b4474348e53f927c304f9b7da84928aa3425484ec7715590b130bf71ea8afe1d

Analysis

max time kernel
134s
max time network
159s
platform
debian-9_mipsel
resource
debian9-mipsel-20240611-en
resource tags

arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
25-11-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
Size

1KB
MD5

cba6e6dfa77711fe4a65875b4a77c032
SHA1

66164fc6a7f678daa293570e05963555d418831e
SHA256

17d0c0361e8a66efc1db45004a75fad9cb33426d6c07b90db838929c4ae96a74
SHA512

7d30bb242d3deb0e7e3df8881103bfa868cddbd6ff01aaae6d64aa37eecaaf145785e21882e2fdf1c9e6aee2e05a1d888438a1fc780fb78c36e22e4ebd496842

Score

3^/10

discovery execution

Malware Config

Signatures

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	gpgconf
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/sys/crypto/fips_enabled	gpgv
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/sys/crypto/fips_enabled	gpgconf
File opened for reading	/proc/sys/crypto/fips_enabled	gpg-connect-agent
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/self/fd	apt-get
File opened for reading	/proc/filesystems	tar
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/crypto/fips_enabled	https
File opened for reading	/proc/sys/crypto/fips_enabled	gpg-connect-agent
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/sys/crypto/fips_enabled	gpgv
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/sys/crypto/fips_enabled	gpgconf
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/crypto/fips_enabled	gpgv
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/self/fd	apt-config
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/filesystems	dpkg
File opened for reading	/proc/sys/crypto/fips_enabled	curl
File opened for reading	/proc/self/fd	gpgconf
File opened for reading	/proc/sys/kernel/ngroups_max	apt-get

Writes file to tmp directory 32 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/google-chrome-beta_current_amd64.deb	curl
File opened for modification	/tmp/fileutl.message.NcVSZB	apt-get
File opened for modification	/tmp/apt-key-gpghome.hN5QwScN1B/gpg.1.sh	apt-key
File opened for modification	/tmp/fileutl.message.VSY9Yu	apt-get
File opened for modification	/tmp/fileutl.message.CSoQ8v	apt-get
File opened for modification	/tmp/fileutl.message.xnTqHD	apt-get
File opened for modification	/tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg	apt-key
File opened for modification	/tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg	touch
File opened for modification	/tmp/apt.sig.UwfqX3	gpgv
File opened for modification	/tmp/fileutl.message.8SA0LU	apt-get
File opened for modification	/tmp/apt.sig.8KW6Vz	gpgv
File opened for modification	/tmp/fileutl.message.u5TI7u	apt-get
File opened for modification	/tmp/deb-file-google-chrome-beta_current_amd64.deb.MAANb7	apt-get
File opened for modification	/tmp/fileutl.message.XTEe35	apt-get
File opened for modification	/tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg	apt-key
File opened for modification	/tmp/fileutl.message.yeuX77	apt-get
File opened for modification	/tmp/fileutl.message.sZxZse	apt-get
File opened for modification	/tmp/apt.conf.3zOFDb	gpgv
File opened for modification	/tmp/apt-key-gpghome.HIF1k3hIxH/gpg.1.sh	apt-key
File opened for modification	/tmp/apt.conf.0LMLmR	gpgv
File opened for modification	/tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg	touch
File opened for modification	/tmp/apt-key-gpghome.kZ84SMtwTF/pubring.orig.gpg	cp
File opened for modification	/tmp/apt-key-gpghome.kZ84SMtwTF/gpg.1.sh	apt-key
File opened for modification	/tmp/fileutl.message.PtvrYA	apt-get
File opened for modification	/tmp/apt.data.b4AaT0	gpgv
File opened for modification	/tmp/fileutl.message.QfR7mB	apt-get
File opened for modification	/tmp/fileutl.message.2PqNdF	apt-get
File opened for modification	/tmp/fileutl.message.bTO5Ob	apt-get
File opened for modification	/tmp/fileutl.message.Cch6dB	apt-get
File opened for modification	/tmp/apt-key-gpghome.hN5QwScN1B/pubring.orig.gpg	cp
File opened for modification	/tmp/apt.conf.P9lB06	gpgv
File opened for modification	/tmp/apt.data.S3spYi	gpgv

Software Deployment Tools 1 TTPs 4 IoCs

Use software deployment tools to execute code.

execution

Software Deployment Tools

T1072

pid	Process
784	apt-get
976	apt-get
980	dpkg
782	dpkg

/tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
/tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:776

/usr/local/sbin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:776

/usr/local/bin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:776

/usr/sbin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:776

/usr/bin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:776

/sbin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:776

/bin/bash
bash /tmp/resources/app.asar.unpacked/node_modules/playwright-core/bin/reinstall_chrome_beta_linux.sh
1⤵
PID:776
- /usr/bin/arch
  arch
  2⤵
  PID:778
- /bin/bash
  bash -c "source /etc/os-release && echo \$ID"
  2⤵
  PID:779
- /bin/grep
  grep -q "^google-chrome-beta[[:space:]]*install\$"
  2⤵
  PID:783
- /usr/bin/dpkg
  dpkg --get-selections
  2⤵
  - Reads runtime system information
  - Software Deployment Tools
  PID:782
- /usr/bin/apt-get
  apt-get update
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  - Software Deployment Tools
  PID:784
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:785
- - /usr/lib/apt/methods/http
    /usr/lib/apt/methods/http
    3⤵
    PID:786
- - /usr/lib/apt/methods/https
    /usr/lib/apt/methods/https
    3⤵
    PID:787
- - /usr/lib/apt/methods/https
    /usr/lib/apt/methods/https
    3⤵
    - Reads runtime system information
    PID:788
- - /usr/lib/apt/methods/http
    /usr/lib/apt/methods/http
    3⤵
    PID:789
- - /usr/lib/apt/methods/gpgv
    /usr/lib/apt/methods/gpgv
    3⤵
    PID:794
- - /usr/lib/apt/methods/gpgv
    /usr/lib/apt/methods/gpgv
    3⤵
    - Writes file to tmp directory
    PID:795
  - - /usr/bin/apt-key
      /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.8KW6Vz /tmp/apt.data.S3spYi
      4⤵
      Writes file to tmp directory
      PID:797
    - - /usr/bin/apt-config
        
        apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
        5⤵
        
        PID:799
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:800
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
        5⤵
        Reads runtime system information
        
        PID:801
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:802
    - - /usr/bin/apt-config
        
        apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
        5⤵
        
        PID:803
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:804
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
        5⤵
        Reads runtime system information
        
        PID:805
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:808
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
        5⤵
        Reads runtime system information
        
        PID:809
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:812
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
        5⤵
        Reads runtime system information
        
        PID:813
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:816
    - - /usr/bin/apt-config
        
        apt-config shell GPGV Apt::Key::gpgvcommand
        5⤵
        Reads runtime system information
        
        PID:818
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:820
    - - /bin/mktemp
        
        mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
        5⤵
        
        PID:822
    - - /bin/chmod
        
        chmod 700 /tmp/apt-key-gpghome.kZ84SMtwTF
        5⤵
        
        PID:823
    - - /bin/readlink
        
        readlink -f /tmp/apt-key-gpghome.kZ84SMtwTF
        5⤵
        
        PID:824
    - - /bin/rm
        
        rm -f /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg
        5⤵
        
        PID:826
    - - /usr/bin/touch
        
        touch /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg
        5⤵
        Writes file to tmp directory
        
        PID:828
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
        5⤵
        Reads runtime system information
        
        PID:829
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:831
    - - /bin/readlink
        
        readlink -f /etc/apt/trusted.gpg.d/
        5⤵
        
        PID:833
    - - /usr/bin/find
        
        find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
        5⤵
        Reads runtime system information
        
        PID:834
    - - /usr/bin/sort
        
        sort
        5⤵
        
        PID:838
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
        5⤵
        
        PID:840
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
        5⤵
        
        PID:843
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
        5⤵
        
        PID:845
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
        5⤵
        
        PID:847
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
        5⤵
        
        PID:850
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
        5⤵
        
        PID:853
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
        5⤵
        
        PID:855
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
        5⤵
        
        PID:857
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
        5⤵
        
        PID:859
    - - /bin/cp
        
        cp -a /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.orig.gpg
        5⤵
        Writes file to tmp directory
        
        PID:861
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        Reads runtime system information
        
        PID:865
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        Reads runtime system information
        
        PID:868
    - - /usr/bin/gpgv
        
        gpgv --homedir /tmp/apt-key-gpghome.kZ84SMtwTF --keyring /tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.8KW6Vz /tmp/apt.data.S3spYi
        5⤵
        Reads runtime system information
        
        PID:869
    - - /usr/bin/gpgconf
        
        gpgconf --kill gpg-agent
        5⤵
        Reads runtime system information
        
        PID:872
      - /usr/bin/gpg-connect-agent
        
        gpg-connect-agent --no-autostart KILLAGENT
        6⤵
        
        PID:874
    - - /bin/rm
        
        rm -rf /tmp/apt-key-gpghome.kZ84SMtwTF
        5⤵
        
        PID:876
  - - /usr/bin/apt-key
      /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release
      4⤵
      Writes file to tmp directory
      PID:878
    - - /usr/bin/apt-config
        
        apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
        5⤵
        Reads runtime system information
        
        PID:881
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:883
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
        5⤵
        
        PID:885
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:887
    - - /usr/bin/apt-config
        
        apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
        5⤵
        Reads runtime system information
        
        PID:889
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:891
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
        5⤵
        Reads runtime system information
        
        PID:893
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:895
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
        5⤵
        Reads runtime system information
        
        PID:896
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:897
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
        5⤵
        Reads runtime system information
        
        PID:898
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:899
    - - /usr/bin/apt-config
        
        apt-config shell GPGV Apt::Key::gpgvcommand
        5⤵
        Reads runtime system information
        
        PID:901
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:902
    - - /bin/mktemp
        
        mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
        5⤵
        
        PID:903
    - - /bin/chmod
        
        chmod 700 /tmp/apt-key-gpghome.hN5QwScN1B
        5⤵
        
        PID:904
    - - /bin/readlink
        
        readlink -f /tmp/apt-key-gpghome.hN5QwScN1B
        5⤵
        
        PID:905
    - - /bin/rm
        
        rm -f /tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg
        5⤵
        
        PID:906
    - - /usr/bin/touch
        
        touch /tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg
        5⤵
        Writes file to tmp directory
        
        PID:907
    - - /usr/bin/apt-config
        
        apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
        5⤵
        Reads runtime system information
        
        PID:908
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:909
    - - /bin/readlink
        
        readlink -f /etc/apt/trusted.gpg.d/
        5⤵
        
        PID:910
    - - /usr/bin/find
        
        find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"
        5⤵
        Reads runtime system information
        
        PID:911
    - - /usr/bin/sort
        
        sort
        5⤵
        
        PID:914
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
        5⤵
        
        PID:916
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
        5⤵
        
        PID:918
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
        5⤵
        
        PID:920
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
        5⤵
        
        PID:922
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
        5⤵
        
        PID:924
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
        5⤵
        
        PID:926
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
        5⤵
        
        PID:928
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
        5⤵
        
        PID:930
    - - /bin/cat
        
        cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
        5⤵
        
        PID:932
    - - /bin/cp
        
        cp -a /tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg /tmp/apt-key-gpghome.hN5QwScN1B/pubring.orig.gpg
        5⤵
        Reads runtime system information
        Writes file to tmp directory
        
        PID:933
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        
        PID:936
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        
        PID:939
    - - /usr/bin/gpgv
        
        gpgv --homedir /tmp/apt-key-gpghome.hN5QwScN1B --keyring /tmp/apt-key-gpghome.hN5QwScN1B/pubring.gpg --ignore-time-conflict --status-fd 3 /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release.gpg /var/lib/apt/lists/archive.debian.org_debian_dists_stretch_Release
        5⤵
        Reads runtime system information
        
        PID:940
    - - /usr/bin/gpgconf
        
        gpgconf --kill gpg-agent
        5⤵
        Reads runtime system information
        
        PID:941
      - /usr/bin/gpg-connect-agent
        
        gpg-connect-agent --no-autostart KILLAGENT
        6⤵
        Reads runtime system information
        
        PID:942
    - - /bin/rm
        
        rm -rf /tmp/apt-key-gpghome.hN5QwScN1B
        5⤵
        
        PID:943
  - - /usr/bin/apt-key
      /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/keyrings/nodesource.gpg verify --status-fd 3 /tmp/apt.sig.UwfqX3 /tmp/apt.data.b4AaT0
      4⤵
      Writes file to tmp directory
      PID:945
    - - /usr/bin/apt-config
        
        apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
        5⤵
        
        PID:947
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:948
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
        5⤵
        Reads runtime system information
        
        PID:949
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        
        PID:950
    - - /usr/bin/apt-config
        
        apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
        5⤵
        Reads runtime system information
        
        PID:951
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:952
    - - /usr/bin/apt-config
        
        apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
        5⤵
        
        PID:953
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:954
    - - /usr/bin/apt-config
        
        apt-config shell GPGV Apt::Key::gpgvcommand
        5⤵
        Reads runtime system information
        
        PID:956
      - /usr/bin/dpkg
        
        /usr/bin/dpkg --print-foreign-architectures
        6⤵
        Reads runtime system information
        
        PID:957
    - - /bin/mktemp
        
        mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
        5⤵
        
        PID:958
    - - /bin/chmod
        
        chmod 700 /tmp/apt-key-gpghome.HIF1k3hIxH
        5⤵
        
        PID:959
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        
        PID:963
    - - /bin/sed
        
        sed -e "s#'#'\"'\"'#g"
        5⤵
        Reads runtime system information
        
        PID:966
    - - /usr/bin/gpgv
        
        gpgv --homedir /tmp/apt-key-gpghome.HIF1k3hIxH --keyring /etc/apt/keyrings/nodesource.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.UwfqX3 /tmp/apt.data.b4AaT0
        5⤵
        Reads runtime system information
        
        PID:968
    - - /usr/bin/gpgconf
        
        gpgconf --kill gpg-agent
        5⤵
        Reads runtime system information
        
        PID:969
      - /usr/bin/gpg-connect-agent
        
        gpg-connect-agent --no-autostart KILLAGENT
        6⤵
        Reads runtime system information
        
        PID:970
    - - /bin/rm
        
        rm -rf /tmp/apt-key-gpghome.HIF1k3hIxH
        5⤵
        
        PID:971
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:972
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:973
- /usr/bin/curl
  curl -O https://dl.google.com/linux/direct/google-chrome-beta_current_amd64.deb
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:974
- /usr/bin/apt-get
  apt-get install -y ./google-chrome-beta_current_amd64.deb
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  - Software Deployment Tools
  PID:976
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    PID:977
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:978
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:979
- - /usr/bin/dpkg
    /usr/bin/dpkg -I /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    - Reads runtime system information
    - Software Deployment Tools
    PID:980
- - /usr/local/sbin/dpkg-deb
    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    PID:980
- - /usr/local/bin/dpkg-deb
    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    PID:980
- - /usr/sbin/dpkg-deb
    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    PID:980
- - /usr/bin/dpkg-deb
    dpkg-deb --info -- /tmp/google-chrome-beta_current_amd64.deb control
    3⤵
    PID:980
  - - /usr/local/sbin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:983
  - - /usr/local/bin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:983
  - - /usr/sbin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:983
  - - /usr/bin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:983
  - - /sbin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      PID:983
  - - /bin/tar
      tar -x -m -f - "--warning=no-timestamp"
      4⤵
      Reads runtime system information
      PID:983
  - - /usr/local/sbin/rm
      rm -rf -- /tmp/dpkg-deb.BOTDrj
      4⤵
      PID:984
  - - /usr/local/bin/rm
      rm -rf -- /tmp/dpkg-deb.BOTDrj
      4⤵
      PID:984
  - - /usr/sbin/rm
      rm -rf -- /tmp/dpkg-deb.BOTDrj
      4⤵
      PID:984
  - - /usr/bin/rm
      rm -rf -- /tmp/dpkg-deb.BOTDrj
      4⤵
      PID:984
  - - /sbin/rm
      rm -rf -- /tmp/dpkg-deb.BOTDrj
      4⤵
      PID:984
  - - /bin/rm
      rm -rf -- /tmp/dpkg-deb.BOTDrj
      4⤵
      PID:984
- - /usr/bin/dpkg
    /usr/bin/dpkg --print-foreign-architectures
    3⤵
    - Reads runtime system information
    PID:985

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Software Deployment Tools

T1072

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Software Deployment Tools

T1072

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/apt-key-gpghome.HIF1k3hIxH/gpg.1.sh

Filesize
71B

MD5
4a502d34c9274bf20ac5781ec24f97d5

SHA1
524c16347caa1e4e4c89fe3a397248a4059be41c

SHA256
11f70f1f445376846199cd886a909f58a5eca110d2539720b1b938410836514d

SHA512
93ef1e10a3d08717b72b129dced28bd24adf1f94b86631b53ab15b5156b0c1b692962ce29c53f3ce9ef08b42a12db213927f1b1bca4a3f534de8f3ea7441a1bf

Download Submit
/tmp/apt-key-gpghome.hN5QwScN1B/gpg.1.sh

Filesize
82B

MD5
386324828c18260ad0c088cf69dedd60

SHA1
be3030fe267c6bdbf8d2e99130d75daa77c67459

SHA256
78542cc5b8de8ea589d6741b057309b46dc98412c616d90f24254648642c0341

SHA512
4e67b2bca7462753803850df8117a649b1cc77fa041a439e5abb6b876c91ee44eb011229fac0ae3b2d4ea6aea7714f1b7c46a6a46ef21aba40ecba4158ccce89

Download Submit
/tmp/apt-key-gpghome.kZ84SMtwTF/gpg.1.sh

Filesize
82B

MD5
bc71ac407d3e0f1229a28ba4670db458

SHA1
8f3e9d72c901cb34d5e274b79b1168d13fdbb103

SHA256
218051f45f50c527093dce861eacc84d5cf1b19233e43d58a0866d83a1c277fe

SHA512
90b367c42a13b96141ca0a26647e32367e85cd13c66bb269dc127073d35044ec784a9f2ded7dd3f04888631bf965cebf941f79699730c62058e357306cc84b91

Download Submit
/tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

Filesize
15KB

MD5
2713b38b3d7345961d8b80f4463483b8

SHA1
e6ec76aaebfea6a82f7984b57e07522a20365201

SHA256
389d00b5cbd2f69f32065448000a0607aec056e39af958f62e89c4c7e6228248

SHA512
ecee7b3045f49f7fa7443a8658602817bb2c8d2d07ae930536e3f2daaa5854903bf339af6c2fd4b02f8627f050ce360d2feddcf40569b58d304cfc459f418978

Download Submit
/tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

Filesize
18KB

MD5
760d3ab91f417958475b9a6342a5b92e

SHA1
137a06aea4b5c9e9ca11f0f5f1225da1c275c334

SHA256
42b348802c4290af6f9f30f984513f22fdd342ac3561ccb82957561a6b7c291f

SHA512
6cefcfae1c95c94b66b46d9242e62ddf7d7c65bd8d9bc9dc4e4c6230443ba33668ed160e1882f48a0b5daf59a46ccca09240ebe666017f059bd55e02fb1f2db6

Download Submit
/tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

Filesize
23KB

MD5
d63fbab9dfb826d53f7b3aaea45dbfb5

SHA1
59841d8e5423f788292af76d4350a948f4e25f53

SHA256
de329f1f48b751a7527f8ce3150452a4282ce69990e9318ab82d5b46b9f751ca

SHA512
20118f98c87eb60f0abafd5b4c2ffb4b1faf92777ee7402b98c0f5dc42d492c83f94d6903bdeee006187ac344a57afeaa84b54a973b483ff13e49773071d8198

Download Submit
/tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

Filesize
47KB

MD5
a4dc094481f22304cab5550218e6e4de

SHA1
f5886a324c0c026d0168656f23d1d898a0e43bd6

SHA256
eef8c4d7d518a986e4f1cfeec729b55369b863ed6b62a23cbe9d88aa56de5391

SHA512
0f040c957db3d500ba18315db33cca6eb18f9c80d952710f839833a73dd89b72e2e01178084c17348e312a427a6b9150937199b4912e71dfd1a7e2dd43723f68

Download Submit
/tmp/apt-key-gpghome.kZ84SMtwTF/pubring.gpg

Filesize
7KB

MD5
b53e6ca4ed295fc38621315853f623d0

SHA1
45a416f014809735ec88854a3540c8e9e89eb102

SHA256
6246307cc0130f6bd52510a477960f7c7be431b25979d7e20a88dc2fac58ac93

SHA512
30b5d2571840c2319a4af3907afda8ab00cf2879c83aaee1048ca972c0d3ddbf7995a167a31b19c45195b636ab46e73b0534459c6ee79c557fac8bfc01d857ac

Download Submit
/tmp/apt.conf.0LMLmR

Filesize
7KB

MD5
2e865de2c92475d628dc9eee272c7dd5

SHA1
a3f656004db7bf9f7c72114b422d5938239dd768

SHA256
507d06a19be907e372fcf41b270e6296d5386db1ba5c996862a7dda75057bcfe

SHA512
25eeb2dcfc9838f0f1b6599d447c034f2eacf55534e5841f19183216ed65ce2d2855031b41bf2f2e9425072956c03356cafad13869777510cee720bc8d7ec51c

Download Submit
/tmp/apt.data.S3spYi

Filesize
56KB

MD5
fd96c8ce5d0ef18d63bbe9ae17bb2659

SHA1
76b284743d95d3546df9d85c09712c830a30f614

SHA256
ffc8a7a283b61633aac383ddf8f863df3f39ef241a07a4127f51a2495ef674b3

SHA512
2486acdfc102f8f8498d8db2f205915115444dd118507369044202dc9a97109b4c738a2faf16c1f5ce5e4452ae0af17ae4691ac3bf5e7c5e2db271c0f40a4cb2

Download Submit
/tmp/apt.sig.8KW6Vz

Filesize
1KB

MD5
70274ce622b0cc437ef7f0caddc9d232

SHA1
124513a3ad2eb5aafa9be0920681e3bb8625979b

SHA256
4055d2ccc7c4be062ed390944548206ece5ed7613eae114b9e53ef15f3905230

SHA512
fed0054da258bb4a99e8adac359322d9ecc67caeee872309ea7d9863db6a1ec2a55497100e31538f42b43b9efc997e779e3774c8a0c6b0206254d7252d8699c8

Download Submit
/tmp/deb-file-google-chrome-beta_current_amd64.deb.MAANb7

Filesize
1KB

MD5
d2243d917c693153285072570ebb2c44

SHA1
dbb431f2031f9b67b6f8dc2a41397b69fa6eabae

SHA256
e9c3f01dd52ccaf8a7b65696f23c4ae1eae581bd49652d29f6de96f678b34d07

SHA512
d825796e5de2dd7965e762cfc26dd24f418e478c4b6033ce907c586aff8f50408d7492029f0f713230ddd6570d80d4633c8f0807ad3d08e29cb6a6368d2eeb00

Download Submit
/tmp/dpkg-deb.BOTDrj/control

Filesize
1KB

MD5
92902d303461b5c905c667bb82d55c65

SHA1
b623d1c8e9060eb426d19605cd810c9cf98d0b54

SHA256
66f6f543870d7e667bb870edceb9960ed67c3a972b36bbc69498e0f19430b7d8

SHA512
9fa1bcd0af361ba9a5c7537c5a6759455e95b7e089490b581d59ec8cb5d571c68c1dd38f4ebf557bd27a529035dbc9e25a45c2e1f7ba611565f75b87ff67144e

Download Submit
/tmp/dpkg-deb.BOTDrj/postinst

Filesize
26KB

MD5
7a4c06a537cf3e4e7ea4f00cf08e3bc6

SHA1
08d30f017d78966e9041181e5e675b015dc14107

SHA256
038f43a8b161ef4827d0a63b750ec201ec67d9c987fb228e976f10263d326582

SHA512
b2b5711d89b617223dab45ae5d19547db33f3ed628df32b8a2a8cfd1491592d1ead93560d0b3814e0209d5079a4e6f3d4ec7841f5f5696ae785407c50d91dc62

Download Submit
/tmp/dpkg-deb.BOTDrj/postrm

Filesize
21KB

MD5
e0b6dec9aa6ff430754e64445ade2317

SHA1
ad1ee754557676cac6a802fa740e005bf06c8470

SHA256
5135a12604f40aeb7df1ab660717bf4806d1188b89234e0453973c85ecb1f74c

SHA512
d1e626f7380bf9222b2c4dadc604f9b901678816f55ad6afa70fe252844b5b107d050ecede2156d4b229a092c96ff4f2237e8bee76dd401bf4dba4af620faf70

Download Submit
/tmp/dpkg-deb.BOTDrj/prerm

Filesize
1KB

MD5
c48bb92ddb66eadecc16d75efdb9edc5

SHA1
c5ceefc1b8b90e7d2145cebc3fb9b2a74ffecc56

SHA256
f826c434426ec15fb67203fd51827c96a128305d6fce9019f904d3abdca733b7

SHA512
031c5df9169724d4426567b674234feb87845e23932b962f3adfbd859527e1a8a424f34322854bc1921f0402a19e669a0e7f146d10f1e34d9d20834359e75f93

Download Submit
/tmp/google-chrome-beta_current_amd64.deb

Filesize
107.0MB

MD5
7ae80f77feab7290b2dcb968197be6d3

SHA1
0aab24fba6725a1cee39285c0ee90b1d4c51118d

SHA256
02425a21f70e7441af1c00714434c38a2598603d8cd6057d621732e31f17c815

SHA512
279919e05eeb64d10b0bddc8f825b23da0cf312254d96f58653bb6d5c3d183dd3a907769992a19cb229f0a69e0e6879ba71b3398e18401aa8e921d0f6c477869

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads