71ed6fd674e384ddc915e47f5eac03ae4c21157b591c4af85880426be3c5d227

Analysis

max time kernel
6s
platform
debian-9_mipsel
resource
debian9-mipsel-20240226-en
resource tags

arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
03-12-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

profilinstylin/build.sh
Size

3KB
MD5

eece87baf1509ffc027d6b22b7683955
SHA1

d4a03766203c775b71eeaedc423d7920c1019f3c
SHA256

c4f9c723000a08c87859623c0a11022472bfd4b8758c7530778b50bc549c1618
SHA512

882e3acc7bffc4f09b7ad223b0839560e070a04467b78fb279da8e5ee72a8fa1fbd65da1bdeec4d56576232f5b50a6124c485d017c7e129283deb6edaa457319

Score

3^/10

discovery

Malware Config

Signatures

Reads runtime system information 12 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

cpsedmkdirfindfindmkdirfindcpfindcpcpsed

description	ioc	Process
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	find
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	cp
File opened for reading	/proc/filesystems	sed

Writes file to tmp directory 5 IoCs

Malware often drops required files in the /tmp directory.

Processes:

build.shcpcpsedsed

description	ioc	Process
File opened for modification	/tmp/profilinstylin/files	build.sh
File opened for modification	/tmp/profilinstylin/build/install.rdf	cp
File opened for modification	/tmp/profilinstylin/build/chrome.manifest	cp
File opened for modification	/tmp/profilinstylin/build/seduh1NvV	sed
File opened for modification	/tmp/profilinstylin/build/sedBvBdJj	sed

/tmp/profilinstylin/build.sh
/tmp/profilinstylin/build.sh
1⤵
- Writes file to tmp directory
PID:722
- /bin/rm
  rm -f "profilinstylin .jar" "profilinstylin .xpi" files
  2⤵
  PID:728
- /bin/rm
  rm -rf build
  2⤵
  PID:730
- /bin/mkdir
  mkdir --parents --verbose build/chrome
  2⤵
  - Reads runtime system information
  PID:732
- /usr/bin/find
  find content -path "*CVS*" -prune -o -type f -print
  2⤵
  - Reads runtime system information
  PID:734
- /bin/grep
  grep -v "~"
  2⤵
  PID:735
- /usr/bin/find
  find locale -path "*CVS*" -prune -o -type f -print
  2⤵
  - Reads runtime system information
  PID:736
- /bin/grep
  grep -v "~"
  2⤵
  PID:737
- /usr/bin/find
  find "skin " -path "*CVS*" -prune -o -type f -print
  2⤵
  - Reads runtime system information
  PID:739
- /bin/grep
  grep -v "~"
  2⤵
  PID:740
- /bin/cat
  cat files
  2⤵
  PID:743
- /bin/mkdir
  mkdir "build/defaults "
  2⤵
  - Reads runtime system information
  PID:745
- /usr/bin/find
  find "defaults " -path "*CVS*" -prune -o -type f -print
  2⤵
  - Reads runtime system information
  PID:747
- /bin/grep
  grep -v "~"
  2⤵
  PID:748
- /bin/cp
  cp --verbose --parents build
  2⤵
  - Reads runtime system information
  PID:750
- /bin/cp
  cp --verbose " " build
  2⤵
  - Reads runtime system information
  PID:751
- /bin/cp
  cp --verbose install.rdf build
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:752
- /bin/cp
  cp --verbose chrome.manifest build
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:753
- /bin/sed
  sed -i -r "s/^(content\\s+\\S*\\s+)(\\S*\\/)\$/\\1jar:chrome\\/profilinstylin \\.jar!\\/\\2/" chrome.manifest
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:755
- /bin/sed
  sed -i -r "s/^(skin|locale)(\\s+\\S*\\s+\\S*\\s+)(.*\\/)\$/\\1\\2jar:chrome\\/profilinstylin \\.jar!\\/\\3/" chrome.manifest
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:756
- /bin/rm
  rm ./files
  2⤵
  PID:758
- /bin/rm
  rm -rf build
  2⤵
  PID:759

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/profilinstylin/build/install.rdf

Filesize
879B

MD5
331b7f31c5f16a51a97ee0a7c4080ab6

SHA1
3592bea77577607ba0f5bf10e32fadf282b9534d

SHA256
d840dd175d78d9bfe5c0fe820af826c37a57c6c0f6c04b174a2cadfdeaf8eecd

SHA512
061109b04c2032e9ad5fad1377ffdb25f435f96d2659d4da5bf8407d730ccc3f04d80f0a28e83b50c0a4110c10bb7fd4e98e4159bc7e6b80486047c70c52d15d

Download Submit
/tmp/profilinstylin/build/seduh1NvV

Filesize
180B

MD5
1ea127cb4b9843f4dc39c9d782219fe6

SHA1
2aafcb4974f51ce59f1e4e0f2c8cbfcf5a9c28f4

SHA256
973c0df72a12c3055a45fbf179685ee8d8638a52636722043215f0da6ce26c24

SHA512
c13280ec2122c634a168c0c857cb716e1e7936921d7ed11485170b1b0a31cf66062bb95c34f6bfc6d299ee1f70b0cf0ead5a0e480a89e1a83ce30c70e1195997

Download Submit
/tmp/profilinstylin/files

Filesize
103B

MD5
e47176d96f6d72c045e22af16d1f11c2

SHA1
ab7a77cbc1bf6d7cbb11a91025788ad9a472a262

SHA256
424ed38263ac47cd4d343095f1f15ace7ed455d63b01abc659d423b0a250fc65

SHA512
826672a459a3d1d544e0df616ce0c5c7ee9966e2d67b73a9af38967f2b2fad7bafb1b5ec487b4e0066e57a4a3f149681e04261b536738a8a7c56f67f6c2e24bc

Download Submit
/tmp/profilinstylin/files

Filesize
198B

MD5
9f732db1fb7a7e242bdefac4b03ac47e

SHA1
b64ba8113a21df3134b2d897d993bc8a48852fed

SHA256
311557073086d387977d0beb9d8db4bba8aa51e29ef8f028e4d23be60b8dd6f6

SHA512
46efbd149637deb5388d0539ecff5f84833990a57fe1d2bf822998d986ff61168a1533386c28b01e1497316c070a43b88d28450cde13eecea8553a8f75737a12

Download Submit
/tmp/profilinstylin/files

Filesize
199B

MD5
79a097ab15394547dff38e256f1f9dcf

SHA1
5e097f1e4d4327834a605a3bd4511deaba436636

SHA256
6a13350e7f862b08a522e47940c191967e886d1fbce439d02788a172010f9448

SHA512
253e390ab8cd9309604fdf59be635f4799f7657d6614ad9ccd193e6bc441186d07822ed3157349cd299accc302995000afffc935d6a4340fd1284d673d8fce0f

Download Submit
/tmp/profilinstylin/files

Filesize
211B

MD5
048c20789252377254b95ef4b5d4fa8f

SHA1
05ae3dfdeda348d76c36f607a559ba54bd822c62

SHA256
42db2416968d2770ab23fce1d9150a847496ee0d3702a0645807cb59017c2561

SHA512
1cf4ea58466ba8485c72af5c28f3389e0c74e8c872be3e2cdaa18cdbbd00bcf5c490a0972d10dcf6426cbb4c7f083b12cbce57f1c7b6c835e45d1f67fc54b565

Download Submit
/tmp/profilinstylin/files

Filesize
227B

MD5
d1d4ec183fce42059949e9d88d78ac8f

SHA1
afc8c911bb333a56dd7f4f41d1af02fc39ec5749

SHA256
307106614947418bb9e4a032d8a61e4620e2c0d75e54c6013285e5bc5c2d3445

SHA512
6c03d88f9d811546549e33867de48dd67384441ffa66b10915f78be38a1f41b33f0e89ca08a33027b2f21af57986d08cfa78f77d8b9fd1b0029d137359c464a8

Download Submit