352a5996f01

SHA256
359f95f02d3b5a982116c34f571a266b34ee014a00af0ccd93832113a5351017

SHA512
b349e62013249604feb138dba2cc6c30039037f19804a30445c013dc9a70fd9f054bcdd3fd48484d3d363fbd1cf43b8ebd8a87d72e4943947a3641d4fe5eded4

Download Submit
/tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

Filesize
15KB

MD5
2713b38b3d7345961d8b80f4463483b8

SHA1
e6ec76aaebfea6a82f7984b57e07522a20365201

SHA256
389d00b5cbd2f69f32065448000a0607aec056e39af958f62e89c4c7e6228248

SHA512
ecee7b3045f49f7fa7443a8658602817bb2c8d2d07ae930536e3f2daaa5854903bf339af6c2fd4b02f8627f050ce360d2feddcf40569b58d304cfc459f418978

Download Submit
/tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

Filesize
18KB

MD5
760d3ab91f417958475b9a6342a5b92e

SHA1
137a06aea4b5c9e9ca11f0f5f1225da1c275c334

SHA256
42b348802c4290af6f9f30f984513f22fdd342ac3561ccb82957561a6b7c291f

SHA512
6cefcfae1c95c94b66b46d9242e62ddf7d7c65bd8d9bc9dc4e4c6230443ba33668ed160e1882f48a0b5daf59a46ccca09240ebe666017f059bd55e02fb1f2db6

Download Submit
/tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

Filesize
23KB

MD5
d63fbab9dfb826d53f7b3aaea45dbfb5

SHA1
59841d8e5423f788292af76d4350a948f4e25f53

SHA256
de329f1f48b751a7527f8ce3150452a4282ce69990e9318ab82d5b46b9f751ca

SHA512
20118f98c87eb60f0abafd5b4c2ffb4b1faf92777ee7402b98c0f5dc42d492c83f94d6903bdeee006187ac344a57afeaa84b54a973b483ff13e49773071d8198

Download Submit
/tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

Filesize
47KB

MD5
a4dc094481f22304cab5550218e6e4de

SHA1
f5886a324c0c026d0168656f23d1d898a0e43bd6

SHA256
eef8c4d7d518a986e4f1cfeec729b55369b863ed6b62a23cbe9d88aa56de5391

SHA512
0f040c957db3d500ba18315db33cca6eb18f9c80d952710f839833a73dd89b72e2e01178084c17348e312a427a6b9150937199b4912e71dfd1a7e2dd43723f68

Download Submit
/tmp/apt-key-gpghome.yRCO2eBOmJ/pubring.gpg

Filesize
7KB

MD5
b53e6ca4ed295fc38621315853f623d0

SHA1
45a416f014809735ec88854a3540c8e9e89eb102

SHA256
6246307cc0130f6bd52510a477960f7c7be431b25979d7e20a88dc2fac58ac93

SHA512
30b5d2571840c2319a4af3907afda8ab00cf2879c83aaee1048ca972c0d3ddbf7995a167a31b19c45195b636ab46e73b0534459c6ee79c557fac8bfc01d857ac

Download Submit
/tmp/apt.conf.Ugkmfd

Filesize
7KB

MD5
888b69612f796e76004b6312f7c07c5a

SHA1
8473a4114b60f4f93150e08c44f6908069943b43

SHA256
b84b8be5406657e163fd2333afc00de1b91df4837563bfe330f34e30402456e2

SHA512
76e05e08200975efbac0b1ebbc232135d35ad6b16bbe8b0238f01b6f9acf712a2479bf309aa81eb8eacfc3ee823a531b4e9b89cbf1364b1bf84c04abb90122bd

Download Submit
/tmp/apt.data.SnhQTp

Filesize
56KB

MD5
fd96c8ce5d0ef18d63bbe9ae17bb2659

SHA1
76b284743d95d3546df9d85c09712c830a30f614

SHA256
ffc8a7a283b61633aac383ddf8f863df3f39ef241a07a4127f51a2495ef674b3

SHA512
2486acdfc102f8f8498d8db2f205915115444dd118507369044202dc9a97109b4c738a2faf16c1f5ce5e4452ae0af17ae4691ac3bf5e7c5e2db271c0f40a4cb2

