963b06d98c115aa44fff216ee477e49d66072df33838be1bb1f141dedf6c4d02

Analysis

max time kernel
20s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
28/03/2025, 12:35

Target

resources/app/bin/cert_gen.sh
Size

353B
MD5

8188617ed5b3f59657e70f6613408aaa
SHA1

e938afcda147a317b92f04a247a8d3e3ad403f6c
SHA256

23fdce67425735c2f447ebbabaa4e708189ad4a28ef005898807cab6b047a4a5
SHA512

c1d54f563097c4350f7c56f30d67284e46f5de49151c8f7e12dde8622a68f234d9f9f86652ef53c557f85690e47e7813dc4301f5c5e6b0e9652c7d5e63719850

Score

3^/10

Writes file to tmp directory 3 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/resources/app/bin/.rnd	openssl
File opened for modification	/tmp/resources/app/bin/-out	openssl
File opened for modification	/tmp/sh-thd.lDU606	bash

/tmp/resources/app/bin/cert_gen.sh
/tmp/resources/app/bin/cert_gen.sh
1⤵
PID:778

/bin/bash
bash /tmp/resources/app/bin/cert_gen.sh
1⤵
- Writes file to tmp directory
PID:778
- /usr/bin/openssl
  openssl req -x509 -sha256 -newkey rsa:4096 -keyout -out -days 365 -nodes -subj "/C=IL/ST=IL/O=Luminati/CN=luminati.io" -config /dev/fd/63
  2⤵
  - Writes file to tmp directory
  PID:780
- /bin/cat
  cat /etc/ssl/openssl.cnf /dev/fd/63
  2⤵
  PID:782
- /bin/cat
  cat
  2⤵
  PID:783

/tmp/resources/app/bin/-out

Filesize
3KB

MD5
4e248c4d425e5931ed1000ebcb66f1db

SHA1
f5aaab59afde74854e889492b97c20dcce29eb19

SHA256
db9d24970a93cc7299f388431d5cd733501a009b81eac4bdd796ce53a4ea56f4

SHA512
550e377984bc869bd1e8659f3cb8b52914f737d9fe7dbb478280c03dbc138facde61c81acd956b35f06faea592edc32b13a02d67874babff2d7588655c66844d

Download Submit
/tmp/resources/app/bin/.rnd

Filesize
1024B

MD5
52858fca98f7008440cad6f5793c341e

SHA1
e225b6817d9d1bfef882afc0c3f31fe3edfdce18

SHA256
bce8edc653028a1a0c7cc1807b2183ee937bd82e71045311cd9377650d6e250b

SHA512
6bcb46044fab13bd66fab1be288d9ca75c400cdc4d9b420329766a261013564901c0e7ce07c29dfbcce4573b5d08c23a98c6b995e7b7d31f2a6fec5c60cefb9c

Download Submit
/tmp/sh-thd.lDU606

Filesize
125B

MD5
f33ed12fda5535bd14df7c94e0e43221

SHA1
53fa48586aa429d0654af85b842f72bbcc9f1783

SHA256
73ff10ffe69db56f07fd85f4d9a8c444040ea50a133c291dbcf3f6ca3b1645cd

SHA512
8ecc2b983521d4ea73c48f1aeb86833cd43c70ecc300b0daf584e3b9845eb36351abb8a34000004fbafe0347c951daadb5b073fd671e425343281307abc58115

Download Submit