Overview

overview

7

Static

static

3

bb98eac438...18.exe

windows7-x64

7

bb98eac438...18.exe

windows10-2004-x64

7

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

options.html

windows7-x64

3

options.html

windows10-2004-x64

3

popup.html

windows7-x64

3

popup.html

windows10-2004-x64

3

profilinstylin.js

windows7-x64

3

profilinstylin.js

windows10-2004-x64

3

utils.html

windows7-x64

3

utils.html

windows10-2004-x64

3

interop.shdocvw.dll

windows7-x64

1

interop.shdocvw.dll

windows10-2004-x64

1

microsoft.mshtml.dll

windows7-x64

1

microsoft.mshtml.dll

windows10-2004-x64

1

profilinstylin.dll

windows7-x64

1

profilinstylin.dll

windows10-2004-x64

1

profilinst...ild.sh

ubuntu-18.04-amd64

6

profilinst...ild.sh

debian-9-armhf

3

profilinst...ild.sh

debian-9-mips

3

profilinst...ild.sh

debian-9-mipsel

3

profilinst...ild.sh

ubuntu-18.04-amd64

profilinst...ild.sh

debian-9-armhf

Analysis

  • max time kernel
    5s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    03/12/2024, 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    profilinstylin/build.sh

  • Size

    3KB

  • MD5

    eece87baf1509ffc027d6b22b7683955

  • SHA1

    d4a03766203c775b71eeaedc423d7920c1019f3c

  • SHA256

    c4f9c723000a08c87859623c0a11022472bfd4b8758c7530778b50bc549c1618

  • SHA512

    882e3acc7bffc4f09b7ad223b0839560e070a04467b78fb279da8e5ee72a8fa1fbd65da1bdeec4d56576232f5b50a6124c485d017c7e129283deb6edaa457319

Score
3/10
discovery

Malware Config

Signatures

  • Reads runtime system information 12 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/profilinstylin/build.sh
    /tmp/profilinstylin/build.sh
    1⤵
    • Writes file to tmp directory
    PID:665
    • /bin/rm
      rm -f "profilinstylin .jar" "profilinstylin .xpi" files
      2⤵
        PID:670
      • /bin/rm
        rm -rf build
        2⤵
          PID:673
        • /bin/mkdir
          mkdir --parents --verbose build/chrome
          2⤵
          • Reads runtime system information
          PID:675
        • /usr/bin/find
          find content -path "*CVS*" -prune -o -type f -print
          2⤵
          • Reads runtime system information
          PID:677
        • /bin/grep
          grep -v "~"
          2⤵
            PID:678
          • /usr/bin/find
            find locale -path "*CVS*" -prune -o -type f -print
            2⤵
            • Reads runtime system information
            PID:680
          • /bin/grep
            grep -v "~"
            2⤵
              PID:681
            • /usr/bin/find
              find "skin " -path "*CVS*" -prune -o -type f -print
              2⤵
              • Reads runtime system information
              PID:683
            • /bin/grep
              grep -v "~"
              2⤵
                PID:684
              • /bin/cat
                cat files
                2⤵
                  PID:685
                • /bin/mkdir
                  mkdir "build/defaults "
                  2⤵
                  • Reads runtime system information
                  PID:688
                • /usr/bin/find
                  find "defaults " -path "*CVS*" -prune -o -type f -print
                  2⤵
                  • Reads runtime system information
                  PID:690
                • /bin/grep
                  grep -v "~"
                  2⤵
                    PID:691
                  • /bin/cp
                    cp --verbose --parents build
                    2⤵
                    • Reads runtime system information
                    PID:692
                  • /bin/cp
                    cp --verbose " " build
                    2⤵
                    • Reads runtime system information
                    PID:693
                  • /bin/cp
                    cp --verbose install.rdf build
                    2⤵
                    • Reads runtime system information
                    • Writes file to tmp directory
                    PID:695
                  • /bin/cp
                    cp --verbose chrome.manifest build
                    2⤵
                    • Reads runtime system information
                    • Writes file to tmp directory
                    PID:696
                  • /bin/sed
                    sed -i -r "s/^(content\\s+\\S*\\s+)(\\S*\\/)\$/\\1jar:chrome\\/profilinstylin \\.jar!\\/\\2/" chrome.manifest
                    2⤵
                    • Reads runtime system information
                    • Writes file to tmp directory
                    PID:697
                  • /bin/sed
                    sed -i -r "s/^(skin|locale)(\\s+\\S*\\s+\\S*\\s+)(.*\\/)\$/\\1\\2jar:chrome\\/profilinstylin \\.jar!\\/\\3/" chrome.manifest
                    2⤵
                    • Reads runtime system information
                    • Writes file to tmp directory
                    PID:698
                  • /bin/rm
                    rm ./files
                    2⤵
                      PID:700
                    • /bin/rm
                      rm -rf build
                      2⤵
                        PID:701