Download Submit
/tmp/apt.sig.2rG6Tj

Filesize
1KB

MD5
70274ce622b0cc437ef7f0caddc9d232

SHA1
124513a3ad2eb5aafa9be0920681e3bb8625979b

SHA256
4055d2ccc7c4be062ed390944548206ece5ed7613eae114b9e53ef15f3905230

SHA512
fed0054da258bb4a99e8adac359322d9ecc67caeee872309ea7d9863db6a1ec2a55497100e31538f42b43b9efc997e779e3774c8a0c6b0206254d7252d8699c8

Download Submit
/tmp/deb-file-google-chrome-beta_current_amd64.deb.gwVudj

Filesize
1KB

MD5
d2243d917c693153285072570ebb2c44

SHA1
dbb431f2031f9b67b6f8dc2a41397b69fa6eabae

SHA256
e9c3f01dd52ccaf8a7b65696f23c4ae1eae581bd49652d29f6de96f678b34d07

SHA512
d825796e5de2dd7965e762cfc26dd24f418e478c4b6033ce907c586aff8f50408d7492029f0f713230ddd6570d80d4633c8f0807ad3d08e29cb6a6368d2eeb00

Download Submit
/tmp/dpkg-deb.kqgKI7/control

Filesize
1KB

MD5
92902d303461b5c905c667bb82d55c65

SHA1
b623d1c8e9060eb426d19605cd810c9cf98d0b54

SHA256
66f6f543870d7e667bb870edceb9960ed67c3a972b36bbc69498e0f19430b7d8

SHA512
9fa1bcd0af361ba9a5c7537c5a6759455e95b7e089490b581d59ec8cb5d571c68c1dd38f4ebf557bd27a529035dbc9e25a45c2e1f7ba611565f75b87ff67144e

Download Submit
/tmp/dpkg-deb.kqgKI7/postinst

Filesize
26KB

MD5
7a4c06a537cf3e4e7ea4f00cf08e3bc6

SHA1
08d30f017d78966e9041181e5e675b015dc14107

SHA256
038f43a8b161ef4827d0a63b750ec201ec67d9c987fb228e976f10263d326582

SHA512
b2b5711d89b617223dab45ae5d19547db33f3ed628df32b8a2a8cfd1491592d1ead93560d0b3814e0209d5079a4e6f3d4ec7841f5f5696ae785407c50d91dc62

Download Submit
/tmp/dpkg-deb.kqgKI7/postrm

Filesize
21KB

MD5
e0b6dec9aa6ff430754e64445ade2317

SHA1
ad1ee754557676cac6a802fa740e005bf06c8470

SHA256
5135a12604f40aeb7df1ab660717bf4806d1188b89234e0453973c85ecb1f74c

SHA512
d1e626f7380bf9222b2c4dadc604f9b901678816f55ad6afa70fe252844b5b107d050ecede2156d4b229a092c96ff4f2237e8bee76dd401bf4dba4af620faf70

Download Submit
/tmp/dpkg-deb.kqgKI7/prerm

Filesize
1KB

MD5
c48bb92ddb66eadecc16d75efdb9edc5

SHA1
c5ceefc1b8b90e7d2145cebc3fb9b2a74ffecc56

SHA256
f826c434426ec15fb67203fd51827c96a128305d6fce9019f904d3abdca733b7

SHA512
031c5df9169724d4426567b674234feb87845e23932b962f3adfbd859527e1a8a424f34322854bc1921f0402a19e669a0e7f146d10f1e34d9d20834359e75f93

Download Submit
/tmp/google-chrome-beta_current_amd64.deb

Filesize
107.0MB

MD5
cb9cdad386cb15429e9d5428a3045d3c

SHA1
0b90aab042df7bbe50bb3316a6aa1b8061dc3d13

SHA256
1104a0635e1c00e63a58da09f795c3b66a5ddb4d8a77b32768fd1911c11f59f2

SHA512
5d865b22efa7989323c875902e7fcbcd8712ce1717fb7362160d1b521ae861f6649daf83e2e696688386f418862493c5113227c5c19ac4eb6b38ffd576ad10d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads