4018e635ccec554cd7774cde027e3887b98060e46f279b8a5fb3c35934e9b526

Analysis

max time kernel
1199s
max time network
1129s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
10/12/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

easy-diffusion/scripts/bootstrap.sh
Size

3KB
MD5

241da29a4580a2cdfa37af223c374514
SHA1

8dc7801fa960483d4fad1debd659de730b2bf4b8
SHA256

6e77c17056dd17e78c197b52b2885a544453cc57c201a270faea9ea26e08b205
SHA512

9374bd32df0c0ebf0beb28bafcf82b31592c0daa0ecb0e12e8ddafa17b4f129b83fc83c4338d0dc24b6ede3d856d966b14a4ab503de723e5d11da137c8b39b7f

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 1 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1593	chmod

Executes dropped EXE 3 IoCs

ioc	pid	Process
/tmp/easy-diffusion/scripts/installer_files/mamba/micromamba	1594	micromamba
/tmp/easy-diffusion/scripts/installer_files/mamba/micromamba	1596	micromamba
/tmp/easy-diffusion/scripts/installer_files/mamba/micromamba	1598	micromamba

Reads CPU attributes 1 TTPs 3 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	micromamba
File opened for reading	/sys/devices/system/cpu/online	micromamba
File opened for reading	/sys/devices/system/cpu/online	micromamba

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/filesystems	mkdir
File opened for reading	/proc/filesystems	tar
File opened for reading	/proc/sys/vm/overcommit_memory	micromamba

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1554	which

Writes file to tmp directory 7 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/easy-diffusion/scripts/installer_files/mamba/pkgs/cache/mambaf9abcso5pk8	micromamba
File opened for modification	/tmp/easy-diffusion/scripts/installer_files/mamba/pkgs/cache/mambafxpusvefwc9	micromamba
File opened for modification	/tmp/easy-diffusion/scripts/installer_files/mamba/pkgs/cache/eb045dd1.state.json	micromamba
File opened for modification	/tmp/easy-diffusion/scripts/installer_files/mamba/micromamba	bootstrap.sh
File opened for modification	/tmp/easy-diffusion/scripts/installer_files/env/conda-meta/history	micromamba
File opened for modification	/tmp/easy-diffusion/scripts/installer_files/mamba/pkgs/urls.txt	micromamba
File opened for modification	/tmp/easy-diffusion/scripts/installer_files/mamba/pkgs/cache/cache.lock	micromamba

/tmp/easy-diffusion/scripts/bootstrap.sh
/tmp/easy-diffusion/scripts/bootstrap.sh
1⤵
- Writes file to tmp directory
PID:1549
- /usr/bin/uname
  uname -s
  2⤵
  PID:1550
- /usr/bin/uname
  uname -m
  2⤵
  PID:1551
- /usr/bin/which
  which curl
  2⤵
  PID:1552
- /usr/bin/which
  which tar
  2⤵
  PID:1553
- /usr/bin/which
  which bzip2
  2⤵
  - System Network Configuration Discovery
  PID:1554
- /usr/bin/grep
  grep " "
  2⤵
  - Reads runtime system information
  PID:1556
- /tmp/easy-diffusion/scripts/installer_files/mamba/micromamba
  /tmp/easy-diffusion/scripts/installer_files/mamba/micromamba --version
  2⤵
  PID:1560
- /usr/bin/mkdir
  mkdir -p /tmp/easy-diffusion/scripts/installer_files/mamba
  2⤵
  - Reads runtime system information
  PID:1561
- /usr/bin/tar
  tar -xvj -O bin/micromamba
  2⤵
  - Reads runtime system information
  PID:1563
- - /usr/local/sbin/bzip2
    bzip2 -d
    3⤵
    PID:1565
- - /usr/local/bin/bzip2
    bzip2 -d
    3⤵
    PID:1565
- - /usr/sbin/bzip2
    bzip2 -d
    3⤵
    PID:1565
- - /usr/bin/bzip2
    bzip2 -d
    3⤵
    PID:1565
- /usr/bin/curl
  curl -L https://micro.mamba.pm/api/micromamba/linux-64/latest
  2⤵
  PID:1562
- /usr/bin/chmod
  chmod u+x /tmp/easy-diffusion/scripts/installer_files/mamba/micromamba
  2⤵
  - File and Directory Permissions Modification
  PID:1593
- /tmp/easy-diffusion/scripts/installer_files/mamba/micromamba
  /tmp/easy-diffusion/scripts/installer_files/mamba/micromamba --version
  2⤵
  - Executes dropped EXE
  - Reads CPU attributes
  PID:1594
- /tmp/easy-diffusion/scripts/installer_files/mamba/micromamba
  /tmp/easy-diffusion/scripts/installer_files/mamba/micromamba create -y --prefix /tmp/easy-diffusion/scripts/installer_files/env
  2⤵
  - Executes dropped EXE
  - Reads CPU attributes
  - Writes file to tmp directory
  PID:1596
- /tmp/easy-diffusion/scripts/installer_files/mamba/micromamba
  /tmp/easy-diffusion/scripts/installer_files/mamba/micromamba install -y --prefix /tmp/easy-diffusion/scripts/installer_files/env -c conda-forge conda "python=3.8.5" git
  2⤵
  - Executes dropped EXE
  - Reads CPU attributes
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1598

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.conda/environments.txt

Filesize
48B

MD5
4bfd4e5914fa42b68aaf006318993956

SHA1
7a19239a69ec276ac516035b45db0e5c73f1be38

SHA256
452f135cc306870993ae43c8eb57d782ce5cb7ad36a72fe4eeed0b651eeea704

SHA512
8cf26623e56931e0bb449fe0cc4b5d2887ff36b447a370e669a1de19ef0a1d86119d2cba23b7f6da4274345e00bb7d0f9413ee3b2b009678aa30239288d1d80e

Download Submit
/tmp/easy-diffusion/scripts/installer_files/mamba/micromamba

Filesize
15.0MB

MD5
338935022a6880f3a787ddd4a1d08843

SHA1
914e357ca35d21441c52de2bdb7e4ba25d8a4e31

SHA256
bdf859762996d81f75fe9ea47cab41e8b93b66321aa635b357b4e599443ea96b

SHA512
9f39278ef493f0084fbb68582a881462e0eea3fb71ec0ac9fb7cb8cb95d5e2d5d5d32fe7bdc69af5f18784ea4052efa060b129a525ffba389088a2937a5fbd17

Download Submit
/tmp/easy-diffusion/scripts/installer_files/mamba/pkgs/cache/eb045dd1.state.json

Filesize
376B

MD5
83966da66b5933b97a1bb30e31e7d8c7

SHA1
ab7dcb767adb1390b087fc314cd9434b9e1ccf0c

SHA256
bb7616f756e976b3908d5b5565917bde883cf04afc61d3ae69a81ee5b8d91da7

SHA512
6fd31d7ee2917a8b146790c2079e9b3ba6a184f6acf3c7b1434852d0b42279b25166ddffbe5b2291d028fe5115be62f4477ebcd7f781a287cb018bd24021db1a

Download Submit
/tmp/easy-diffusion/scripts/installer_files/mamba/pkgs/cache/mambaf9abcso5pk8

Filesize
214.7MB

MD5
39c93d9072ca8b095bae6e72ad40c960

SHA1
935283d2b5ba0b6f29e06c94a9ef752f13a053e1

SHA256
3aa4be82a3f06dd13a65c3e8d1091a92b751fa78b6b2a8f0d4859b2345591e63

SHA512
09f4b7d3ab85833a8ea1b226a2a52445947a8e423bee994e8460ed4c47cc875146b44c4d517f70586520b7af5475ed555b61650516e8bb3f3501b0b8b808e528

Download Submit
/tmp/easy-diffusion/scripts/installer_files/mamba/pkgs/cache/mambafxpusvefwc9

Filesize
107.9MB

MD5
acd54b9da978e01e1880e47c705e33b4

SHA1
0b75924d72e217dcdcf44e722a9836ea6df65869

SHA256
710352b9cd0d0fc01bfc7dc1b6d9df6b9a541ae59e4cbc7a74c7b32e1b8c6a74

SHA512
bcd4b374110dd19991bc5383d2964f0c9b492cf29dc037d44e3397a734c038975f8604dd80275f34eb3d0b1d9aea0cb5c9eae5b0bee0768d01bba638f6816cec

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads