Overview

overview

10

Static

static

10

sqldevelop.../sdcli

ubuntu-18.04-amd64

3

sqldevelop.../sdcli

debian-9-armhf

3

sqldevelop.../sdcli

debian-9-mips

3

sqldevelop.../sdcli

debian-9-mipsel

3

sqldevelop...li.exe

windows7-x64

3

sqldevelop...li.exe

windows10-2004-x64

3

sqldevelop...64.exe

windows7-x64

1

sqldevelop...64.exe

windows10-2004-x64

1

sqldevelop...in/sql

ubuntu-18.04-amd64

3

sqldevelop...in/sql

debian-9-armhf

3

sqldevelop...in/sql

debian-9-mips

3

sqldevelop...in/sql

debian-9-mipsel

3

sqldevelop...ql.exe

windows7-x64

3

sqldevelop...ql.exe

windows10-2004-x64

3

sqldevelop...eloper

ubuntu-18.04-amd64

3

sqldevelop...eloper

debian-9-armhf

3

sqldevelop...eloper

debian-9-mips

3

sqldevelop...eloper

debian-9-mipsel

3

sqldevelop...er.exe

windows7-x64

3

sqldevelop...er.exe

windows10-2004-x64

3

sqldevelop...64.exe

windows7-x64

1

sqldevelop...64.exe

windows10-2004-x64

1

sqldevelop...4W.exe

windows7-x64

1

sqldevelop...4W.exe

windows10-2004-x64

1

sqldevelop...rW.exe

windows7-x64

3

sqldevelop...rW.exe

windows10-2004-x64

3

sqldevelop...lp.jar

windows7-x64

1

sqldevelop...lp.jar

windows10-2004-x64

1

sqldevelop...lp.jar

windows7-x64

1

sqldevelop...lp.jar

windows10-2004-x64

1

sqldevelop...g.html

windows7-x64

3

sqldevelop...g.html

windows10-2004-x64

3

Analysis

  • max time kernel
    0s
  • max time network
    132s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    05/03/2025, 03:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sqldeveloper/sqldeveloper/bin/sqldeveloper

  • Size

    3KB

  • MD5

    9fc3ab5f5fb026d6c6bd6761aed51156

  • SHA1

    e0dd08e6e8c5b325f1cba548727d1a87f6a2734c

  • SHA256

    f36f73c4caa658eac7560cb2e421c9888080cf48358e49dee7d3bb69d0098365

  • SHA512

    afe69fe66688b0d3f82cb7c5da530655fe8aa0d8ceb31c3a1c23233d170971ca398599cfafddec6eba1564b5eec6257d0f775358094e25b40e4488bcfdfa8520

Score
3/10
discovery

Malware Config

Signatures

  • Reads runtime system information 45 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
    /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
    1⤵
    • Writes file to tmp directory
    PID:1520
    • /usr/bin/expr
      expr /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper : "\\(/\\).*"
      2⤵
        PID:1525
      • /usr/bin/dirname
        dirname /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
        2⤵
          PID:1528
        • /usr/bin/basename
          basename /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
          2⤵
            PID:1530
          • /usr/bin/dirname
            dirname /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
            2⤵
              PID:1535
            • /usr/bin/expr
              expr /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper : "\\(/\\).*"
              2⤵
                PID:1537
              • /usr/bin/dirname
                dirname /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
                2⤵
                  PID:1540
                • /usr/bin/basename
                  basename /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
                  2⤵
                    PID:1542
                  • /usr/bin/dirname
                    dirname /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
                    2⤵
                      PID:1544
                    • /bin/cat
                      cat
                      2⤵
                        PID:1545
                      • /bin/mkdir
                        mkdir -p /.sqldeveloper/23.1.1
                        2⤵
                        • Reads runtime system information
                        PID:1568
                      • /usr/bin/touch
                        touch /.sqldeveloper/23.1.1/product.conf
                        2⤵
                          PID:1569
                        • /bin/sed
                          sed "s/[\\&/]/\\\\&/g"
                          2⤵
                          • Reads runtime system information
                          PID:1574
                        • /bin/sed
                          sed "s/@@ADDVMOPTION_INITIAL_JAVA_MEMORY@@/# AddVMOption -Xms128m/"
                          2⤵
                          • Reads runtime system information
                          PID:1577
                        • /bin/sed
                          sed "s/[\\&/]/\\\\&/g"
                          2⤵
                          • Reads runtime system information
                          PID:1581
                        • /bin/sed
                          sed "s/@@ADD32VMOPTION_INITIAL_JAVA_MEMORY@@/# Add32VMOption -Xms128m/"
                          2⤵
                          • Reads runtime system information
                          PID:1584
                        • /bin/sed
                          sed "s/[\\&/]/\\\\&/g"
                          2⤵
                          • Reads runtime system information
                          PID:1588
                        • /bin/sed
                          sed "s/@@ADD64VMOPTION_INITIAL_JAVA_MEMORY@@/# Add64VMOption -Xms128m/"
                          2⤵
                          • Reads runtime system information
                          PID:1591
                        • /bin/sed
                          sed "s/[\\&/]/\\\\&/g"
                          2⤵
                          • Reads runtime system information
                          PID:1595
                        • /bin/sed
                          sed "s/@@ADDVMOPTION_MAXIMUM_JAVA_MEMORY@@/# AddVMOption -Xmx800m/"
                          2⤵
                          • Reads runtime system information
                          PID:1598
                        • /bin/sed
                          sed "s/[\\&/]/\\\\&/g"
                          2⤵
                          • Reads runtime system information
                          PID:1602
                        • /bin/sed
                          sed "s/@@ADD32VMOPTION_MAXIMUM_JAVA_MEMORY@@/# Add32VMOption -Xmx800m/"
                          2⤵
                          • Reads runtime system information
                          PID:1605
                        • /bin/sed
                          sed "s/[\\&/]/\\\\&/g"
                          2⤵
                          • Reads runtime system information
                          PID:1609
                        • /bin/sed
                          sed "s/@@ADD64VMOPTION_MAXIMUM_JAVA_MEMORY@@/# Add64VMOption -Xmx2g/"
                          2⤵
                          • Reads runtime system information
                          PID:1612
                        • /usr/bin/dirname
                          dirname /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
                          2⤵
                            PID:1614
                          • /usr/bin/basename
                            basename /tmp/sqldeveloper/sqldeveloper/bin/sqldeveloper
                            2⤵
                              PID:1615
                            • /bin/uname
                              uname
                              2⤵
                                PID:1625
                              • /bin/sed
                                sed -e "s|\\n||g"
                                2⤵
                                • Reads runtime system information
                                PID:1630
                              • /bin/sed
                                sed -e "s|/\$||g"
                                2⤵
                                • Reads runtime system information
                                PID:1633
                              • /bin/sed
                                sed -e "s|\\n||g"
                                2⤵
                                • Reads runtime system information
                                PID:1637
                              • /bin/sed
                                sed -e "s|/\$||g"
                                2⤵
                                • Reads runtime system information
                                PID:1640
                              • /bin/sed
                                sed -e "s|/\$||g"
                                2⤵
                                • Reads runtime system information
                                PID:1663
                              • /bin/uname
                                uname
                                2⤵
                                  PID:1664
                                • /usr/bin/dirname
                                  dirname ../../ide/bin/ide.conf
                                  2⤵
                                    PID:1667
                                  • /bin/sed
                                    sed -e "s|\\n||g"
                                    2⤵
                                    • Reads runtime system information
                                    PID:1672
                                  • /bin/sed
                                    sed -e "s|/\$||g"
                                    2⤵
                                    • Reads runtime system information
                                    PID:1675
                                  • /bin/sed
                                    sed -e "s|\\n||g"
                                    2⤵
                                    • Reads runtime system information
                                    PID:1679
                                  • /bin/sed
                                    sed -e "s|/\$||g"
                                    2⤵
                                    • Reads runtime system information
                                    PID:1682
                                  • /bin/sed
                                    sed -e "s|/\$||g"
                                    2⤵
                                    • Reads runtime system information
                                    PID:1705
                                  • /usr/bin/basename
                                    basename ../../ide/bin/ide.conf
                                    2⤵
                                      PID:1707
                                    • /usr/bin/dirname
                                      dirname ../../ide/bin/jdk.conf
                                      2⤵
                                        PID:1710
                                      • /usr/bin/basename
                                        basename ../../ide/bin/jdk.conf
                                        2⤵
                                          PID:1712
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1796
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1800
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1804
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1808
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1812
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1816
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1820
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1823
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1828
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1841
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1844
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1851
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1856
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1860
                                        • /bin/sed
                                          sed -e "s|^[.][.]/|../../ide/bin/../|; s|^[.]/|../../ide/bin/|; s|\\([^-./\$\\w]\\)[.][.]/|\\1../../ide/bin/../|g; s|\\([^-./\$\\w]\\)[.]/|\\1../../ide/bin/|g"
                                          2⤵
                                          • Reads runtime system information
                                          PID:1866
                                        • /usr/bin/dirname
                                          dirname java11.conf
                                          2⤵
                                            PID:1891
                                          • /usr/bin/basename
                                            basename java11.conf
                                            2⤵
                                              PID:1893
                                            • /usr/bin/dirname
                                              dirname sqldeveloper-nondebug.conf
                                              2⤵
                                                PID:1905
                                              • /usr/bin/basename
                                                basename sqldeveloper-nondebug.conf
                                                2⤵
                                                  PID:1907
                                                • /usr/bin/dirname
                                                  dirname /.sqldeveloper/23.1.1/product.conf
                                                  2⤵
                                                    PID:1914
                                                  • /bin/sed
                                                    sed -e "s|\\n||g"
                                                    2⤵
                                                    • Reads runtime system information
                                                    PID:1919
                                                  • /bin/sed
                                                    sed -e "s|/\$||g"
                                                    2⤵
                                                    • Reads runtime system information
                                                    PID:1922
                                                  • /bin/sed
                                                    sed -e "s|\\n||g"
                                                    2⤵
                                                    • Reads runtime system information
                                                    PID:1926
                                                  • /bin/sed
                                                    sed -e "s|/\$||g"
                                                    2⤵
                                                    • Reads runtime system information
                                                    PID:1929
                                                  • /bin/sed
                                                    sed -e "s|/\$||g"
                                                    2⤵
                                                    • Reads runtime system information
                                                    PID:1944
                                                  • /usr/bin/basename
                                                    basename /.sqldeveloper/23.1.1/product.conf
                                                    2⤵
                                                      PID:1945
                                                    • /bin/uname
                                                      uname
                                                      2⤵
                                                        PID:1951
                                                      • /usr/bin/tr
                                                        tr "[:upper:]" "[:lower:]"
                                                        2⤵
                                                          PID:1952
                                                        • /usr/bin/sort
                                                          sort -r
                                                          2⤵
                                                            PID:1956
                                                          • /usr/bin/head
                                                            head -1
                                                            2⤵
                                                              PID:1957
                                                            • /bin/grep
                                                              grep jdk8
                                                              2⤵
                                                                PID:1955
                                                              • /bin/ls
                                                                ls /usr/java
                                                                2⤵
                                                                • Reads runtime system information
                                                                PID:1954
                                                              • /usr/bin/head
                                                                head -1
                                                                2⤵
                                                                  PID:1962
                                                                • /usr/bin/sort
                                                                  sort -r
                                                                  2⤵
                                                                    PID:1961
                                                                  • /bin/grep
                                                                    grep java8
                                                                    2⤵
                                                                      PID:1960
                                                                    • /bin/ls
                                                                      ls /usr
                                                                      2⤵
                                                                      • Reads runtime system information
                                                                      PID:1959
                                                                    • /usr/bin/which
                                                                      which java
                                                                      2⤵
                                                                        PID:1964
                                                                      • /bin/grep
                                                                        grep "[0-9]"
                                                                        2⤵
                                                                          PID:1968
                                                                        • /bin/grep
                                                                          grep "[0-9]"
                                                                          2⤵
                                                                            PID:1970

                                                                        Network

                                                                        MITRE ATT&CK Matrix

                                                                        Replay Monitor

                                                                        Loading Replay Monitor...

                                                                        Downloads

                                                                        • /.sqldeveloper/23.1.1/product.conf
                                                                          Filesize

                                                                          2KB

                                                                          MD5

                                                                          57a08cb624498fffdc03d5b96600b2c8

                                                                          SHA1

                                                                          ed47ee24f67bf683430a572bb89f5a758564bb38

                                                                          SHA256

                                                                          cd4a2c02bcf7cafe376e13b39122cba2c76f4af09897b2005899d59271dcb9bf

                                                                          SHA512

                                                                          153822911bdec91d7817e17db31b0c5f89c29bf502c271396e425ab707f1ed882a05be304bec0860896b1226c5833710b9b2717d98b180181d12ca1347dacc5b

                                                                          Download Submit

                                                                        • /.sqldeveloper/23.1.1/product.conf
                                                                          Filesize

                                                                          2KB

                                                                          MD5

                                                                          700de3633f495706c115c6819c90832e

                                                                          SHA1

                                                                          c4282c51986a65892b185738407fc99dafd7b089

                                                                          SHA256

                                                                          b6dc1e1865d6ceda6b32af26a2bed6ff231483e87e7d6975058f407438ce0762

                                                                          SHA512

                                                                          144c69167679f2a810e19a5034cbe59c578676875b2d17a21a0abadb7b171d9a8c087223cd73e24dab3d12cb8d8abc97df7aa973343e13329d2d138b1b898eb9

                                                                          Download Submit

                                                                        • /tmp/sh-thd.9s1w6k
                                                                          Filesize

                                                                          100B

                                                                          MD5

                                                                          f6cc7fad8e79da4c7b423a6143a0deab

                                                                          SHA1

                                                                          e94fad3a50b223f23ccd591994a3c1d9015446ab

                                                                          SHA256

                                                                          52d8728550c7e4ed4c3cc9b1a5e1fc30e24c1760613b6052d31a8ca27e3072e9

                                                                          SHA512

                                                                          31fd115d72be0d932bd04639e066ecc824e53811faae633da8440f32376b5c19e54759071c1e949e0759bfe4be3d94b73ace368065f6465ab2dca4a319f1a60f

                                                                          Download Submit