Overview

overview

10

Static

static

10

SugarLogic...AWS.sh

ubuntu-18.04-amd64

6

SugarLogic...AWS.sh

debian-9-armhf

6

SugarLogic...AWS.sh

debian-9-mips

6

SugarLogic...AWS.sh

debian-9-mipsel

6

SugarLogic...nge.sh

ubuntu-18.04-amd64

6

SugarLogic...nge.sh

debian-9-armhf

6

SugarLogic...nge.sh

debian-9-mips

6

SugarLogic...nge.sh

debian-9-mipsel

6

SugarLogic...tup.sh

windows7-x64

3

SugarLogic...tup.sh

windows10-2004-x64

3

SugarLogic...bot.sh

windows7-x64

3

SugarLogic...bot.sh

windows10-2004-x64

3

SugarLogic...d_2.sh

ubuntu-18.04-amd64

7

SugarLogic...d_2.sh

debian-9-armhf

7

SugarLogic...d_2.sh

debian-9-mips

7

SugarLogic...d_2.sh

debian-9-mipsel

7

SugarLogic...oit.sh

windows7-x64

3

SugarLogic...oit.sh

windows10-2004-x64

3

SugarLogic...arch64

ubuntu-18.04-amd64

SugarLogic...arch64

debian-9-armhf

SugarLogic...arch64

debian-9-mips

SugarLogic...arch64

debian-9-mipsel

SugarLogic...x86_64

ubuntu-22.04-amd64

10

SugarLogic.../bot_u

ubuntu-22.04-amd64

10

SugarLogic...en2.sh

ubuntu-18.04-amd64

3

SugarLogic...en2.sh

debian-9-armhf

4

SugarLogic...en2.sh

debian-9-mips

3

SugarLogic...en2.sh

debian-9-mipsel

3

SugarLogic...cap.so

ubuntu-22.04-amd64

1

SugarLogic.../mo.sh

ubuntu-18.04-amd64

7

SugarLogic.../mo.sh

debian-9-armhf

7

SugarLogic.../mo.sh

debian-9-mips

10

Analysis

  • max time kernel
    30s
  • max time network
    31s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    29-12-2024 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh

  • Size

    12KB

  • MD5

    9ae176daeba86137a994770ec4b4510c

  • SHA1

    e7ad20f142e4faad7f37fe06ab6a0e0212387796

  • SHA256

    2d85b47cdb87a81d5fbac6000b8ee89daa1d8a3c8fbb5d2bce7a840dd348ff1d

  • SHA512

    3d63ed3ace00c83a033ec148fb273a98ac45f3026b373772363089bedb1a2a308d2e740e902c45dbccf2fef7a62898465c8ff77877394cbae0caecb8955574f2

  • SSDEEP

    384:mNZtdymLEGTSxEKkNNlVfZlmfklqfClvfvLR9NbpzKxtGWsYgeIuX5SCse5UkNXJ:m5N/Q

Score
4/10
antivmdiscovery

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh
    "/tmp/SugarLogic_#teamtnt_by_@r3dbU7z/kuben2.sh"
    1⤵
    • Writes file to tmp directory
    PID:725
    • /usr/bin/clear
      clear
      2⤵
        PID:727
      • /usr/bin/timeout
        timeout -s SIGKILL 30 curl -sLk https://:10250/runningpods/
        2⤵
          PID:731
          • /usr/local/sbin/curl
            curl -sLk https://:10250/runningpods/
            3⤵
              PID:733
            • /usr/local/bin/curl
              curl -sLk https://:10250/runningpods/
              3⤵
                PID:733
              • /usr/sbin/curl
                curl -sLk https://:10250/runningpods/
                3⤵
                  PID:733
                • /usr/bin/curl
                  curl -sLk https://:10250/runningpods/
                  3⤵
                  • Checks CPU configuration
                  • Reads runtime system information
                  PID:733
              • /bin/rm
                rm -f /tmp/13927157782800
                2⤵
                  PID:773

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads