Analysis
-
max time kernel
2s -
max time network
139s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20241127-en -
resource tags
-
submitted
05-01-2025 14:04
General
-
Target
.ICE-Temp/setup
-
Size
904KB
-
MD5
68c89e757f76f5fe2a5442ac922ae77a
-
SHA1
0463e67ed457a133a833a26a4d0b960a97859f33
-
SHA256
4b6cdd50c6af5ebb0637ab58da91c3068d70b75e7eadf5b957af6eadbc9f59ad
-
SHA512
62159d9db14d4dfebf785d3b5f233132c5449d9e23f80a3a088c19a8e3240c06b4a974916c1cc27eb1b431d83d588f61a0fce5cad25393f7445181573a1a7325
-
SSDEEP
12288:xmLY4d8oo0Srv9ZzFI6zuPfJS4Jgrydh+muRRj7ry9hv7E:xmLfds0uv9hFIwuPfJS45nuRRzy9h
Malware Config
Signatures
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/.ICE-Temp/setup/tmp/.ICE-Temp/setup1⤵
-
/bin/bash/tmp/.ICE-Temp/setup -c "exec '/tmp/.ICE-Temp/setup' \"\$@\"" /tmp/.ICE-Temp/setup1⤵
-
/tmp/.ICE-Temp/setup/tmp/.ICE-Temp/setup1⤵
-
/bin/bash/tmp/.ICE-Temp/setup -c " #!/bin/bash if [[ ! -d \".settings\" ]]; then mkdir .settings clear read -p \"[Config] - Set your worker or type 'r' to randomize: \" wrk if [[ \"\$wrk\" = \"r\" ]]; then worker=#\$(nproc)CPU_worker_\$((1 + RANDOM % 9999999)) touch .settings/.worker echo \${worker} > .settings/.worker sed -i -e 's/workerrr/'\"\${worker}\"'/g' config.json clear echo \"[Config] - Worker seted to '\${worker}'\" sleep 2 cd .. exit 1; else touch .settings/.worker echo \$wrk > .settings/.worker sed -i -e 's/workerrr/'\"\${wrk}\"'/g' config.json clear echo \"[Config] - Worker seted to '\${wrk}'\" sleep 2 cd .. exit 1; fi else if [[ ! -f \".settings/.worker\" ]]; then clear read -p \"[Config] - Set your worker or type 'r' to randomize: \" wrk if [[ \"\$wrk\" = \"r\" ]]; then worker=#\$(nproc)CPU_worker_\$((1 + RANDOM % 9999999)) touch .settings/.worker echo \${worker} > .settings/.worker sed -i -e 's/workerrr/'\"\${worker}\"'/g' config.json clear echo \"[Config] - Worker seted to '\${worker}'\" sleep 2 cd .. exit 1; else touch .settings/.worker echo \$wrk > .settings/.worker sed -i -e 's/workerrr/'\"\${wrk}\"'/g' config.json clear echo \"[Config] - Worker seted to '\${wrk}'\" sleep 2 cd .. exit 1; fi else clear read -p \"[Config] - Worker is aleardy set, do you want to edit? (y/n) \" res if [[ \"\$res\" = \"y\" ]]; then clear read -p \"[Config] - Set your worker or type 'r' to randomize: \" wrk if [[ \"\$wrk\" = \"r\" ]]; then oldworker=`cat .settings/.worker` worker=#\$(nproc)CPU_worker_\$((1 + RANDOM % 9999999)) rm -rf .settings/.worker touch .settings/.worker echo \${worker} > .settings/.worker sed -i -e 's/'\"\${oldworker}\"'/'\"\${worker}\"'/g' config.json clear echo \"[Config] - Worker seted to '\${worker}'\" sleep 2 cd .. exit 1; else oldworker=`cat .settings/.worker` rm -rf .settings/.worker echo \$wrk > .settings/.worker touch .settings/.worker sed -i -e 's/'\"\${oldworker}\"'/'\"\${wrk}\"'/g' config.json clear echo \"[Config] - Worker seted to '\${wrk}'\" sleep 2 cd .. exit 1; fi else clear echo \"[Config]: Exiting.. Config wasn't modified!\" sleep 2 cd .. exit 1; fi fi fi " /tmp/.ICE-Temp/setup1⤵
- Writes file to tmp directory
-
/usr/bin/clearclear2⤵
-
-
/usr/bin/touchtouch .settings/.worker2⤵
- Writes file to tmp directory
-
-
/usr/bin/sedsed -i -e s/workerrr//g config.json2⤵
- Reads runtime system information
-
-
/usr/bin/clearclear2⤵
-
-
/usr/bin/sleepsleep 22⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1B
MD568b329da9893e34099c7d8ad5cb9c940
SHA1adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA25601ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09