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • /tmp/profilinstylin/build/install.rdf
                      Filesize

                      879B

                      MD5

                      331b7f31c5f16a51a97ee0a7c4080ab6

                      SHA1

                      3592bea77577607ba0f5bf10e32fadf282b9534d

                      SHA256

                      d840dd175d78d9bfe5c0fe820af826c37a57c6c0f6c04b174a2cadfdeaf8eecd

                      SHA512

                      061109b04c2032e9ad5fad1377ffdb25f435f96d2659d4da5bf8407d730ccc3f04d80f0a28e83b50c0a4110c10bb7fd4e98e4159bc7e6b80486047c70c52d15d

                      Download Submit

                    • /tmp/profilinstylin/build/sedOq4une
                      Filesize

                      180B

                      MD5

                      1ea127cb4b9843f4dc39c9d782219fe6

                      SHA1

                      2aafcb4974f51ce59f1e4e0f2c8cbfcf5a9c28f4

                      SHA256

                      973c0df72a12c3055a45fbf179685ee8d8638a52636722043215f0da6ce26c24

                      SHA512

                      c13280ec2122c634a168c0c857cb716e1e7936921d7ed11485170b1b0a31cf66062bb95c34f6bfc6d299ee1f70b0cf0ead5a0e480a89e1a83ce30c70e1195997

                      Download Submit

                    • /tmp/profilinstylin/files
                      Filesize

                      103B

                      MD5

                      3a98d8cc06d67e6e764385e758c0533e

                      SHA1

                      25e437960b3ea6d1c05cbbbf9b819b05103eb29e

                      SHA256

                      93ba5eb09be843a5f083ada2aa48685ad24042ae06d7985c5a502e455933a1cf

                      SHA512

                      09729ae7558f03a527b2813e3d77b39e51e4f3099f858ea25267f5106fa0ecf7fcf91d9bb63b7ba5ed3c47b1d13a80ed5fa6d3d3c67f7e00494c3257cb9c9b2c

                      Download Submit

                    • /tmp/profilinstylin/files
                      Filesize

                      198B

                      MD5

                      84438713d69dac82bf10d72e19fd74cb

                      SHA1

                      b3372551a55ac568b9863fc52bae2ff7d211ab55

                      SHA256

                      d0d6e9949b400d6fc4a170f3a51a6cb7b35ede45df4e909e6b0a6da9e5bc49b8

                      SHA512

                      0bee03985ec68770abf48dae8209ed66aaecbde95c1a663c487a1eddacbe724f06ff432a36513bb874432f0a4fc485a365c3c21a9908e1464db1ef9cb16fd016

                      Download Submit

                    • /tmp/profilinstylin/files
                      Filesize

                      199B

                      MD5

                      e591c0674d98bf5bcd8aa8eeaf178c13

                      SHA1

                      2e4c41211598f3d1fbe032682a7efd61e6daba04

                      SHA256

                      dec59e85eeb8dc2291c8aafcdbdad50e1ccd701efbc688f6ab04e9ec9de9972a

                      SHA512

                      1a64401496587428b84409fa71eb56a98fd29f49c86ad3c301b714619fb4f68aed17304e1ad3cda93b8d0eeb61090cebab94f770e327217e9e7926733f24f628

                      Download Submit

                    • /tmp/profilinstylin/files
                      Filesize

                      211B

                      MD5

                      0e854b2d915fcf644445f46badb416c9

                      SHA1

                      1907d5c6772b965884fa2931a4cab6d23c2e3b20

                      SHA256

                      ab9d82b88e72adad2111ddfabbf402fc633fea545ba7af1fe3318509473f72fd

                      SHA512

                      2c5c3019eb8192e95641cab4ef81d5cfc6bfded1378a5c427056bb0e08810d8d2be6272f85c493f720113262f3189d9ff14dd2b77103cc731ada2b1551f1ca73

                      Download Submit

                    • /tmp/profilinstylin/files
                      Filesize

                      227B

                      MD5

                      db6d79ec44f027498419b35b41a7e6fd

                      SHA1

                      8163ec98de30ec5d5c9ebe85bfdae54b84c0ea4a

                      SHA256

                      d6a7377fb04ad29a90bc9987e37bf42c38f8fd5ee45659c1cfbc33039fad8a0b

                      SHA512

                      27789cbb769ad77f534e6517a49baa5bce6daf908b3c8230542a3d471d177ff7379e48075978025260d07b70956d17709cb5891fda56875d792a663c2ca9a6a8

                      Download Submit