Technical Information
Malicious functions:
Launches itself as a daemon
Launches processes:
- stty -a
- tar -x -f - --warning=no-timestamp
- apt-extracttemplates /var/cache/apt/archives/msr-tools_1.3-3+b1_amd64.deb
- /usr/bin/dpkg --assert-multi-arch
- /usr/bin/python3.9 /usr/bin/python3 /usr/bin/apt-listchanges --apt
- /usr/bin/dpkg --status-fd 20 --no-triggers --unpack --auto-deconfigure --force-remove-protected /var/cache/apt/archives/msr-tools_1.3-3+b1_amd64.deb
- locale charmap
- perl -e {40707764203d2067657470776e616d28226d616e22293b202429203d202428203d20247077645b335d3b20243e203d20243c203d20247077645b325d3b0a0920202020206578656320222f7573722f62696e2f6d616e6462222c204041524756} -- -pq
- rm -rf -- /var/lib/dpkg/tmp.ci
- stty -a 2>/dev/null
- /usr/bin/dpkg --print-foreign-architectures
- apt --reinstall install msr-tools
- /usr/lib/apt/methods/http
- whiptail --version
- /usr/bin/dpkg --assert-protected-field
- /usr/bin/perl -w /usr/sbin/dpkg-preconfigure --apt
- /usr/bin/dpkg --status-fd 20 --configure --pending
- dpkg-deb --fsys-tarfile /var/cache/apt/archives/msr-tools_1.3-3+b1_amd64.deb
- dpkg-deb --control /var/cache/apt/archives/msr-tools_1.3-3+b1_amd64.deb /var/lib/dpkg/tmp.ci
- /bin/sh -c /usr/sbin/dpkg-preconfigure --apt || true
- /bin/sh -c /usr/bin/apt-listchanges --apt || test $? -lt 10
- whiptail --version >/dev/null 2>&1
- /bin/sh /var/lib/dpkg/info/man-db.postinst triggered /usr/share/man
- /usr/bin/mandb -pq
- dpkg-split -Qao /var/lib/dpkg/reassemble.deb /var/cache/apt/archives/msr-tools_1.3-3+b1_amd64.deb
Kills the following processes:
- http
Performs operations with the file system:
Modifies file access rights:
- /var/cache/apt/archives/partial
- /var/lib/apt/lists/auxfiles
- /var/cache/apt/archives/partial/msr-tools_1.3-3+b1_amd64.deb
- /var/lib/apt/extended_states.0NNdmp
- /var/lib/apt/extended_states
- /var/log/apt/term.log
- /var/log/apt/history.log
- /var/lib/dpkg/tmp.ci/control
- /var/lib/dpkg/tmp.ci/md5sums
- /usr/sbin/rdmsr.dpkg-new
- /usr/sbin/wrmsr.dpkg-new
- /usr/share/doc/msr-tools.dpkg-new
- /usr/share/doc/msr-tools/changelog.Debian.amd64.gz.dpkg-new
- /usr/share/doc/msr-tools/changelog.Debian.gz.dpkg-new
- /usr/share/doc/msr-tools/copyright.dpkg-new
- /usr/share/man/man1/rdmsr.1.gz.dpkg-new
- /usr/share/man/man1/wrmsr.1.gz.dpkg-new
- /var/lib/dpkg/info/msr-tools.list-new
- /var/lib/dpkg/status-new
- /var/cache/man/CACHEDIR.TAG
- /var/cache/man/752
Modifies file owner:
- /var/cache/apt/archives/partial
- /var/lib/apt/lists/auxfiles
- /var/cache/apt/archives/partial/msr-tools_1.3-3+b1_amd64.deb
- /var/log/apt/term.log
- /var/lib/dpkg/tmp.ci/control
- /var/lib/dpkg/tmp.ci/md5sums
- /var/lib/dpkg/tmp.ci
- /usr/sbin/rdmsr.dpkg-new
- /usr/sbin/wrmsr.dpkg-new
- /usr/share/doc/msr-tools.dpkg-new
- /usr/share/doc/msr-tools/changelog.Debian.amd64.gz.dpkg-new
- /usr/share/doc/msr-tools/changelog.Debian.gz.dpkg-new
- /usr/share/doc/msr-tools/copyright.dpkg-new
- /usr/share/man/man1/rdmsr.1.gz.dpkg-new
- /usr/share/man/man1/wrmsr.1.gz.dpkg-new
Creates folders:
- /var/lib/dpkg/tmp.ci
- /usr/share/doc/msr-tools.dpkg-new
Deletes folders:
- /var/lib/dpkg/tmp.ci/md5sums
- /var/lib/dpkg/tmp.ci/control
- /var/lib/dpkg/tmp.ci
Creates symlinks:
- /var/lib/dpkg/status-old
Creates or modifies files:
- /tmp/#130836 (deleted)
- /var/lib/dpkg/lock-frontend
- /var/lib/dpkg/lock
- /var/cache/apt/archives/lock
- /var/cache/apt/archives/partial/.apt-acquire-privs-test.4xhAZs
- /var/cache/apt/archives/partial/msr-tools_1.3-3+b1_amd64.deb
- /var/log/apt/eipp.log.xz
- /tmp/#130829 (deleted)
- /var/lib/apt/extended_states.0NNdmp
- /var/log/apt/term.log
- /var/log/apt/history.log
- /var/lib/dpkg/updates/tmp.i
- /var/lib/dpkg/triggers/Lock
- /var/log/dpkg.log
- /var/lib/dpkg/tmp.ci/control
- /var/lib/dpkg/tmp.ci/md5sums
- /dev/pts/1
- /usr/sbin/rdmsr.dpkg-new
- /usr/sbin/wrmsr.dpkg-new
- /usr/share/doc/msr-tools.dpkg-new
- /usr/share/doc/msr-tools/changelog.Debian.amd64.gz.dpkg-new
- /usr/share/doc/msr-tools/changelog.Debian.gz.dpkg-new
- /usr/share/doc/msr-tools/copyright.dpkg-new
- /usr/share/man/man1/rdmsr.1.gz.dpkg-new
- /usr/share/man/man1/wrmsr.1.gz.dpkg-new
- /var/lib/dpkg/info/msr-tools.list-new
- /var/lib/dpkg/status-new
- /var/cache/man/752
Deletes files:
- /var/cache/apt/archives/partial/.apt-acquire-privs-test.4xhAZs
- /var/log/apt/eipp.log.xz
- /var/lib/dpkg/tmp.ci/control
- /var/lib/dpkg/status-old
- /var/lib/dpkg/updates/0000
- /var/lib/dpkg/updates/0001
- /var/lib/dpkg/updates/0002
- /var/lib/dpkg/updates/0003
- /var/lib/dpkg/updates/tmp.i
Locks files:
- /var/cache/debconf/config.dat
- /var/cache/debconf/passwords.dat
- /var/cache/debconf/templates.dat
- /var/cache/man/752
Changes time of creation/access/modification of files:
- /var/cache/apt/archives/partial/msr-tools_1.3-3+b1_amd64.deb
- /var/lib/dpkg/tmp.ci/control
- /var/lib/dpkg/tmp.ci/md5sums
- /var/lib/dpkg/tmp.ci
- /usr/sbin/rdmsr.dpkg-new
- /usr/sbin/wrmsr.dpkg-new
- /usr/share/doc/msr-tools.dpkg-new
- /usr/share/doc/msr-tools/changelog.Debian.amd64.gz.dpkg-new
- /usr/share/doc/msr-tools/changelog.Debian.gz.dpkg-new
- /usr/share/doc/msr-tools/copyright.dpkg-new
- /usr/share/man/man1/rdmsr.1.gz.dpkg-new
- /usr/share/man/man1/wrmsr.1.gz.dpkg-new
- /var/cache/man/752
Network activity:
Establishes connection:
- 18#.##6.8.104:1011
- 8.#.8.8:53
- [2#####e42:3a::644]:80
- (e##val)
- 15#.##1.246.132:80
DNS ASK:
- _h###.##cp.deb.debian.org
- de####.#ap.fastlydns.net
Sends data to the following servers:
- 15#.##1.246.132:80
Receives data from the following servers:
- 15#.##1.246.132:80
Other:
Collects CPU information
Collects information about network activity
