Overview

overview

7

Static

static

3

luminati-p...up.exe

windows7-x64

4

luminati-p...up.exe

windows10-2004-x64

6

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

4

Proxy Manager.exe

windows10-2004-x64

6

d3dcompiler_47.dll

windows10-2004-x64

3

ffmpeg.dll

windows10-2004-x64

3

libEGL.dll

windows10-2004-x64

3

libGLESv2.dll

windows10-2004-x64

3

resources/...-CN.js

windows7-x64

3

resources/...-CN.js

windows10-2004-x64

3

resources/...gen.sh

ubuntu-18.04-amd64

3

resources/...gen.sh

debian-9-armhf

3

resources/...gen.sh

debian-9-mips

resources/...gen.sh

debian-9-mipsel

3

resources/...dex.js

ubuntu-18.04-amd64

6

resources/...dex.js

debian-9-armhf

6

resources/...dex.js

debian-9-mips

3

resources/...dex.js

debian-9-mipsel

3

resources/...ade.sh

ubuntu-18.04-amd64

4

resources/...ade.sh

debian-9-armhf

4

resources/...ade.sh

debian-9-mips

1

resources/...ade.sh

debian-9-mipsel

3

resources/...all.sh

ubuntu-18.04-amd64

7

resources/...all.sh

debian-9-armhf

7

resources/...all.sh

debian-9-mips

7

Analysis

  • max time kernel
    22s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240611-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    28/03/2025, 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app/bin/cert_gen.sh

  • Size

    353B

  • MD5

    8188617ed5b3f59657e70f6613408aaa

  • SHA1

    e938afcda147a317b92f04a247a8d3e3ad403f6c

  • SHA256

    23fdce67425735c2f447ebbabaa4e708189ad4a28ef005898807cab6b047a4a5

  • SHA512

    c1d54f563097c4350f7c56f30d67284e46f5de49151c8f7e12dde8622a68f234d9f9f86652ef53c557f85690e47e7813dc4301f5c5e6b0e9652c7d5e63719850

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/resources/app/bin/cert_gen.sh
    /tmp/resources/app/bin/cert_gen.sh
    1⤵
      PID:812
    • /usr/local/sbin/bash
      bash /tmp/resources/app/bin/cert_gen.sh
      1⤵
        PID:812
      • /usr/local/bin/bash
        bash /tmp/resources/app/bin/cert_gen.sh
        1⤵
          PID:812
        • /usr/sbin/bash
          bash /tmp/resources/app/bin/cert_gen.sh
          1⤵
            PID:812
          • /usr/bin/bash
            bash /tmp/resources/app/bin/cert_gen.sh
            1⤵
              PID:812
            • /sbin/bash
              bash /tmp/resources/app/bin/cert_gen.sh
              1⤵
                PID:812
              • /bin/bash
                bash /tmp/resources/app/bin/cert_gen.sh
                1⤵
                • Writes file to tmp directory
                PID:812
                • /usr/bin/openssl
                  openssl req -x509 -sha256 -newkey rsa:4096 -keyout -out -days 365 -nodes -subj "/C=IL/ST=IL/O=Luminati/CN=luminati.io" -config /dev/fd/63
                  2⤵
                  • Writes file to tmp directory
                  PID:814
                • /bin/cat
                  cat /etc/ssl/openssl.cnf /dev/fd/63
                  2⤵
                    PID:816
                  • /bin/cat
                    cat
                    2⤵
                      PID:817

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /tmp/resources/app/bin/-out
                    Filesize

                    3KB

                    MD5

                    6510b969340d9422081d671c18a32169

                    SHA1

                    3b0909303872fcc5e60392cbe60263fb74dc6bfe

                    SHA256

                    0b008d010cb7793861ad2f99ec006ce235bf6c44919b47adde8d74730c49f956

                    SHA512

                    1226d92d22e912903487deca540c567d132b6ad30b2103124b2b5ecf03273bc9286508f682d4012b7355272ca501cdb274647d63233571b8692a01e4e2847219

                    Download Submit

                  • /tmp/resources/app/bin/.rnd
                    Filesize

                    1024B

                    MD5

                    5980d19458688c42a2abfdf1997ac4c7

                    SHA1

                    7191a2947a7735859a462399f89ac750ef378ddd

                    SHA256

                    08751a03463baded7d08806118db2c89be4162a3805dcce2d4031e1b1fc4d05c

                    SHA512

                    0822dfbe9e301439830a560f5d8104121801527fbabea7fbe1f8f7f2c00f89b1c45dcb108dfbb33cbd54b2aa81aea129ceebd48ef28bdcdbdff4500c6cdb4bdb

                    Download Submit

                  • /tmp/sh-thd.kRi6bv
                    Filesize

                    125B

                    MD5

                    f33ed12fda5535bd14df7c94e0e43221

                    SHA1

                    53fa48586aa429d0654af85b842f72bbcc9f1783

                    SHA256

                    73ff10ffe69db56f07fd85f4d9a8c444040ea50a133c291dbcf3f6ca3b1645cd

                    SHA512

                    8ecc2b983521d4ea73c48f1aeb86833cd43c70ecc300b0daf584e3b9845eb36351abb8a34000004fbafe0347c951daadb5b073fd671e425343281307abc58115

                    Download Submit