71ed6fd674e384ddc915e47f5eac03ae4c21157b591c4af85880426be3c5d227

Analysis

max time kernel
7s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
03-12-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

profilinstylin/build.sh
Size

3KB
MD5

eece87baf1509ffc027d6b22b7683955
SHA1

d4a03766203c775b71eeaedc423d7920c1019f3c
SHA256

c4f9c723000a08c87859623c0a11022472bfd4b8758c7530778b50bc549c1618
SHA512

882e3acc7bffc4f09b7ad223b0839560e070a04467b78fb279da8e5ee72a8fa1fbd65da1bdeec4d56576232f5b50a6124c485d017c7e129283deb6edaa457319

Score

3^/10

discovery

Malware Config

Signatures

Reads runtime system information 12 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp

Writes file to tmp directory 5 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/profilinstylin/build/install.rdf	cp
File opened for modification	/tmp/profilinstylin/build/chrome.manifest	cp
File opened for modification	/tmp/profilinstylin/build/sedocOXJG	sed
File opened for modification	/tmp/profilinstylin/build/sedG04Xe0	sed
File opened for modification	/tmp/profilinstylin/files	build.sh

/tmp/profilinstylin/build.sh
/tmp/profilinstylin/build.sh
1⤵
- Writes file to tmp directory
PID:719
- /bin/rm
  rm -f "profilinstylin .jar" "profilinstylin .xpi" files
  2⤵
  PID:726
- /bin/rm
  rm -rf build
  2⤵
  PID:728
- /bin/mkdir
  mkdir --parents --verbose build/chrome
  2⤵
  - Reads runtime system information
  PID:730
- /usr/bin/find
  find content -path "*CVS*" -prune -o -type f -print
  2⤵
  - Reads runtime system information
  PID:732
- /bin/grep
  grep -v "~"
  2⤵
  PID:733
- /usr/bin/find
  find locale -path "*CVS*" -prune -o -type f -print
  2⤵
  - Reads runtime system information
  PID:734
- /bin/grep
  grep -v "~"
  2⤵
  PID:735
- /usr/bin/find
  find "skin " -path "*CVS*" -prune -o -type f -print
  2⤵
  - Reads runtime system information
  PID:737
- /bin/grep
  grep -v "~"
  2⤵
  PID:738
- /bin/cat
  cat files
  2⤵
  PID:741
- /bin/mkdir
  mkdir "build/defaults "
  2⤵
  - Reads runtime system information
  PID:743
- /usr/bin/find
  find "defaults " -path "*CVS*" -prune -o -type f -print
  2⤵
  - Reads runtime system information
  PID:745
- /bin/grep
  grep -v "~"
  2⤵
  PID:746
- /bin/cp
  cp --verbose --parents build
  2⤵
  - Reads runtime system information
  PID:748
- /bin/cp
  cp --verbose " " build
  2⤵
  - Reads runtime system information
  PID:749
- /bin/cp
  cp --verbose install.rdf build
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:750
- /bin/cp
  cp --verbose chrome.manifest build
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:751
- /bin/sed
  sed -i -r "s/^(content\\s+\\S*\\s+)(\\S*\\/)\$/\\1jar:chrome\\/profilinstylin \\.jar!\\/\\2/" chrome.manifest
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:752
- /bin/sed
  sed -i -r "s/^(skin|locale)(\\s+\\S*\\s+\\S*\\s+)(.*\\/)\$/\\1\\2jar:chrome\\/profilinstylin \\.jar!\\/\\3/" chrome.manifest
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:754
- /bin/rm
  rm ./files
  2⤵
  PID:756
- /bin/rm
  rm -rf build
  2⤵
  PID:757

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/profilinstylin/build/install.rdf

Filesize
879B

MD5
331b7f31c5f16a51a97ee0a7c4080ab6

SHA1
3592bea77577607ba0f5bf10e32fadf282b9534d

SHA256
d840dd175d78d9bfe5c0fe820af826c37a57c6c0f6c04b174a2cadfdeaf8eecd

SHA512
061109b04c2032e9ad5fad1377ffdb25f435f96d2659d4da5bf8407d730ccc3f04d80f0a28e83b50c0a4110c10bb7fd4e98e4159bc7e6b80486047c70c52d15d

Download Submit
/tmp/profilinstylin/build/sedocOXJG

Filesize
180B

MD5
1ea127cb4b9843f4dc39c9d782219fe6

SHA1
2aafcb4974f51ce59f1e4e0f2c8cbfcf5a9c28f4

SHA256
973c0df72a12c3055a45fbf179685ee8d8638a52636722043215f0da6ce26c24

SHA512
c13280ec2122c634a168c0c857cb716e1e7936921d7ed11485170b1b0a31cf66062bb95c34f6bfc6d299ee1f70b0cf0ead5a0e480a89e1a83ce30c70e1195997

Download Submit
/tmp/profilinstylin/files

Filesize
103B

MD5
29167d90248ce64cc360901a7b6a2389

SHA1
c71a0ade1eaa2bf47ee53fa367436ede299f93bf

SHA256
559dad60a9fbf13487eaf06e806aed0bc5ed9e06979abb06c135116201c22d7c

SHA512
5a28f5a5ebe5839a3b2c77123401bd02758f876d5a9342336878fa681084cd7dfacf4eb85a28a16ba72d445573b78516690cbb3fc3155323b2aff458b73ead31

Download Submit
/tmp/profilinstylin/files

Filesize
198B

MD5
ab6d7c504b5b82dd271dbd80debcaa86

SHA1
21770be9c3f6e33fbb85ebaf22ea7aa2ecebc1bd

SHA256
9e2aaa79cd27ea4fbe959b6209a001f266b520ab13538e5cf400097ed684e58c

SHA512
6c4ea0f40155a61fae782ea1df911aa9916c28d133c18f71042e8e39aae399fe16392fd670622bb03abbc9d105783678b2dd7f4d78942af780606f8060e4cd80

Download Submit
/tmp/profilinstylin/files

Filesize
199B

MD5
34bac8d3d16cc2651ab574c1c7139612

SHA1
e201284fa5949ed640f9a6accbcd76bb27767e31

SHA256
340d8d5a634e95403858d306d3ecb7577a9da864b4edcaa6f34cb9c003afe20b

SHA512
c601f389e6d41ad2bc604a72b1ec3c3b2ac91ff30ac17b2f10bd83a7617f6de168b1215f82ba55afe2a5b6abcf43c6eebb7ec0a3e8709c84a10608f039652b7a

Download Submit
/tmp/profilinstylin/files

Filesize
211B

MD5
f222dd3fd3fcd6b3d2f56365fb706d59

SHA1
222fda361513f2bfde418c0ac8dd94d8c7af4134

SHA256
cdb48bb1403d93429402ed94bd7c0d6804260686cf047f9530ece8604fb45838

SHA512
5db6a0bf4c0382ec4251c16cdb53c351099ad866d2b4d811b57507eaedea480417f95aa3513b74e2d4e6549d5dc93f0b3b70269b9d3634d7592cde1ad9f84af6

Download Submit
/tmp/profilinstylin/files

Filesize
227B

MD5
ec59ba3ff3fcf4cc07650b2dbce05689

SHA1
f0cb9dfdd75e290d7ea5350e147bf282c90d17b9

SHA256
847d2ba3f424902abedc54cd7676197d25635dead9e63f261e730da971a48f1b

SHA512
021dc645a9b06fa6e92932951d172a13ac5b428671191cd7e3ba92246e9f7dd39a63ad71aa9f6fd1d995b1acf47a911e40b4ec7b74d193fd73f756304d9d0837

Download Submit