Overview

overview

6

Static

static

3

B_W_luminati-cn.exe

windows7-x64

5

B_W_luminati-cn.exe

windows10-2004-x64

6

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

4

Proxy Manager.exe

windows7-x64

5

Proxy Manager.exe

windows10-2004-x64

5

d3dcompiler_47.dll

windows10-2004-x64

3

ffmpeg.dll

windows7-x64

3

ffmpeg.dll

windows10-2004-x64

3

libEGL.dll

windows7-x64

3

libEGL.dll

windows10-2004-x64

3

libGLESv2.dll

windows7-x64

3

libGLESv2.dll

windows10-2004-x64

3

resources/...-CN.js

windows7-x64

3

resources/...-CN.js

windows10-2004-x64

3

resources/...gen.sh

ubuntu-18.04-amd64

3

resources/...gen.sh

debian-9-armhf

3

resources/...gen.sh

debian-9-mips

3

resources/...gen.sh

debian-9-mipsel

3

resources/...dex.js

ubuntu-18.04-amd64

6

resources/...dex.js

debian-9-armhf

6

resources/...dex.js

debian-9-mips

3

resources/...dex.js

debian-9-mipsel

3

resources/...ade.sh

ubuntu-18.04-amd64

4

resources/...ade.sh

debian-9-armhf

4

resources/...ade.sh

debian-9-mips

3

Analysis

  • max time kernel
    8s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    28/03/2025, 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app/bin/cert_gen.sh

  • Size

    353B

  • MD5

    8188617ed5b3f59657e70f6613408aaa

  • SHA1

    e938afcda147a317b92f04a247a8d3e3ad403f6c

  • SHA256

    23fdce67425735c2f447ebbabaa4e708189ad4a28ef005898807cab6b047a4a5

  • SHA512

    c1d54f563097c4350f7c56f30d67284e46f5de49151c8f7e12dde8622a68f234d9f9f86652ef53c557f85690e47e7813dc4301f5c5e6b0e9652c7d5e63719850

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/resources/app/bin/cert_gen.sh
    /tmp/resources/app/bin/cert_gen.sh
    1⤵
      PID:771
    • /usr/local/sbin/bash
      bash /tmp/resources/app/bin/cert_gen.sh
      1⤵
        PID:771
      • /usr/local/bin/bash
        bash /tmp/resources/app/bin/cert_gen.sh
        1⤵
          PID:771
        • /usr/sbin/bash
          bash /tmp/resources/app/bin/cert_gen.sh
          1⤵
            PID:771
          • /usr/bin/bash
            bash /tmp/resources/app/bin/cert_gen.sh
            1⤵
              PID:771
            • /sbin/bash
              bash /tmp/resources/app/bin/cert_gen.sh
              1⤵
                PID:771
              • /bin/bash
                bash /tmp/resources/app/bin/cert_gen.sh
                1⤵
                • Writes file to tmp directory
                PID:771
                • /usr/bin/openssl
                  openssl req -x509 -sha256 -newkey rsa:4096 -keyout -out -days 365 -nodes -subj "/C=IL/ST=IL/O=Luminati/CN=luminati.io" -config /dev/fd/63
                  2⤵
                  • Writes file to tmp directory
                  PID:773
                • /bin/cat
                  cat /etc/ssl/openssl.cnf /dev/fd/63
                  2⤵
                    PID:775
                  • /bin/cat
                    cat
                    2⤵
                      PID:776

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /tmp/resources/app/bin/-out
                    Filesize

                    3KB

                    MD5

                    da54b7b8d0f404b27d75f88f3fecda3f

                    SHA1

                    4f6dd5ee6e2efb78fa45c501b7fd3831db27f77e

                    SHA256

                    20c75b46eb6380ff6c5d82276250ab970ea1313e68cfbb4dd1cd70aae002816b

                    SHA512

                    739769c219914429d10074bfd2e09c4dedb372fcafb9fa54b52c16fea3f21a542486db9a4b3de5a84b444edd7a2b8074f0f6ccfac187be687282497d4b18c854

                    Download Submit

                  • /tmp/resources/app/bin/.rnd
                    Filesize

                    1024B

                    MD5

                    3d9bd188ebfec09a6a0a4f65dd4acd24

                    SHA1

                    5bbb41659cbe47cdc7a71e43a36b41a44349200e

                    SHA256

                    93d177e3765cd34ddb6c737f5f68830ea46064dd4f8cba0146a8fbbf2d3bfe05

                    SHA512

                    705015d0d5af068cdb4406b63a8442970003085dd74e99e2df4f39e953534f2c432201fd3b93d704dc2cf9810b243595c4252e95cad9c34e5aa6a258311e73aa

                    Download Submit

                  • /tmp/sh-thd.zAZoSN
                    Filesize

                    125B

                    MD5

                    f33ed12fda5535bd14df7c94e0e43221

                    SHA1

                    53fa48586aa429d0654af85b842f72bbcc9f1783

                    SHA256

                    73ff10ffe69db56f07fd85f4d9a8c444040ea50a133c291dbcf3f6ca3b1645cd

                    SHA512

                    8ecc2b983521d4ea73c48f1aeb86833cd43c70ecc300b0daf584e3b9845eb36351abb8a34000004fbafe0347c951daadb5b073fd671e425343281307abc58115

                    Download Submit